Is ChatGPT HIPAA Compliant? What US Healthcare Teams Must Know
No: consumer ChatGPT is not HIPAA compliant, because OpenAI won't sign a BAA for those tiers. When a BAA is possible, and how to de-identify PHI before any use.
No: consumer ChatGPT (self-serve Free, Plus, Go, Pro, Business) is not HIPAA compliant, because OpenAI does not provide the required contractual safeguards and won't sign a Business Associate Agreement (BAA) for those tiers. Entering identifiable health information (PHI) there is therefore a potential HIPAA violation. A BAA does exist, but only for certain OpenAI-managed services (Zero Data Retention API, Enterprise/Edu, ChatGPT for Healthcare). For everything else, the fix is one word: de-identify PHI before any use of the tool.
Why consumer ChatGPT is not HIPAA compliant
HIPAA requires any covered entity (practice, hospital, health insurer) that entrusts PHI to a vendor to sign a BAA with it: the vendor then becomes a business associate, contractually bound to protect that data. But OpenAI does not sign a BAA for the consumer tiers of ChatGPT — self-serve Free, Plus, Go, Pro and Business. Without a BAA, no contract ties the healthcare organization to OpenAI: pasting PHI moves the data out of the healthcare system without the protection the law demands.
The aggravating factor is default processing. In these tiers, content you type can be retained, logged and used to train or improve the models, unless you opt out or use a paid tier with different terms. Introducing PHI into a public LLM can therefore lead to an unauthorized disclosure — a direct HIPAA violation.
When a BAA with OpenAI is possible (and its limits)
A BAA with OpenAI is possible, but limited to specific offerings: sales-managed ChatGPT Enterprise and ChatGPT Edu accounts, the dedicated ChatGPT for Healthcare offering (see OpenAI's product page “Introducing OpenAI for Healthcare”), and the OpenAI API on endpoints eligible for Zero Data Retention. Each request is evaluated case by case; an organization can initiate one by contacting OpenAI (the process is detailed in OpenAI's Help Center, at baa@openai.com).
But a BAA, on its own, does not make a workflow compliant. It only covers what happens inside OpenAI's infrastructure, on eligible services. Some features are explicitly out of scope — for example web search and integrated third-party apps. And the organization remains responsible for the rest: configuration, access control, staff training, and how PHI enters the pipeline and how the response is used.
- BAA-eligible: OpenAI API on ZDR endpoints, ChatGPT Enterprise and Edu (sales-managed), ChatGPT for Healthcare.
- Not eligible: self-serve Free, Plus, Go, Pro and Business.
- Out of scope even with a BAA: web search, integrated third-party apps.
- Still on you: configuration, access, training, PHI input and use of the output.
De-identify PHI: Safe Harbor and the 18 identifiers
Good news: de-identified PHI is no longer PHI and falls outside HIPAA obligations, including the BAA requirement. A ChatGPT-based service can therefore be used with data de-identified under a method authorized by the Privacy Rule. HHS (Office for Civil Rights) guidance provides two official methods: Safe Harbor (removing identifiers) and Expert Determination (a statistical analysis showing a very small re-identification risk, documented and available on OCR request).
The Safe Harbor method requires removing 18 categories of identifiers relating to the individual and their relatives, employers or household members:
- 1Names, and detailed geographic elements (address, smaller than state).
- 2Dates tied to the individual (birth, admission, discharge, death…).
- 3Numbers: Social Security (SSN), medical record, phone, fax, email.
- 4Certificate or license numbers, and any other unique identifier.
After removal, the entity must have no actual knowledge that the residual information could, alone or combined, identify the person. This is demanding, because HIPAA defines PHI very broadly: any individually identifiable health information, in any form (ePHI, written records, lab results, invoices, and even verbal conversations containing identifiers). That's why seemingly innocuous clinical transcripts often contain HIPAA identifiers.
| You assume | The reality |
|---|---|
| “ChatGPT Plus is a pro tool, so it's fine for PHI” | No self-serve tier has a BAA — putting PHI there violates HIPAA |
| “I turned off training, so it's compliant” | The data already left the healthcare system: technical violation |
| “The BAA makes everything compliant” | A BAA only covers eligible OpenAI infra; web/third-party apps excluded |
| “A visit summary isn't PHI” | Names, dates and numbers are often in it: that's PHI |
The recommended practice for US healthcare teams
In practice, two safe paths coexist — and they aren't mutually exclusive. Many physicians already use ChatGPT to consolidate notes, summarize visits or draft letters to insurers, uses where patient identifiers often appear without anyone realizing it. The rule:
- De-identify PHI under Safe Harbor (the 18 identifiers) before any use of a consumer tool.
- Or reserve all real PHI processing for a service covered by a signed BAA (ZDR API, Enterprise/Edu, ChatGPT for Healthcare), properly configured.
- Never rely on a mere training opt-out as a guarantee of compliance.
That's exactly what ONYRI Sanitize is for: the engine replaces names, dates, numbers and other identifiers with reversible tokens before sending; detection and the mapping stay in your browser, and only de-identified text reaches ChatGPT. Patient data in the clear never leaves your machine — the tool only sees tokens, not your real information.
Frequently asked questions
- Is ChatGPT HIPAA compliant?
- No, not in its consumer tiers (self-serve Free, Plus, Go, Pro, Business): OpenAI won't sign a BAA for them, so entering PHI is a potential HIPAA violation. A BAA is possible only for the Zero Data Retention API, sales-managed ChatGPT Enterprise/Edu, and ChatGPT for Healthcare.
- How do I get a BAA with OpenAI?
- A BAA is offered only for eligible services (ZDR API, Enterprise/Edu, ChatGPT for Healthcare), and each request is evaluated case by case. An organization can initiate one by contacting OpenAI at baa@openai.com. Note: a BAA only covers eligible OpenAI infrastructure, not web search or third-party apps.
- Can I use ChatGPT with patient data?
- Yes, provided you de-identify the PHI first under the Safe Harbor method (removing the 18 HIPAA identifiers): once de-identified, the information is no longer PHI and escapes the BAA requirement. Otherwise, reserve real PHI for a service covered by a signed, properly configured BAA.
Sources & references
- Is ChatGPT HIPAA Compliant? — ChatGPT tiers, no BAA for consumer versions, and possible use with de-identified PHI — The HIPAA Journal
- Why doctors using ChatGPT are unknowingly violating HIPAA — academic perspective on sending PHI to non-compliant third-party servers — USC Price School of Public Policy
- Is ChatGPT HIPAA Compliant? What You Need to Know About PHI and BAAs — BAA-eligible tiers, baa@openai.com process and coverage limits — Accountable HQ
Keep your sensitive data in your browser
ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.
Anonymize my prompt