Why your AI doctor doesn’t follow HIPAA: The hidden risks of medical chatbots

Staff Editor 2026-02-11
Why your AI doctor doesn’t follow HIPAA: The hidden risks of medical chatbots

Why your AI doctor doesn’t follow HIPAA: The hidden risks of medical chatbots

https://cyberscoop.com/ai-healthcare-apps-hipaa-privacy-risks-openai-anthropic/

Publish Date: 2026-02-11 14:51:00

Source Domain: cyberscoop.com

AI apps are making their way into healthcare. It’s not clear that rigorous data security or privacy practices will be part of the package.

OpenAI, Anthropic and Google have all rolled out AI-powered health offerings from over the past year. These products are designed to provide health and wellness advice to individual users or organizations, helping to diagnose their illnesses, examine medical records and perform a host of other health-related functions.

OpenAI says that hundreds of millions of people already use ChatGPT to answer health and wellness questions, and studies have found that large language models can be remarkably proficient at medical diagnostics, with one paper calling their capabilities “superhuman” when compared to a human doctor.

But in addition to traditional cybersecurity concerns around how well these chatbots can protect personal health data, there are a host of questions around what kind of legal protections users would have around the personal medical data they share with these apps. Several health care and legal experts told CyberScoop that these companies are almost certainly not subject to the same legal or regulatory requirements – such as data protection rules under the Health Insurance Portability and Accountability Act (HIPAA) – that compel hospitals and other healthcare facilities to ensure protection of your data.

Sara Geoghegan, senior counsel at the Electronic Privacy Information Center, said offering the same or similar data protections as part of a terms of service agreement is markedly different from interacting with a regulated healthcare entity. 

“On a federal level there are no limitations – generally, comprehensively – on non-HIPAA protected information or consumer information being sold to third parties, to data brokers,” she said. 

She also pointed to data privacy concerns that stemmed from the bankruptcy and sale of genetic testing company 23andMe last year as a prime…

Source

More Stories

Diaspo #444: From supercomputers to cybersecurity, Asmae Mhassni’s unconventional path

Diaspo #444: From supercomputers to cybersecurity, Asmae Mhassni’s unconventional path

Staff Editor 2026-06-06
Opal Security Raises Million for AI-Native Identity Governance

Opal Security Raises $23 Million for AI-Native Identity Governance

Staff Editor 2026-06-06
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy