Compliance

HIPAA and LLMs: Can You Legally Paste PHI Into ChatGPT?

The short answer is no. The long answer explains what changes with a BAA, what a covered entity can actually do, and what a redaction control buys you in the audit.

PromptShielder Security Team· Applied cryptography & privacy engineering April 8, 2025 7 min read

What HIPAA actually says

The Privacy Rule permits disclosure of PHI to a business associate only when a BAA is in place and only for a permitted purpose. Consumer ChatGPT is not a business associate. Pasting a patient note into it is a disclosure to a party without a BAA, which is a violation regardless of intent.

What changes with an enterprise BAA

OpenAI signs BAAs for ChatGPT Enterprise and specific API configurations. That legally permits the disclosure but does not exempt the covered entity from minimum-necessary, workforce-training, breach-notification or documentation obligations. It is a floor, not a ceiling.

De-identification as the safer default

HIPAA recognises two paths to de-identification: expert determination and Safe Harbor. Safe Harbor removes 18 specified identifier categories. A prompt that has been through a redactor removing names, dates, geographic subdivisions, contact info, MRNs and biometric identifiers is much closer to Safe Harbor than one that has not. It is not automatically de-identified — the residual re-identification risk still needs a human eye — but it is a defensible starting point.

Where PromptShielder fits

The workspace runs entirely in the browser. It never sends PHI anywhere. It replaces the 18 Safe Harbor identifier categories with tokens the clinician can restore locally when the model responds. That workflow satisfies minimum-necessary and de-identification simultaneously.

Frequently asked

Is pasting into ChatGPT with names removed still PHI?+

It can be, if remaining context makes re-identification reasonably possible. Remove dates and geographic detail too.

Does a BAA cover training?+

OpenAI's enterprise BAA typically excludes training on customer content. Confirm the version you signed says so.

Sources
ComplianceVertical Healthcare
Try PromptShielder

Redact prompts before they leave your browser.

Free to try. Nothing is sent to a server. Ever.