![\"QR](\"https:\/\/www.newsbeep.com\/nz\/wp-content\/uploads\/2025\/09\/app-download-block-qr-code.png\")
<\/p>\nIn 1996, Congress enacted a law to assure Americans that their sensitive personal health data would never be disclosed without their consent.<\/p>\n
Lawmakers had never heard of AI.<\/p>\n
\t\t<\/p>\n
\n\t\t\tDownload the SAN app today to stay up-to-date with Unbiased. Straight Facts\u2122.\t\t<\/p>\n
\n\t\t\tPoint phone camera here\t\t<\/p>\n
Thirty years after passage of the Health Insurance Portability and Accountability Act, known as HIPAA<\/a>, artificial intelligence is disrupting the patient privacy that the law created. Individuals\u2019 health information shared with AI chatbots<\/a> can be stripped of identifying details and sold to everyone from data brokers to pharmaceutical companies.<\/p>\n Now, AI can be used to restore a patient\u2019s identifying data, circumventing HIPAA, a New York University research team found.<\/p>\n HIPAA\u2019s protections \u201care rapidly becoming outdated,\u201d Lavender Jiang, a fifth-year data science PhD student at New York University, told Straight Arrow News. Jiang is part of a team that showed how AI can be used to examine anonymized patient notes to determine an identity.<\/p>\n \u201cWe believe HIPAA needs urgent updates to offer more robust protections against the sale of this data and we should exercise care when handling clinical notes,\u201d Jiang said.<\/p>\n In other words, a specifically trained AI could use health data collected by a doctor\u2019s AI receptionist to render HIPAA protections useless. Experts believe that updates to the law and strict regulations on AI\u2019s use are more needed than ever.<\/p>\n Is AI HIPAA-compliant?<\/p>\n Threats to medical data have long existed. Hackers and data leaks<\/a> have exposed personal, sometimes embarrassing health care data.<\/p>\n But as AI becomes increasingly integrated<\/a> into the health care industry, many people wonder whether AI-powered chatbots and automated receptionists used by doctors protect patients\u2019 private medical data.<\/p>\n Whether HIPAA applies to medical data gathered by AI depends entirely on who is deploying the technology. Providers, organizations and agencies subject to the law\u2019s regulations are known as HIPAA-covered entities.<\/p>\n Those entities include providers such as doctors and psychologists and their clinics or practices. Health plans \u2014 whether from health insurance companies, an employer or the government \u2014 are also covered.\u00a0<\/p>\n More or less, HIPAA applies to any individual or entity that comes into contact with or processes protected health information.<\/p>\n Given that a doctor\u2019s office is a HIPAA-covered entity, protections apply whether sensitive health data has been collected by a human or AI receptionist.<\/p>\n Importantly, however, medical information handed over to chatbots used by companies outside the health care industry do not appear to receive the same protections.\u00a0<\/p>\n Even as companies such as OpenAI and xAI tout the ability<\/a> of chatbots to respond to health-related inquiries, experts warn<\/a> that data protections outlined in terms of service agreements are not the same as those from HIPAA.<\/p>\n De-identifying \u2014 and re-identifying \u2014 data<\/p>\n Regardless of where it\u2019s collected, health data can be altered to remove HIPAA protections. Protected health data is regularly stripped of identifying information, such as a patient\u2019s name, in a process known as de-identification.<\/p>\n De-identified health data can then be sold<\/a> to everyone from data brokers to pharmaceutical companies. This industry, currently valued at over $9 billion, has existed for decades. In the case of the pharmaceutical industry, prescription and insurance information can be purchased to in turn target doctors for marketing purposes.<\/p>\n While such sales may seem trivial given that the data has been anonymized, a team of researchers recently reported on the ease of re-identifying health care information<\/a>, raising serious questions over HIPAA\u2019s validity in the age of AI.<\/p>\n The New York University research team found re-identifying data to be trivial.<\/p>\n In one example they cited in a research paper, de-identified notes from a hospital that only mentioned a pregnant woman who enjoyed horseback riding allowed AI to single out a specific patient \u2014 correctly inferring the patient\u2019s gender, socioeconomic class and the type of neighborhood she lived in.<\/p>\n