Compliance7 min read

Is AI HIPAA Compliant? (ChatGPT, Claude, Gemini and PHI)

Is AI HIPAA compliant? By default no — consumer ChatGPT, Claude and Gemini lack a BAA. Strip the 18 Safe Harbor identifiers before the prompt to stay safe.

By Pierre de ONYRI

Is AI HIPAA compliant? By default, no. The everyday ChatGPT, Claude and Gemini apps are not HIPAA compliant. Pasting patient details into them can be a breach. Here is why. HIPAA (the US Health Insurance Portability and Accountability Act) protects health data. It requires a signed contract, the BAA (Business Associate Agreement), with any vendor that handles that data. Consumer AI apps do not sign one. But there is a clean, legal path. HIPAA's Safe Harbor method lets you remove 18 identifiers. The data then stops being PHI (Protected Health Information). Strip those identifiers before the prompt, and the AI never sees PHI. This article is general guidance, not legal advice.

What HIPAA actually protects

HIPAA is a US federal law. It protects health data called PHI. PHI is health information that can identify a person. The law binds two kinds of players. First, 'covered entities' — providers, health plans, and clearinghouses. Second, their 'business associates.' A business associate is an outside vendor that handles PHI for a covered entity.

HHS is the US Department of Health and Human Services. It enforces these rules. Its Office for Civil Rights can issue penalties. So the AI question touches anyone who handles PHI at work. Doctors, nurses, and clinic staff. Billing teams and health insurers. And any vendor acting on their behalf. If you handle patient data, HIPAA follows that data wherever it goes.

Why consumer AI is not compliant

Here is the core rule. A covered entity must have a signed BAA with any vendor that handles PHI. The BAA is a written contract. It limits how the vendor may use the data. It bans any use beyond the contract or the law. And it forces the vendor to protect the data. Without it, both sides can be penalized by the HHS Office for Civil Rights.

Now apply that to AI. The standard consumer ChatGPT, Claude and Gemini apps do not sign a BAA. No such contract covers that everyday use. So typing an identifiable patient detail into them can be an unauthorized disclosure of PHI. This holds as of 2026. Vendor terms change, so always confirm the current ones.

There is a nuance. Some enterprise or API tiers may support a signed BAA. That path is separate and contractual, often sales-managed. It is not the default consumer product. For a ChatGPT-specific deep dive, see our dedicated guide, 'Is ChatGPT HIPAA Compliant?'. The safe, durable claim stays simple: the default consumer apps are not compliant and are not covered by a BAA.

The legal way out: the Safe Harbor method

HIPAA offers a clean exit: de-identification. HHS guidance describes two methods. One is Expert Determination, where a qualified expert confirms the re-identification risk is very small. The other is Safe Harbor. Safe Harbor is the checklist method, and it fits prompt hygiene well.

Safe Harbor works like this. You remove a fixed list of 18 identifier types. You must also have no actual knowledge that the rest could still identify the person. Meet both conditions, and the data is de-identified. It is no longer PHI. It falls outside HIPAA — and the BAA requirement no longer applies to that data.

Here are the 18 identifier categories Safe Harbor asks you to strip:

  • Names.
  • Geographic detail smaller than a state — street, city, county, and most ZIP codes (the first 3 ZIP digits stay only if the area holds more than 20,000 people).
  • All date elements tied to a person except the year — birth, admission, discharge, death; ages over 89 are grouped as '90 or older'.
  • Telephone numbers.
  • Fax numbers.
  • Email addresses.
  • Social Security numbers (SSNs).
  • Medical record numbers (MRNs).
  • Health-plan beneficiary numbers.
  • Account numbers.
  • Certificate and license numbers.
  • Vehicle identifiers and license plates.
  • Device identifiers and serial numbers.
  • Web URLs.
  • IP addresses.
  • Biometric identifiers, such as fingerprints and voiceprints.
  • Full-face photographs and comparable images.
  • Any other unique identifying number, characteristic, or code.
SetupSigned BAA?OK for PHI?
Consumer ChatGPT / Claude / Gemini appNo (by default)No — treat as a breach risk
Some enterprise or API tiersPossibly, by contractOnly if a BAA is signed and honored
De-identified text (18 identifiers removed)Not requiredYes — no longer PHI, outside HIPAA
The risk isn't talking health with an AI — it's the PHI you leave behind. Vendors and tiers change; confirm the current terms.

The fix: de-identify before the prompt

The takeaway is practical. De-identify the text before it reaches a consumer AI. If the model only ever sees de-identified data, it never handles PHI. That single use largely sidesteps the BAA problem. This is a discipline, not a full compliance program. It does not make any AI tool 'HIPAA compliant' on its own.

Two-part diagram: at top, a patient record card whose name, diagnosis and record-number rows (one with a small health cross) are amber (exposed) flows to an AI card marked with a broken contract link, the 'no BAA' motif and HIPAA risk; at bottom, the same record with the 18 identifiers stripped shows only cobalt token chips and a checkmark (Safe Harbor, out of scope) reaching the AI safely.
After Holland & Hart (the BAA requirement), Accountable HQ (the 18 Safe Harbor identifiers) and The HIPAA Journal; underlying rules from HHS and its Office for Civil Rights.

Done well, you keep the AI's help and drop the PHI risk. The model reasons about the shape of a case. It never sees the real name, MRN, or dates.

  1. 1Find the 18 Safe Harbor identifiers in your text.
  2. 2Replace each one with a reversible token, in your browser.
  3. 3Send only the de-identified text to the AI.
  4. 4Restore the real values in the reply, locally.

That's what ONYRI Sanitize is for. The engine detects sensitive data — names, diagnoses, MRNs, dates, contact details — and replaces it with reversible tokens before sending. Detection and the mapping stay in your browser. Only anonymized text reaches the model. This is exactly the de-identification lever Safe Harbor describes, applied before the prompt. ONYRI helps you enforce that discipline. It does not make any AI tool 'HIPAA compliant' for you. And it does not replace a covered entity's full HIPAA program.

Frequently asked questions

Is AI HIPAA compliant?
By default, no. The consumer ChatGPT, Claude and Gemini apps are not HIPAA compliant. No BAA (Business Associate Agreement) covers that use, so entering identifiable patient data can be an unauthorized disclosure of PHI. Some enterprise or API tiers may sign a BAA, but that is a separate, contractual path. The fix is to de-identify the text before the prompt. This is general guidance, not legal advice.
Can I paste patient data into ChatGPT?
Not in the consumer version. Without a signed BAA, it would be PHI handled by an unauthorized vendor, which HIPAA forbids. Strip the 18 Safe Harbor identifiers first — names, dates, MRNs, ZIP codes, and so on. Once the data is de-identified, it falls outside HIPAA. For the ChatGPT-specific detail, see our dedicated guide, 'Is ChatGPT HIPAA Compliant?'.
What is the Safe Harbor method and the 18 identifiers?
Safe Harbor is one of two de-identification methods HHS describes. You remove 18 categories of identifiers (names, fine geographic detail, dates, phone, email, SSN, MRN, IP, biometrics, full-face photos, and more). You must also have no actual knowledge that the rest could re-identify the person. It is all-or-nothing: one missed identifier keeps the data as PHI.

Sources & references

Keep your sensitive data in your browser

ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.

Anonymize my prompt

Read next