"Is It Safe to Entrust Medical Information to ChatGPT?" The Reality of Privacy Presented by the "Health" Feature

1) The Moment "Health Advisor" is Replaced by an App

"Unable to explain symptoms well," "Afraid to face test result numbers," "Insurance and paperwork are too complicated"—there are countless stumbling blocks at the entrance to healthcare beyond just physical condition. When a "conversational AI" appears, people can suddenly feel a weight lifted off their shoulders.

The Verge highlighted precisely this psychological gap. OpenAI states that a vast number of health and wellness consultations are conducted weekly, and with users feeling that AI is a "guide through the maze" or an "ally," they are pushing forward the more specialized "ChatGPT Health." However, the core of the article is this— the more it feels like a "doctor's office," the easier it is for people to mistakenly believe they have the same protection as in healthcare. But the reality is different.

2) What is the Function of ChatGPT Health?

ChatGPT Health provides a specialized area focused on health and wellness conversations, aiming to offer more "contextual" responses by connecting medical records and various app information as needed. OpenAI clearly states the possibility of users inputting, uploading, or linking sensitive content such as medical records, test results, prescription information, heart rate, sleep, step count data, and symptoms or medical history.

Importantly, "Health has its own memory function." In health conversations, it can provide more "appropriate" suggestions based on past consultations and information from linked apps. Behind the convenience, an individual's health profile can be more comprehensively accumulated.

3) The Main Reason for Feeling "Protected" is the Strength of "Corporate Words"

The Verge emphasizes that this is not a medical institution. Obligations and strong enforcement (sanctions for violations) like those of healthcare providers may not apply in the same way. Therefore, what users rely on are the "promises" written in terms of use and privacy policies.

OpenAI has at least outlined the following framework regarding Health.

• Not Used for Learning (Foundation Model Improvement) in Principle: By default, Health content is not used for foundation model improvement.

• However, There is Room for "Potential Access": For purposes such as improving safety, authorized personnel or contractors may access Health content (also related to user settings).

• Disclosure for Outsourcing and Legal Compliance: Disclosure to operational contractors (hosting, support, etc.) and further disclosure for legal obligations or rights protection may occur.

• "Third-Party Partners" for Connecting Medical Records: It is specified that electronic medical record integration uses third-party partners (b.well).

• Explicitly States "Not for Sale": It is stated that personal data obtained through Health will not be sold.

• Future Updates: Notices may be updated.

Here arises the "trust in words" issue The Verge mentions. Even if promises are a step forward, without legally equivalent binding and oversight, ultimately, it remains a gamble of "believe or not believe."

4) Another Pitfall: "Names Are Too Similar Issue"

The Verge specifically warns about the similarity in timing and naming between consumer-oriented ChatGPT Health and the healthcare and enterprise-oriented ChatGPT for Healthcare. It is reported that confusion occurred even during interviews.

In OpenAI for Healthcare for enterprises, the handling of patient data, audit logs, encryption key management, and contracts to support HIPAA compliance (BAA) are highlighted, with a design to "place under organizational control."

 
On the other hand, the consumer-oriented Health has different premises, even though it is also about "health." If this is misunderstood, only the expectation that it is "protected like a medical institution" will run ahead.

5) The Risk is Not Just Privacy. The "Medical-Like Feel" Breeds Overconfidence

The Verge touches on "healthcare as a regulated industry," pointing out the danger of chatbots confidently returning misinformation in a field where errors can be fatal. There are reported cases where incorrect suggestions led to health damage.

Moreover, the tricky part is the coexistence of the disclaimer **"Not for diagnostic or treatment purposes" and the "practically medical-like use" such as "can be used for interpreting test results and organizing treatment decisions."** The user's experience becomes a "medical consultation," and the more polite and personal the AI's response, the more the presence of the disclaimer fades.

6) Reactions on SNS: While Rejection is Prominent, "Convenience is Convenient" Does Not Disappear

This topic has elicited quite straightforward reactions on SNS.

"Absolutely Not" Group (Strong Rejection)

On Reddit, there are numerous short rejections, with phrases like "Oh hell naw," "Absolutely not," and "Nope nope nope…" standing out as immediate refusals.

 
In the same thread, there are many expressions of distrust, such as "It looks like consent for data collection" and "Leakage is scary."
On Bluesky, sarcasm like "Are we offering up medical privacy for dangerously uncertain medical advice?" spread.
On Mastodon, posts with the sentiment "There are many services where you shouldn't connect medical records, but AI chatbots rank high" can be seen.

"Feels Like an Ad/Lack of Explanation" Group (Doubts About the "Selling Method")

On Hacker News, there are opinions like "This trend feels like an advertisement" and "Shouldn't they be sued if they cause misunderstanding?" as well as indications that privacy settings are unclear "per chat."

 
In short, before the functionality itself, there is doubt about whether "the selling method allows users to correctly recognize the risks."

"Beneficial Depending on Use" Group (Practical Utilization)

On the other hand, on Reddit, there are voices saying, "It is useful as an aid in interpreting test results and images. It can help organize materials for consulting a doctor."
This group views it as an information organization tool, with the premise of "not using AI as a substitute for a doctor." However, whether everyone can adhere to that premise is another issue.

7) So, If You're Going to Use It, How? (Practical Checklist)

It's easy to say "don't use it," but in reality, many people are "already using it." Therefore, you should have at least a minimum line of demarcation.

• Avoid Handing Over Medical Records Completely: Start by trying with "anonymized and summarized information." Be cautious with diagnosis names, hospital names, patient IDs, and images themselves.

• Understand the Scope of "Linked Apps/Third Parties": Health is premised on external app integration, and third-party partners are involved in medical record integration. The terms of the connection destination are different.

• "Not Used for Learning" is Not a Universal Card: Not using it for learning and the possibility of access/disclosure for operation, safety, or legal response coexist.

• Do Not Replace "Diagnosis/Treatment Decisions": Limit AI suggestions to question lists and issue organization for taking to a doctor.

• Do Not Confuse: The framework for medical institutions (HIPAA support, BAA, etc.) and the premise of consumer-oriented Health are different.

8) Conclusion: The More Convenient It Becomes, the More Important "Boundaries" Become

To summarize The Verge's argument in one sentence, "Do not mistake 'medical-like experience' for protection equivalent to healthcare."
While ChatGPT Health has the potential to assist in understanding and preparing health information, the data it handles is too heavy. The strong rejection reaction on SNS is likely because "irreversibility" is imagined before "convenience."

Ultimately, the questions we face are not "Is AI smart?" but "Is this service fulfilling its accountability to earn healthcare-level trust?" and "How much am I willing to offer?" In an era where convenience pulls us, it's necessary to "draw the line" ourselves.

Source

• The Verge (Risks of Sharing Medical Information with ChatGPT Health, Regulation and Confusion Issues, Expert Comments)
  https://www.theverge.com/report/866683/chatgpt-health-sharing-data

• OpenAI (Health Privacy Notice: Scope of Data Collected by Health, Purpose of Use, Outsourcing and Legal Disclosure, b.well Integration, Non-Sale Policy, Notice Updates)
  https://openai.com/policies/health-privacy-policy/

• OpenAI (OpenAI for Healthcare: Positioning for Medical Institutions and Enterprises, HIPAA Compliance Support, BAA, Data Management Approach)
  https://openai.com/index/openai-for-healthcare/

• EPIC (Privacy Advocacy Group's Perspective: Comments on the Absence of Comprehensive Privacy Laws and Risks of Sharing Medical Records)
  https://epic.org/the-record-chatgpt-health-feature-draws-concern-from-privacy-critics-over-sensitive-medical-data/

• Reddit (Examples of SNS Reactions: Discussions on Rejection Reactions, Leakage Concerns, and Some Affirmations of Utilization)
  https://www.reddit.com/r/technology/comments/1q6rzvb/openai_launches_chatgpt_health_encouraging_users/

• Hacker News (Examples of SNS Reactions: Doubts About the Selling Method, Misunderstanding Risks, and the Unclear Privacy Settings)
  https://news.ycombinator.com/item?id=46541593

• Mastodon (Examples of SNS Reactions: Posts Showing Strong Caution Against Medical Record Integration)
  https://mastodon.social/@mcnees/115861784220083271

• Bluesky (Examples of SNS Reactions: Posts Satirizing Medical Privacy and the Uncertainty of AI Advice)
  https://bsky.app/profile/i-rohl.bsky.social/post/3mbvhxdpwtc2g

• The Guardian (Examples of Reports Highlighting the Dangers of AI Advice in the Health Sector: Concerns About Lack of Regulation)
  https://www.theguardian.com/technology/2026/jan/15/chatgpt-health-ai-chatbot-medical-advice