Why your AI doctor doesn’t follow HIPAA: The hidden risks of medical chatbots | CyberScoop<\/title> <meta name=\"description\" content=\"Are AI health apps like ChatGPT and Claude HIPAA compliant? Experts warn of significant data privacy risks as tech giants expand into healthcare without the strict legal safeguards required of traditional medical providers.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/ai-healthcare-apps-hipaa-privacy-risks-openai-anthropic\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Your AI doctor doesn't have to follow the same privacy rules as your real one\"> <meta property=\"og:description\" content=\"AI apps are making their way into healthcare. It\u2019s not clear that rigorous data security or privacy practices will be part of the package.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/ai-healthcare-apps-hipaa-privacy-risks-openai-anthropic\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-02-11T19:51:01+00:00\"> <meta property=\"article:modified_time\" content=\"2026-02-11T19:51:04+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/your-ai-doctor-doesnt-have-to-follow-the-same-privacy-rules-as-your-real-one-2.jpg\"> <meta property=\"og:image:width\" content=\"3113\"> <meta property=\"og:image:height\" content=\"1828\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"djohnson\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1770142553g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1770135364g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1767808656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87744\"><meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87744\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fai-healthcare-apps-hipaa-privacy-risks-openai-anthropic%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fai-healthcare-apps-hipaa-privacy-risks-openai-anthropic%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87744 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/ai-healthcare-apps-hipaa-privacy-risks-openai-anthropic\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.657243816254\">\n<div class=\"single-article__header-content\" readability=\"34.438554216867\">\n<p> AI apps are making their way into healthcare. It\u2019s not clear that rigorous data security or privacy practices will be part of the package. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87744\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"376\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/your-ai-doctor-doesnt-have-to-follow-the-same-privacy-rules-as-your-real-one.jpg?resize=640%2C376&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/your-ai-doctor-doesnt-have-to-follow-the-same-privacy-rules-as-your-real-one-2.jpg 3113w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/your-ai-doctor-doesnt-have-to-follow-the-same-privacy-rules-as-your-real-one-2.jpg?resize=300,176 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/your-ai-doctor-doesnt-have-to-follow-the-same-privacy-rules-as-your-real-one-2.jpg?resize=768,451 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/your-ai-doctor-doesnt-have-to-follow-the-same-privacy-rules-as-your-real-one-2.jpg?resize=1024,601 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/your-ai-doctor-doesnt-have-to-follow-the-same-privacy-rules-as-your-real-one-2.jpg?resize=1536,902 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/your-ai-doctor-doesnt-have-to-follow-the-same-privacy-rules-as-your-real-one-2.jpg?resize=2048,1203 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/your-ai-doctor-doesnt-have-to-follow-the-same-privacy-rules-as-your-real-one-2.jpg?resize=600,352 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/your-ai-doctor-doesnt-have-to-follow-the-same-privacy-rules-as-your-real-one-2.jpg?resize=286,168 286w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/your-ai-doctor-doesnt-have-to-follow-the-same-privacy-rules-as-your-real-one-2.jpg?resize=574,337 574w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/your-ai-doctor-doesnt-have-to-follow-the-same-privacy-rules-as-your-real-one-2.jpg?resize=1149,675 1149w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/your-ai-doctor-doesnt-have-to-follow-the-same-privacy-rules-as-your-real-one-2.jpg?resize=1436,843 1436w\" sizes=\"(max-width: 1149px) 100vw, 1149px\"><figcaption> AI-powered health apps are flooding the market. But their data security policy is more of a pinky promise than a legal mandate. (Source: Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"104.41412616963\"><body readability=\"210.39050977878\"><\/p>\n<p>AI apps are making their way into healthcare. It\u2019s not clear that rigorous data security or privacy practices will be part of the package.<\/p>\n<p>OpenAI, Anthropic and Google have all rolled out AI-powered health offerings from over the past year. These products are designed to provide health and wellness advice to individual users or organizations, helping to diagnose their illnesses, examine medical records and perform a host of other health-related functions.<\/p>\n<p>OpenAI says that hundreds of millions of people already use ChatGPT to answer health and wellness questions, and studies have found that large language models can be remarkably proficient at medical diagnostics, with one paper <a href=\"https:\/\/arxiv.org\/abs\/2412.10849\">calling<\/a> their capabilities \u201csuperhuman\u201d when compared to a human doctor.<\/p>\n<p>But in addition to traditional cybersecurity concerns around how well these chatbots can protect personal health data, there are a host of questions around what kind of legal protections users would have around the personal medical data they share with these apps. Several health care and legal experts told CyberScoop that these companies are almost certainly not subject to the same legal or regulatory requirements \u2013 such as data protection rules under the <a href=\"https:\/\/www.hhs.gov\/hipaa\/index.html\">Health Insurance Portability and Accountability Act<\/a> (HIPAA) \u2013 that compel hospitals and other healthcare facilities to ensure protection of your data.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Sara Geoghegan, senior counsel at the Electronic Privacy Information Center, said offering the same or similar data protections as part of a terms of service agreement is markedly different from interacting with a regulated healthcare entity. <\/p>\n<p>\u201cOn a federal level there are no limitations \u2013 generally, comprehensively \u2013 on non-HIPAA protected information or consumer information being sold to third parties, to data brokers,\u201d she said. <\/p>\n<p>She also pointed to data privacy concerns that stemmed from the bankruptcy and sale of genetic testing company <a href=\"https:\/\/cyberscoop.com\/23andme-bankruptcy-dna-privacy-concerns\/\">23andMe last year<\/a> as a prime example of the dangers consumers face when handing over their sensitive health or biometric data to a unregulated entity.<\/p>\n<p>In many cases, these AI health apps carry the same kind of security and privacy risks as other generative AI products: <a href=\"https:\/\/cyberscoop.com\/chatgpt-browser-extensions-steal-your-data\/\">data leakage<\/a>, <a href=\"https:\/\/openai.com\/index\/why-language-models-hallucinate\/\">hallucinations<\/a>, <a href=\"https:\/\/cyberscoop.com\/uk-warns-ai-prompt-injection-unfixable-security-flaw\/\">prompt injections<\/a> and a propensity to give confident but wrong answers.<\/p>\n<p>Additionally, data breaches in the healthcare industry have become increasingly common over the past several years, even before the current AI boom. Healthcare organizations are frequent targets for hacking, phishing, and ransomware, and even though companies can be held legally responsible under HIPAA for failing to protect patient data, <a href=\"https:\/\/cyberscoop.com\/tag\/change-healthcare\/\">breaches still happen<\/a> because many systems rely on outdated software, depend on numerous outside vendors, and struggle to keep up with the cost and complexity of strong cybersecurity.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Carter Groome, CEO of First Health Advisory, a healthcare and cybersecurity risk management consulting firm, said that beyond concerns over whether these tech companies can even reasonably promise to protect your health data, it\u2019s also not clear their security protections are anything more than a company policy.<\/p>\n<p>\u201cThey\u2019re not mandated by HIPAA,\u201d Groome said. \u201cOrganizations that are building apps, there\u2019s a real gray area for any sort of compliance\u201d with health care data privacy laws.<\/p>\n<p>Privacy is especially important in health and medicine, both for protecting sensitive medical information and for building trust in the health system overall. That\u2019s why hospitals, doctor\u2019s offices, lab testing facilities and other associated entities have been subject to heightened laws and regulations around protecting patient records and other health data.<\/p>\n<p>Laws like HIPAA <a href=\"https:\/\/www.hhs.gov\/sites\/default\/files\/ocr\/privacy\/hipaa\/administrative\/securityrule\/srnprm.pdf\">require<\/a> covered entities and their business associates to \u201cmaintain reasonable and appropriate administrative, physical, and technical safeguards for the security of certain individually identifiable health information.\u201d<\/p>\n<p>It also subjects companies to breach notification rules that force them to notify victims, the Department of Health and Human Services and in some cases the public when certain health data has been accessed, acquired, used or disclosed in a data breach.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Groome and Andrew Crawford, senior counsel at Center for Democracy and Technology\u2019s Data and Privacy Project, said that tech companies like OpenAI, Anthropic and Google almost certainly would not be considered covered entities under HIPAA\u2019s security rule, which according to HHS applies to health plans, clearinghouses, health care providers and business associates who transfer Electronic Protected Health Information (ePHI). <\/p>\n<p>OpenAI and Anthropic do not claim that ChatGPT Health or Claude for Healthcare follow HIPAA. Anthropic\u2019s web site <a href=\"https:\/\/www.anthropic.com\/news\/healthcare-life-sciences\">describes<\/a> Claude for Healthcare as \u201cbuilt on HIPAA-ready infrastructure,\u201d while OpenAI\u2019s page for its suite of <a href=\"https:\/\/openai.com\/index\/openai-for-healthcare\/\">healthcare-related enterprise products<\/a> claims they \u201csupport\u201d HIPAA compliance.<\/p>\n<p>OpenAI, Anthropic and Google did not respond to a request for comment from CyberScoop. <\/p>\n<p>That distinction means \u201cthat a number of companies not bound by HIPAA\u2019s privacy protections will be collecting, sharing, and using peoples\u2019 health data,\u201d Crawford said in a statement to CyberScoop. \u201cAnd since it\u2019s up to each company to set the rules for how health data is collected, used, shared, and stored, inadequate data protections and policies can put sensitive health information in real danger.\u201d<\/p>\n<p>Laws like HIPAA contain strong privacy protections for health data but are limited in scope and \u201cmeant to help the digitization of records, not stop tech companies from gathering your health data outside of the doctor\u2019s office,\u201d Geoghegan said.<\/p>\n<p>As they expand into healthcare, tech companies like OpenAI, Anthropic, and Google have emphasized data security as a top priority in their product launches.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>OpenAI said their health model uses an added layer of built encryption and isolation features to compartmentalize health conversations, as well as added features like multifactor authentication. And, like other OpenAI models, ChatGPT Health encrypts its data at rest and in transit, has a feature to delete chats within 30 days and promises your data won\u2019t be used for AI training.<\/p>\n<p>For uploading medical records, OpenAI said it is partnering with b.well, an AI-powered digital health platform that connects health data for U.S. patients. On its website, the company says \u201cit uses a transparent, consumer-friendly privacy policy that lets users control and change data-sharing permissions at any time, does not sell personal data, and only shares it without permission in limited cases. It also voluntarily follows the <a href=\"https:\/\/www.carinalliance.com\/code-of-conduct\">CARIN Alliance Trust Framework and Code of Conduct<\/a>\u2014making it accountable to the FTC\u2014and says it aims to meet or exceed HIPAA standards through measures like encryption, regular security reviews, and HITRUST and NIST CSF certifications, though it notes no system can fully eliminate cyber risk.<\/p>\n<p>Legal experts say that when tech companies promise their AI products are \u201cHIPAA compliant\u201d or \u201cHIPAA ready,\u201d it\u2019s often unclear whether these claims amount to anything more than a promise not to use health data irresponsibly. <\/p>\n<p>These distinctions matter when it comes to personal health data. Geoghegan said it is not uncommon in some corners of the wellness industry for an unregulated business to ambiguously claim they are \u201cHIPAA-compliant\u201d to elude the fact that they aren\u2019t legally bound by the regulations.<\/p>\n<p>\u201cGenerally speaking, a lot of companies say they\u2019re HIPAA compliant, but what they mean is that they\u2019re not a HIPAA regulated entity, therefore they have no obligation,\u201d said Geoghegan.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Groome suggested that AI companies are being \u201chyperbolic\u201d in their commitment to security in an effort to assuage the concerns of privacy critics, noting that their product announcements contain \u201ca comical level of how much they say they\u2019re going to protect your information.\u201d<\/p>\n<p>An added wrinkle is that AI tools remain black boxes in some respects, with even their developers unable to fully understand or explain how they work. That kind of uncertainty, especially with healthcare data, can lead to bad security or privacy outcomes.<\/p>\n<p>\u201cIt\u2019s really shaky right now when a company comes out and says \u2018we\u2019re fully HIPAA compliant\u2019 and I think what they\u2019re doing is trying to give the consumer a false sense of trust,\u201d said Groome.<\/p>\n<p>Several sources told CyberScoop that despite these risks, they expect AI health apps to continue being widely used, in part because the traditional American healthcare system remains so expensive. <\/p>\n<p>AI tools \u2013 by contrast \u2013 are convenient, immediate and cost effective. While people like Geoghegan and Groome have said they are sympathetic to the pressures that push people towards these apps, the tradeoffs are troubling.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cA lot of this stems from the fact that care is inaccessible, it\u2019s hard to get and it\u2019s expensive, and there are many reasons why people don\u2019t trust in health care provisions,\u201d said Geoghegan. \u201cBut the solution to that care being inaccessible cannot be relying on big tech and billionaire\u2019s products. We just can\u2019t trust [them] to have our best health interest in mind.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.4010327022375\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/your-ai-doctor-doesnt-have-to-follow-the-same-privacy-rules-as-your-real-one-1.jpg?w=640&ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/ai-healthcare-apps-hipaa-privacy-risks-openai-anthropic\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Why your AI doctor doesn’t follow HIPAA: The hidden risks<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[235,3829,2381,384,78,606,387,224,1622,564,268],"tags":[236,3831,2384,388,86,609,391,232,1627,565,274],"class_list":["post-8343","post","type-post","status-publish","format-standard","hentry","category-ai","category-ai-chatbots","category-anthropic","category-artificial-intelligence-ai","category-cybersecurity","category-data-privacy","category-google","category-healthcare","category-hipaa","category-openai","category-privacy","tag-ai","tag-ai-chatbots","tag-anthropic","tag-artificial-intelligence-ai","tag-cybersecurity","tag-data-privacy","tag-google","tag-healthcare","tag-hipaa","tag-openai","tag-privacy"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai-chatbots\/\" rel=\"category tag\">AI chatbots<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/anthropic\/\" rel=\"category tag\">Anthropic<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/artificial-intelligence-ai\/\" rel=\"category tag\">artificial intelligence (AI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/data-privacy\/\" rel=\"category tag\">data privacy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google\/\" rel=\"category tag\">Google<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/healthcare\/\" rel=\"category tag\">Healthcare<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hipaa\/\" rel=\"category tag\">hipaa<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/openai\/\" rel=\"category tag\">OpenAI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/privacy\/\" rel=\"category tag\">Privacy<\/a>","tag_info":"Privacy","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8343","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8343"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8343\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8343"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8343"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8343"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8343,"date":"2026-02-11T13:51:01","date_gmt":"2026-02-11T19:51:01","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87744"},"modified":"2026-02-11T13:51:01","modified_gmt":"2026-02-11T19:51:01","slug":"your-ai-doctor-doesnt-have-to-follow-the-same-privacy-rules-as-your-real-one","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/02\/11\/your-ai-doctor-doesnt-have-to-follow-the-same-privacy-rules-as-your-real-one\/","title":{"rendered":"Your AI doctor doesn\u2019t have to follow the same privacy rules as your real one"},"content":{"rendered":"