[as300]

What's the difference between entering in an anonymized patient history into ChatGPT and, say, googling their symptoms?

[woodson]

Anonymization doesn’t just mean “leave their names out”. An entire patient's medical history is in itself personal identifiable information. Instead of googling for “headache”, they now have stored a copy of every medical detail in your life.

[dragonwriter]

If it is de-identified per HIPAA, little.

OTOH, the more patient info you are putting in, the less likely it is actually legally deidentified.

[pmoriarty]

Data that has ostensibly been "anonymized" can often be deanonymized.

[Gene_Parmesan]

Especially when the system we're discussing is literally the most advanced AI model we're aware of.

[mliker]

if you enter an entire patient history, it could easily be an identifier of the person whereas Google queries have a smaller max limit number of tokens

[msikora]

Can OpenAI get HIPAA certification? Perhaps offer a product that has it?

[gigel82]

I've heard the Azure OpenAI service has HIPAA certification; they don't have GPT-4 yet, though.

[Godel_unicode]

The pdf on this page has the services that are under audit scope, check the table in appendix A; OpenAI is in scope for HIPAA BAA.

[parentheses]

The data moat effect is greater with OpenAIs products.