Compliance7 min read

Is ChatGPT HIPAA Compliant? What US Healthcare Teams Must Know

No: consumer ChatGPT is not HIPAA compliant, because OpenAI won't sign a BAA for those tiers. When a BAA is possible, and how to de-identify PHI before any use.

By Pierre de ONYRI

No: consumer ChatGPT (self-serve Free, Plus, Go, Pro, Business) is not HIPAA compliant, because OpenAI does not provide the required contractual safeguards and won't sign a Business Associate Agreement (BAA) for those tiers. Entering identifiable health information (PHI) there is therefore a potential HIPAA violation. A BAA does exist, but only for certain OpenAI-managed services (Zero Data Retention API, Enterprise/Edu, ChatGPT for Healthcare). For everything else, the fix is one word: de-identify PHI before any use of the tool.

Why consumer ChatGPT is not HIPAA compliant

HIPAA requires any covered entity (practice, hospital, health insurer) that entrusts PHI to a vendor to sign a BAA with it: the vendor then becomes a business associate, contractually bound to protect that data. But OpenAI does not sign a BAA for the consumer tiers of ChatGPT — self-serve Free, Plus, Go, Pro and Business. Without a BAA, no contract ties the healthcare organization to OpenAI: pasting PHI moves the data out of the healthcare system without the protection the law demands.

The aggravating factor is default processing. In these tiers, content you type can be retained, logged and used to train or improve the models, unless you opt out or use a paid tier with different terms. Introducing PHI into a public LLM can therefore lead to an unauthorized disclosure — a direct HIPAA violation.

When a BAA with OpenAI is possible (and its limits)

A BAA with OpenAI is possible, but limited to specific offerings: sales-managed ChatGPT Enterprise and ChatGPT Edu accounts, the dedicated ChatGPT for Healthcare offering (see OpenAI's product page “Introducing OpenAI for Healthcare”), and the OpenAI API on endpoints eligible for Zero Data Retention. Each request is evaluated case by case; an organization can initiate one by contacting OpenAI (the process is detailed in OpenAI's Help Center, at baa@openai.com).

But a BAA, on its own, does not make a workflow compliant. It only covers what happens inside OpenAI's infrastructure, on eligible services. Some features are explicitly out of scope — for example web search and integrated third-party apps. And the organization remains responsible for the rest: configuration, access control, staff training, and how PHI enters the pipeline and how the response is used.

  • BAA-eligible: OpenAI API on ZDR endpoints, ChatGPT Enterprise and Edu (sales-managed), ChatGPT for Healthcare.
  • Not eligible: self-serve Free, Plus, Go, Pro and Business.
  • Out of scope even with a BAA: web search, integrated third-party apps.
  • Still on you: configuration, access, training, PHI input and use of the output.
Diagram: at top, a patient record with PHI in the clear (amber) flows to consumer ChatGPT with no BAA — exposed data; at bottom, the same record de-identified leaves only tokens (cobalt) and a compliance check, nothing identifiable to expose.
After The HIPAA Journal, USC Price School and Accountable HQ; de-identification definitions after HHS (Office for Civil Rights) guidance.

De-identify PHI: Safe Harbor and the 18 identifiers

Good news: de-identified PHI is no longer PHI and falls outside HIPAA obligations, including the BAA requirement. A ChatGPT-based service can therefore be used with data de-identified under a method authorized by the Privacy Rule. HHS (Office for Civil Rights) guidance provides two official methods: Safe Harbor (removing identifiers) and Expert Determination (a statistical analysis showing a very small re-identification risk, documented and available on OCR request).

The Safe Harbor method requires removing 18 categories of identifiers relating to the individual and their relatives, employers or household members:

  1. 1Names, and detailed geographic elements (address, smaller than state).
  2. 2Dates tied to the individual (birth, admission, discharge, death…).
  3. 3Numbers: Social Security (SSN), medical record, phone, fax, email.
  4. 4Certificate or license numbers, and any other unique identifier.

After removal, the entity must have no actual knowledge that the residual information could, alone or combined, identify the person. This is demanding, because HIPAA defines PHI very broadly: any individually identifiable health information, in any form (ePHI, written records, lab results, invoices, and even verbal conversations containing identifiers). That's why seemingly innocuous clinical transcripts often contain HIPAA identifiers.

You assumeThe reality
“ChatGPT Plus is a pro tool, so it's fine for PHI”No self-serve tier has a BAA — putting PHI there violates HIPAA
“I turned off training, so it's compliant”The data already left the healthcare system: technical violation
“The BAA makes everything compliant”A BAA only covers eligible OpenAI infra; web/third-party apps excluded
“A visit summary isn't PHI”Names, dates and numbers are often in it: that's PHI
The misconceptions that lead to a HIPAA violation with ChatGPT.

The recommended practice for US healthcare teams

In practice, two safe paths coexist — and they aren't mutually exclusive. Many physicians already use ChatGPT to consolidate notes, summarize visits or draft letters to insurers, uses where patient identifiers often appear without anyone realizing it. The rule:

  • De-identify PHI under Safe Harbor (the 18 identifiers) before any use of a consumer tool.
  • Or reserve all real PHI processing for a service covered by a signed BAA (ZDR API, Enterprise/Edu, ChatGPT for Healthcare), properly configured.
  • Never rely on a mere training opt-out as a guarantee of compliance.

That's exactly what ONYRI Sanitize is for: the engine replaces names, dates, numbers and other identifiers with reversible tokens before sending; detection and the mapping stay in your browser, and only de-identified text reaches ChatGPT. Patient data in the clear never leaves your machine — the tool only sees tokens, not your real information.

Frequently asked questions

Is ChatGPT HIPAA compliant?
No, not in its consumer tiers (self-serve Free, Plus, Go, Pro, Business): OpenAI won't sign a BAA for them, so entering PHI is a potential HIPAA violation. A BAA is possible only for the Zero Data Retention API, sales-managed ChatGPT Enterprise/Edu, and ChatGPT for Healthcare.
How do I get a BAA with OpenAI?
A BAA is offered only for eligible services (ZDR API, Enterprise/Edu, ChatGPT for Healthcare), and each request is evaluated case by case. An organization can initiate one by contacting OpenAI at baa@openai.com. Note: a BAA only covers eligible OpenAI infrastructure, not web search or third-party apps.
Can I use ChatGPT with patient data?
Yes, provided you de-identify the PHI first under the Safe Harbor method (removing the 18 HIPAA identifiers): once de-identified, the information is no longer PHI and escapes the BAA requirement. Otherwise, reserve real PHI for a service covered by a signed, properly configured BAA.

Sources & references

Keep your sensitive data in your browser

ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.

Anonymize my prompt

Read next