Does ChatGPT Store Patient Data?
A nurse practitioner finishes a long shift and pastes a patient's discharge summary into ChatGPT, asking it to simplify the language for a follow-up letter. It takes about four seconds. In those four seconds, that patient's protected health information left the hospital's network, hit OpenAI's servers, and became part of a dataset the organization has zero control over. Yes, ChatGPT stores your data by default. No, the standard product is not HIPAA compliant. This post breaks down exactly what happens to data you put into ChatGPT, where the HIPAA lines are, and what your options actually look like.
What ChatGPT Actually Does With Your Data
By default, OpenAI retains every conversation you have with ChatGPT and reserves the right to use that content to train future models. This applies to the free tier and ChatGPT Plus equally. OpenAI's own documentation states that conversations may be reviewed by human trainers as part of their quality and safety processes. When you send a message, it's stored on OpenAI's servers with a 30-day retention window for abuse monitoring - even if you've opted out of training.
That opt-out matters, but it's narrower than most people think. You can disable "Improve the model for everyone" in your ChatGPT settings, which tells OpenAI not to use your conversations for model training. But this only stops training use. Your data is still transmitted to and processed on OpenAI's infrastructure. It's still retained for up to 30 days. And it's still subject to OpenAI's internal review policies.
Here's the part that catches people off guard: deleting a conversation from your ChatGPT sidebar does not immediately delete it from OpenAI's systems. The deletion removes it from your view, but OpenAI's retention policies still apply to the backend data. We've talked to at least three IT directors who assumed "delete" meant delete. It doesn't - not on your timeline.
| Product Tier | Data Used for Training | Opt-Out Available | 30-Day Retention | BAA Available |
|---|---|---|---|---|
| ChatGPT Free | Yes (default) | Yes | Yes | No |
| ChatGPT Plus | Yes (default) | Yes | Yes | No |
| ChatGPT Enterprise | No | N/A | Configurable | No |
| OpenAI API (Enterprise Agreement) | No | N/A | Configurable | Yes |
The bottom row is the only one that matters for healthcare. We'll get to why.
The HIPAA Problem
HIPAA requires any vendor that creates, receives, maintains, or transmits protected health information on behalf of a covered entity to sign a Business Associate Agreement. A BAA is not optional. It's not a nice-to-have. Without one, using that vendor for anything involving PHI is a violation - full stop.
OpenAI does not offer a BAA for ChatGPT. Not for the free version. Not for Plus. Not for Teams. This means that every time someone at your organization types patient information into ChatGPT.com, your organization is in violation of HIPAA, regardless of whether a breach actually occurs.
And "patient information" is broader than most clinicians realize. PHI isn't just medical record numbers and Social Security digits. Under HIPAA, any of the 18 identifiers combined with health information qualifies. A patient's first name and a mention of their diagnosis - that's PHI. A date of birth paired with a treatment plan - PHI. Even IP addresses captured in server logs can count as identifiers under HHS guidance. OCR doesn't publish enforcement data broken down by violation type - but risk analysis failures and missing business associate agreements appear consistently across the agency's settlement announcements. BAA failures have resulted in settlements ranging from $350,000 (MedEvolve, 2023) to multi-million dollar penalties.
The liability exposure is real. If a breach occurs and there's no BAA, the covered entity bears full responsibility. You can't point to OpenAI. You can't claim the employee acted on their own. Under the HITECH Act, penalties range from $100 to $50,000 per violation, up to $1.5 million per year per violation category. And OCR has been increasingly willing to pursue cases involving unauthorized cloud services.
ChatGPT Enterprise and the API: Is That Any Different?
ChatGPT Enterprise is a step up in data handling. OpenAI states that Enterprise conversations are not used for training, and organizations get more control over data retention policies. That's meaningful for general business use. But as of early 2025, OpenAI still does not offer a BAA for ChatGPT Enterprise. We've confirmed this directly and through multiple client inquiries. Enterprise improves your privacy posture, but it does not make the product HIPAA compliant.
The API is where things change. Organizations that sign an enterprise API agreement with OpenAI can obtain a BAA. This covers data sent through the API endpoints - not through ChatGPT.com. The distinction matters more than it sounds like it should. A BAA through the API means your engineering team builds a custom interface, manages authentication, controls data flows, and handles audit logging. You're not giving clinicians a chat window at chatgpt.com. You're building and maintaining a separate application.
Here's the practical reality we keep running into: roughly 95% of the healthcare staff we talk to who are "using ChatGPT" are using the consumer website. They're not hitting an API endpoint through a custom-built clinical tool. They're opening a browser tab. The API-with-BAA path exists on paper, but it solves a problem for engineering teams, not for the nurse who wants help writing a care plan at 2 AM. And that nurse is the actual risk vector. Every compliance officer we work with has the same gap - the policy says "don't use unapproved AI tools," and the staff does it anyway because nothing approved exists to replace it.
What Healthcare Orgs Are Actually Doing
We work with about 20 healthcare organizations at various stages of figuring this out. The responses fall into three patterns.
The first group is ignoring the risk. Staff are using ChatGPT, leadership knows or suspects it, and nobody has addressed it formally. This is more common than anyone wants to admit. In our experience, roughly 6 in 10 mid-size healthcare orgs have no formal policy on generative AI use, which means the default policy is "whatever individual employees decide."
The second group has issued blanket bans. No ChatGPT, no generative AI, no exceptions. This feels safe from a compliance standpoint, but it doesn't work in practice. Clinicians and administrative staff find workarounds - personal phones, home computers, incognito windows. A ban without an alternative just pushes the behavior underground where you can't monitor or control it. One compliance director told us her org banned ChatGPT in March and found it in browser history audits on 30% of clinical workstations two months later.
The third group - and this is the approach we recommend - deploys a vetted, private AI alternative. This means running a large language model on infrastructure the organization controls, whether that's on-premise servers or a private cloud environment with a BAA-covered hosting provider. PHI never leaves the network. There's no third-party training risk. Audit logs stay local. The model runs behind the same firewall as the EHR. In practice, this looks like a self-hosted LLM accessible through an internal web interface that clinical staff can actually use - something that scratches the same itch as ChatGPT without the compliance exposure.
FAQ
Is there a HIPAA-compliant version of ChatGPT?
Not exactly. There is no version of the ChatGPT consumer product (free, Plus, or Teams) that is HIPAA compliant. OpenAI offers a BAA only through its enterprise API agreement, which requires building your own application on top of the API - not using ChatGPT.com. ChatGPT Enterprise offers better data protections but still lacks a BAA as of early 2025.
Can I use ChatGPT if I don't include patient names?
Removing names is not enough. PHI includes 18 identifier types under HIPAA - dates, geographic data, phone numbers, email addresses, and more. A date of birth combined with a diagnosis is PHI even without a name. De-identification requires removing or generalizing all 18 identifiers per the Safe Harbor method, which is far more work than most clinicians will do in practice.
What's the penalty if a clinician uses ChatGPT with patient data?
The organization bears the liability, not the individual clinician. Penalties under the HITECH Act range from $100 to $50,000 per violation, with annual maximums of $1.5 million per violation category. OCR also has the authority to require corrective action plans, which can cost organizations millions in implementation. MedEvolve settled a $350,000 HIPAA violation in 2023 for failing to execute a BAA with a subcontractor handling ePHI. OCR's enforcement focus on cloud vendors and unauthorized tools has intensified - the agency resolved multiple cloud-related cases in early 2025 alone.
Bottom Line
ChatGPT is not a safe tool for any workflow that touches patient data. "Being careful" is not a compliance strategy, and telling staff to "just don't include names" doesn't meet the de-identification standard. If your organization wants AI in clinical workflows - and your staff probably already does, whether you've approved it or not - there are two defensible paths. The first is a BAA-covered enterprise API contract with a vetted vendor, where you build and control the application layer. The second is a private, on-premise deployment where patient data never leaves your network. There is no third option that holds up to an audit.
