Short answer: ChatGPT itself is not "HIPAA compliant" out of the box. The OpenAI API and ChatGPT Enterprise can be used in HIPAA-regulated workflows, but only after you sign a Business Associate Agreement (BAA) with OpenAI and configure the deployment for protected health information (PHI). The free and Plus tiers of ChatGPT cannot be used for PHI under any circumstances.

This guide explains, in 2026, what HIPAA actually requires of an AI tool, which OpenAI products can be made compliant, what a clinician or health-tech team has to do operationally, and how to keep PHI from leaking when staff inevitably reach for ChatGPT in a browser tab.

What HIPAA actually requires of an AI tool

The Health Insurance Portability and Accountability Act (HIPAA) is implemented by three rules:

Privacy Rule — defines PHI and the conditions under which it may be used or disclosed.
Security Rule — defines administrative, physical, and technical safeguards for electronic PHI (ePHI).
Breach Notification Rule — defines what counts as a breach and the timelines for reporting it.

For an AI provider to handle PHI on your behalf, three things must be true:

The provider qualifies as a business associate because it creates, receives, maintains, or transmits PHI for a covered entity.
You have a signed Business Associate Agreement (BAA) with the provider that contractually extends HIPAA obligations to them.
The provider's product, in the configuration you actually use, supports the Security Rule's required safeguards (access controls, audit logging, encryption, integrity controls, transmission security).

Without a BAA, sending PHI to a vendor is an unpermitted disclosure under the Privacy Rule — even if the vendor is "secure" in a general sense.

Where OpenAI's products stand on HIPAA in 2026

As of April 2026, OpenAI publicly supports BAAs for two product families:

OpenAI API with eligible models, when the customer requests a BAA via the enterprise sales channel and operates under the API's data processing addendum.
ChatGPT Enterprise and ChatGPT Edu, which include zero-retention options and BAA eligibility for customers who request it.

The free, Plus, Team (consumer-tier), and Pro plans are not BAA-eligible. Prompts on these tiers may be retained for abuse monitoring, may be used for training unless opted out, and are not contractually covered for PHI handling.

This matters because the URL is the same. A clinician sitting at chat.openai.com cannot tell from the interface whether the account they are logged into is the personal Plus account they pay for, the Enterprise account their employer signed, or somewhere in between. Operationally, the question "is this HIPAA-compliant?" is really "which account am I in right now?"

What a HIPAA-aligned ChatGPT deployment looks like

A healthcare organization that wants to use ChatGPT or the OpenAI API for clinical or operational workflows typically needs to:

Sign a BAA with OpenAI through the enterprise sales process. The BAA must cover the specific product (Enterprise, Edu, or API) and the specific endpoints your workforce uses.
Configure zero retention on the API or the Enterprise tenancy. OpenAI offers Zero Data Retention (ZDR) for eligible customers; without ZDR, prompts are retained for 30 days for abuse monitoring.
Restrict workforce access to the BAA-covered tenancy. Block consumer ChatGPT at the network level or via an SSO policy that forces sign-in to the enterprise tenant.
Enforce least privilege in any agentic or tool-using configurations — limit the data sources the model can read and the tools it can call.
Log access in a way that satisfies the Security Rule's audit-control requirement. Enterprise plans expose audit logs; the API requires you to instrument logging on your side.
Train the workforce specifically on what may and may not be sent. A signed BAA does not authorize pasting any PHI, only PHI that the user is otherwise permitted to disclose.
Document everything — risk assessment, BAA, configuration, training records — because the OCR (Office for Civil Rights) audits documentation, not just controls.

This is a real project, not a checkbox. Most organizations underestimate steps 3 and 6.

The "shadow ChatGPT" problem

Even with an enterprise contract, the most common HIPAA exposure in 2026 is workforce members using consumer ChatGPT for clinical or administrative tasks because it is faster than the sanctioned tool. A 2025 KLAS Research survey of US health systems found that more than half of clinicians had used a generative AI tool that was not approved by their organization, often for note summarization or patient-message drafting.

Two technical controls help materially:

Browser-level redaction. A local-first tool such as Sonomos detects PHI categories (names, dates, MRNs, diagnoses, drug names) inside the browser and replaces them with reversible tokens before the prompt leaves the device. Even when staff use a non-sanctioned account, the unmasked PHI never crosses the wire.
Egress monitoring for AI domains. Add chat.openai.com, claude.ai, gemini.google.com, and similar destinations to your DLP and CASB rules. Treat traffic to these domains the same way you treat traffic to a personal cloud-storage provider.

Both controls are additive, not substitutes for a BAA — they reduce the size and severity of the problem when the policy is bypassed.

Examples: what is and is not allowed

The lines below assume a covered entity has a signed BAA with OpenAI for ChatGPT Enterprise. Without that BAA, the answer to every example is "no, this is an unpermitted disclosure."

| Scenario | Compliant? | Why | | --- | --- | --- | | Clinician pastes a de-identified case summary (per Safe Harbor or Expert Determination) into ChatGPT Plus to brainstorm differentials | Yes | De-identified data is not PHI | | Clinician pastes the same summary with the patient's name and MRN into ChatGPT Plus | No | PHI to a non-BAA account | | Clinician pastes the same summary with PHI into ChatGPT Enterprise (BAA in place, ZDR enabled) | Yes | Permitted disclosure to a business associate | | Coder uses GPT API (BAA, ZDR) to extract ICD-10 codes from chart notes | Yes | Permitted; log the disclosure | | Front-desk staff uses consumer ChatGPT to draft a reminder text including a patient's name and appointment time | No | PHI; non-BAA account | | Same staff drafts the message with "[Patient]" placeholders, then fills the name in the EHR | Yes | No PHI sent to OpenAI |

The pattern: keep PHI inside the BAA boundary, or remove PHI before the request leaves your device.

Frequently asked questions

Does signing a BAA make ChatGPT HIPAA compliant?

A BAA is necessary but not sufficient. Compliance requires the BAA plus the Security Rule's administrative, physical, and technical safeguards in your configuration and operation. OpenAI's BAA covers their part; the rest is yours.

Is ChatGPT Plus HIPAA compliant if I only use it for de-identified data?

If the data is genuinely de-identified under HIPAA's Safe Harbor or Expert Determination methods, it is not PHI and HIPAA does not apply. The risk is that "de-identified" is harder than it looks — Safe Harbor requires removing 18 specific identifier categories. A single rare diagnosis plus a ZIP code can be re-identifying on its own.

What about ChatGPT memory and Projects?

For BAA-covered tenancies, OpenAI publishes guidance on which features are eligible. As of 2026, ChatGPT Enterprise admins can disable memory and uploaded-file retention as part of the workspace configuration. Confirm the current eligibility list with your account team before turning these features on for clinical workflows.

Can a doctor use Microsoft Copilot or Gemini with PHI instead?

The same logic applies: BAA required, configuration required, workforce policy required. Microsoft offers BAAs covering Microsoft 365 Copilot for eligible customers; Google offers BAAs covering Gemini in Workspace and Vertex AI under their HIPAA Implementation Guide. Each vendor's eligibility list and feature scope is different. Read the BAA, not the marketing.

What if my staff already pasted PHI into a personal ChatGPT account?

Treat it as a potential breach. Investigate the account's data settings (history, training opt-in), document the disclosure, and determine whether notification is required under the Breach Notification Rule's risk-of-compromise factors. The OCR has been clear that "we did not realize the tool was unsanctioned" is not a defense.

How does Sonomos relate to HIPAA?

Sonomos is not a covered entity or business associate; it is a privacy layer that runs entirely in the user's browser and never receives PHI. By detecting PHI categories on-device and replacing them with reversible tokens before the prompt leaves the browser, Sonomos materially reduces the surface where PHI can leak — including to non-BAA accounts. It is complementary to a properly executed BAA program, not a substitute for one.

A short HIPAA + ChatGPT checklist

Decide which AI products your workforce may use for PHI, and which are blocked.
Sign a BAA with each approved provider, covering the specific products and endpoints in use.
Enable Zero Data Retention (or the equivalent) where available.
Block or proxy consumer-tier endpoints at the network and identity layers.
Deploy a local-first redaction tool to every browser used by clinical and administrative staff.
Add AI-bound traffic to your DLP, CASB, and audit-log review.
Train staff specifically on what may and may not be sent — and verify with periodic walk-throughs, not just attestations.
Re-assess annually; vendor product lines and feature eligibility change frequently.

The bottom line

In 2026, "Is ChatGPT HIPAA compliant?" is the wrong question. The right questions are: which OpenAI product am I using, do I have a BAA covering that product, is the configuration aligned with the Security Rule, am I sure my workforce is in the BAA-covered tenancy, and what happens when they aren't? Get those right and ChatGPT becomes a useful tool inside a HIPAA program. Skip any one of them and you are running on luck.

Is ChatGPT HIPAA Compliant? A 2026 Guide for Clinicians and Health Tech Teams