HIPAA and LLMs: Can You Legally Paste PHI Into ChatGPT?
The short answer is no. The long answer explains what changes with a BAA, what a covered entity can actually do, and what a redaction control buys you in the audit.
What HIPAA actually says
The Privacy Rule permits disclosure of PHI to a business associate only when a BAA is in place and only for a permitted purpose. Consumer ChatGPT is not a business associate. Pasting a patient note into it is a disclosure to a party without a BAA, which is a violation regardless of intent.
What changes with an enterprise BAA
OpenAI signs BAAs for ChatGPT Enterprise and specific API configurations. That legally permits the disclosure but does not exempt the covered entity from minimum-necessary, workforce-training, breach-notification or documentation obligations. It is a floor, not a ceiling.
De-identification as the safer default
HIPAA recognises two paths to de-identification: expert determination and Safe Harbor. Safe Harbor removes 18 specified identifier categories. A prompt that has been through a redactor removing names, dates, geographic subdivisions, contact info, MRNs and biometric identifiers is much closer to Safe Harbor than one that has not. It is not automatically de-identified — the residual re-identification risk still needs a human eye — but it is a defensible starting point.
Where PromptShielder fits
The workspace runs entirely in the browser. It never sends PHI anywhere. It replaces the 18 Safe Harbor identifier categories with tokens the clinician can restore locally when the model responds. That workflow satisfies minimum-necessary and de-identification simultaneously.
Frequently asked
Is pasting into ChatGPT with names removed still PHI?+
It can be, if remaining context makes re-identification reasonably possible. Remove dates and geographic detail too.
Does a BAA cover training?+
OpenAI's enterprise BAA typically excludes training on customer content. Confirm the version you signed says so.