Polygraf AI recognized as a Representative Vendor in the 2026 Gartner® Market Guide for Guardian Agents.

Book a Demo
Free AI Risk Assessment Book a Demo

HIPAA and AI:
Which Rules Apply When Employees
Use ChatGPT with Patient Data

72% of doctors use AI in clinical practice today – up from 48% a year ago. The majority are using tools with no Business Associate Agreement in place. The violation does not trigger an alert. No log entry, no ransomware notice, no stolen laptop report. An open exposure window with no timestamp. Here is exactly what is compliant, what is not, and why.

consumer-chatgpt.com — no BAA on file
FD
Can you help me write a letter to Sarah Jenkins' employer explaining she needs medical leave for her upcoming knee surgery on June 18th? Her policy # is HMO-4471829.
AI
Of course! Here's a draft letter for Sarah Jenkins regarding her medical leave for knee surgery...
⚠️
HIPAA violation at send. Name, treatment date, and health plan beneficiary number (3 of the 18 Safe Harbor identifiers) sent to a vendor without a Business Associate Agreement. No alert. No breach detected by any existing tool.

Every healthcare compliance officer has been asked at some point: "Is it ok for me to use ChatGPT to write this patient note?" The honest answer is rarely a simple yes or no – it depends on which ChatGPT, which plan, whether there is a Business Associate Agreement, what data was entered and what happens to that data after. According to the American Medical Association's Center for Digital Health and AI, Physician Survey on Augmented Intelligence (February 2026), 72% of physicians now report using AI in clinical practice — up from 48% the year before and 38% in 2023.

None of that adoption curve was accompanied by a parallel curve in governance. A December 2025 survey of 518 healthcare providers and administrators, reported by the Association of Health Care Journalists, found that 40% had encountered an unauthorized "shadow AI" tool in their organization, and a further 17% admitted to using one themselves — entirely outside any approved workflow, BAA, or oversight. This is what the industry now calls Shadow AI, and in healthcare it carries a specific, well-defined legal exposure that doesn't exist in most other industries: HIPAA.

The Single Question That Determines Everything: Is There a BAA?

Under HIPAA's Privacy Rule, any vendor who develops, receives, maintains or transmits PHI on behalf of a covered entity is a "business associate." A covered entity cannot share PHI with a business associate unless there is a signed Business Associate Agreement (BAA) – a legally binding contract under 45 CFR §164.504(e) that requires the vendor to keep the data safe under HIPAA. No BAA, no PHI, period, no matter how good the privacy settings of the tool look.

The problem in 2026 is that "ChatGPT" is no longer one product — it's at least five, each with a completely different BAA status. OpenAI launched two healthcare-adjacent products on January 8, 2026 with nearly identical names — and confusing them is the single most common compliance failure we now see.

Product / Tier BAA Available? Can Process PHI? What It Actually Is
ChatGPT Free / Plus / Team No Never Consumer tiers. OpenAI does not offer a BAA for these plans under any circumstance — any PHI entered without a BAA in place is an automatic violation under 45 CFR §164.504(e).
ChatGPT Health No Never Consumer wellness product announced Jan 7, 2026. Designed for personal health literacy, not clinical use. OpenAI will not sign a BAA for this product under any configuration.
ChatGPT Enterprise / Edu Conditional If BAA signed OpenAI may sign a BAA on request for these tiers — but it must be deliberately executed, and per 45 CFR §164.504(e) the exact deployment must match what's covered under the agreement.
ChatGPT API Conditional If BAA signed Healthcare developers can apply for a BAA to embed the API into clinical and operational applications — approval depends on the surrounding application also being HIPAA-compliant.
ChatGPT for Healthcare Yes Yes (BAA required) Enterprise product launched Jan 8, 2026 for large health systems. Initial partners: Cedars-Sinai, Stanford Medicine Children's Health, Memorial Sloan Kettering, UCSF, Boston Children's. Not generally available to small practices.
Why "HIPAA-Eligible" Is Not the Same as "Your Use Is Covered"

Vendors describe enterprise tiers as "HIPAA-eligible." That phrase is doing a lot of work — it means the vendor can sign a Business Associate Agreement under specific configurations, not that any deployment of their product is automatically covered. A signed BAA, specifically configured access controls, and the exact tool your staff member opened all need to match. The free-tier tool your front desk coordinator used yesterday is never covered, no matter what the enterprise contract says about a different deployment.

Interactive: Is This a HIPAA Violation?

Follow this decision tool with a real case from your organization. It is the same logic that OCR investigators use to assess a complaint.

HIPAA + AI Decision Tool
Step 1 of 3

Common Workplace Scenarios — What's Actually a Violation

These are the stories we hear most often when working with our healthcare clients. Each of these happens dozens of times a day in a typical health system.

Front desk puts patient insurance information into ChatGPT to write an appeal letter
Free or Plus, no BAA, patient name, policy number, and diagnosis code entered in order to "save time" on a denial appeal.
Violation
Nurse uses a personal phone's AI assistant to summarize shift handoff notes
Patient names, room numbers and conditions spoken into a consumer voice assistant with no BAA on a personal device outside of any MDM policy.
Violation
A doctor is using ChatGPT Enterprise (BAA signed) and pastes a full chart export with a different patient's lab results by accident
The BAA applies to the tool. The data entered is more than the "minimum necessary" standard of 45 CFR §164.502(b) – and it includes the data of a second patient that the physician had no reason to have access to.
Depends — likely violation
The billing team uses an AI tool with a signed BAA, but the actual deployment was not the one described in the agreement
A health system has signed an enterprise BAA, but staff are using a browser extension or mobile app version of the tool that connects to a different, uncovered endpoint.
Depends — audit needed
A doctor is using ChatGPT to search for general drug interaction information without entering any patient data.
"What are common side effects when combining metformin and lisinopril?" — no PHI in the prompt. The 18 Safe Harbor identifiers are absent entirely.
Not a violation
A practice manager uses ChatGPT to create a generic patient education handout on post-op care
Template text without patient information (names, dates, identifiers) that is replaced with placeholders (e.g. "[Patient Name]") before writing.
Not a violation

The 18 Identifiers — What Actually Counts as PHI

The HIPAA Safe Harbor method (45 CFR §164.514(b)(2)) provides a list of 18 specific identifiers. If one or more of these is associated with health information, the combination is PHI – period. Most staff think that PHI is name + diagnosis. It is a much longer list and some of the most commonly missed identifiers are in every clinical note that is written.

Progress Note — Hover Any Highlighted Field to See Its HIPAA Identifier
Patient: Sarah Jenkins (DOB 04/12/1978) presented on 06/02/2026 for follow-up. Lives at 142 Maple Drive, Riverside. Contact: (555) 412-8890, sjenkins@email.com. MRN 00-4471829, Plan ID HMO-99182. Reports knee pain post-surgery on 05/18/2026. Vehicle parked — license plate WXY-4471 noted for valet. Photo attached for chart [full-face image].

This one, relatively ordinary progress note contains 7 of the 18 identifiers – and that's without counting the diagnosis itself. The complete list also includes fax numbers, SSNs, account numbers, certificate/license numbers, device identifiers, URLs, IP addresses, biometric identifiers, and "any other unique identifying number, haracteristic, or code" – a catch-all that courts and OCR have read broadly. A clinician who pastes "this note" into an AI tool to "clean up the formatting" has just sent all 7 to whatever vendor is on the other

"Your staff isn't trying to break HIPAA – they're trying to do their jobs. But every time patient data is entered into an AI tool without a signed Business Associate Agreement, a violation has occurred. Quietly. No alert, no log entry, no breach notification trigger. Just an open exposure window with no timestamp."

— Polygraf AI, on what we see in every healthcare AI governance audit

What Happens When It's Discovered

In contrast to a ransomware attack or a lost laptop, an AI-related PHI breach is not usually found in an alert. It is found in a routine audit, a patient complaint or – more and more – in an OCR investigation of something unrelated. Once found, the HIPAA penalty structure is per violation per category, and the amounts are set out in 45 CFR §160.404 and adjusted annually for inflation. The figures below reflect the 2025-adjusted amounts published by HHS in the Federal Register on January 28, 2026.

Tier 1
Did Not Know

The organization did not know and could not reasonably have known of the violation. Most accidental AI PHI entry by a well-intentioned employee begins here, if the organization had a reasonable policy and training program.

$145 – $73,011
per violation
Tier 2
Reasonable Cause

The breach was not negligent but reasonable – e.g. there was a policy but staff were not trained on how it relates to AI tools.

$1,461 – $73,011
per violation
Tier 3
Willful Neglect — Corrected

Leadership knew that staff were using unapproved AI tools with patient data (a known issue) and fixed it in 30 days once it was formally reported.

$14,602 – $73,011
per violation
Tier 4
Willful Neglect — Uncorrected

Leadership was aware of the widespread use of Shadow AI (e.g., from survey data that showed about one in five staff were already using unauthorized AI tools) and did nothing to address it. This is where the largest OCR settlements come from.

$73,011 – $2,190,294
per violation, per category/year
Per Violation Adds Up Fast

These figures are per violation, and a single AI prompt can contain multiple identifiers — each potentially counted separately. A single breach can involve multiple violation categories (privacy, security, breach notification), each penalized separately under 45 CFR §160.404, with combined state attorney general actions sometimes pushing total exposure for a single incident into the tens of millions. The HHS Office for Civil Rights has settled or imposed civil money penalties in 152 cases to date, totaling $144,878,972 — and that's before forensic investigation costs (often $50,000–$500,000+) and breach notification costs.

What To Do Instead

The aim is not to stop AI – clinicians have made it clear they will use it and productivity gains are real. The aim is to make the easy path the compliant path so staff do not have to choose between doing their job efficiently and following the rules.

1
Run a Shadow AI discovery audit before writing any policy
You can't govern what you don't know. The Wolters Kluwer survey showed that nearly one in five healthcare staff are already using unauthorized AI tools – and most of them are not known by IT. Network-level scanning of AI API traffic reveals what self-reporting will never do.
2
Stand up one approved, BAA-covered tool — and make it the path of least resistance
If the only AI tool that is available to your staff is one that has three approval steps and the consumer ChatGPT has zero, your staff will use the consumer ChatGPT. That may be ChatGPT Enterprise with a verified BAA, ChatGPT for Healthcare (if your organization qualifies) or a specialty clinical AI platform – it has to be at least as fast as the alternative.
3
Train on the 18 identifiers specifically — not just "don't share PHI"
Most staff don't think of a license plate number, a treatment date, or a full-face photo as "PHI." Generic privacy training does not address this. Specific, example-based training – such as the annotated note above – fills the gap between what staff think is sensitive and what HIPAA actually considers identifiers.
4
Deploy inline detection at the point of entry — before data leaves
Policy and training do not eliminate risk, they reduce it. The only control that gets to the moment a staff member is about to paste a name, MRN or date of service into an unapproved AI tool is real time inspection at the browser or endpoint level – before the request leaves the building, not after a breach is reported.
5
Maintain an evidence trail — OCR's risk analysis enforcement is expanding
OCR's Risk Analysis Initiative is an active, ongoing enforcement priority, with HHS announcing additional completed investigations under this program in 2026. A documented AI governance program (discovery audit, approved tool rollout, training logs, and detection logs) is the difference between Tier 1 ("did not know, could not reasonably have known") and Tier 4 exposure if an incident happens.
Where Polygra AI Fits

Polygraf AI's Desktop Overlay and Behavioral Control Plane are where the staff actually type – looking at prompts in real time for any of the 18 Safe Harbor identifiers before they are sent to an AI tool, whether or not that tool has a BAA. For approved AI tools, Polygraf enforces that PHI is only sent to covered, BAA-approved endpoints. For everything else, sensitive content is redacted or blocked before it leaves the device. Every detection is logged – creating the exact evidence trail that will separate Tier 1 from Tier 4 if OCR ever asks.

Polygraf AI

Stop PHI From Leaving — Before It's a Violation

Polygraf AI reviews AI prompts at the gate for all 18 HIPAA Safe Harbor identifiers, blocking or redacting PHI before it gets to any AI tool, covered or not BAA. Sub-100ms. On-prem. Full audit trail of every detection.

Request a Demo →
Air-gap ready · HIPAA · SOC 2
Deploys in under an hour

NEWS & More

Insights & Updates from Polygraf.

View all posts

Blog Posts

Shadow AI: What It Is and What to Do About It

67% of employees are using AI tools at work, with minimal to no visibility. Learn what Shadow AI is and how to protect your organization against it.

Blog Posts

HIPAA and AI: ChatGPT with Patient Data

Your medical staff is using ChatGPT with patient and PHI data. Is it HIPAA compliant? Polygraf AI explains how to stay HIPAA compliant when using AI tools.

To learn more about Polygraf, please get in touch.

At Polygraf, we envision a future where AI augments human capabilities without compromising safety, privacy, or ethical standards. Trust in our commitment to building this future with you.

Get Started
Get Started
AICPA SOC Logo
Data Privacy

Data Provenance

Developers

Company

© 2026 Polygraf AI. All rights reserved.

X-twitter Linkedin Facebook Instagram
Log in
Get Started
Products
Sign Up / In
Log in
Sign Up
Book a Demo
Free AI Risk Assessment

thank you

Your download will start now.

Thank you!

Please provide information below and
we will send you a link to download the white paper.