Paubox Weekly: Will OpenAI sign a BAA? And how do they handle PHI?

Today’s Paubox Weekly is 443 words - a 3 minute read.

1. Will OpenAI sign a BAA?

OpenAI, the creator of the artificial intelligence (AI) language model ChatGPT, is revolutionizing how businesses operate. And that includes healthcare organizations.

Why it matters: Healthcare providers handling protected health information (PHI) must comply with HIPAA regulations, which require covered entities to sign a BAA with vendors.

So, will OpenAI sign a BAA?

2. Safeguarding PHI in ChatGPT

If you input PHI into ChatGPT, it’s unlikely to appear in an answer to another user, but not impossible.

Why it matters: ChatGPT uses inputted conversations to improve its responses, particularly in specialized fields like healthcare. And that might include PHI.

It depends on what type of account you have

3. BetterHelp fined $7.8M and banned from sharing sensitive data

Online therapy provider BetterHelp faced the consequences of sharing users' sensitive mental health information with third parties for advertising purposes.

What happened: BetterHelp used targeted advertising to boost revenue by leveraging consumers' sensitive information. This allowed companies like Facebook to use the information for their own internal purposes.

The FTC stepped in        

4. Are IP addresses PHI?

With the growth of tracking technologies on healthcare websites and mobile apps, understanding the relationship between IP addresses and PHI is critical.

Why it matters: The use of tracking technologies on healthcare websites and mobile apps can lead to the collection and disclosure of a wide range of information, some of which may be considered PHI under HIPAA regulations.

Yes. Sometimes. It depends.

        
5. Are lawyers considered business associates?

When casework contains PHI, and the client is a covered entity, the attorney may be considered a business associate. 

Why it matters: In 2023, a New York law firm agreed to pay a $200,000 settlement after failing to protect clients' personal data. And they're not the only ones.

Better safe than sorry

Community links

• Understanding medical record retention requirements by state. Link
• How therapists can use email to keep patients on track during therapy. Link
• Encouraging treatment plan adherence: Strategies for mental health professionals. Link

March HIPAA breach report

• Network server breaches affected 5,212,484 individuals.
• Email breaches were the second most common breach with 285,174 affected.
• Electronic medical record breaches affected 13,732 people.

Read the full Breach report

Good reads from around the web

• Is your users' health data being leaked through your adtech? Link
• Uber Health expands same-day prescription drug delivery. Link
• AWS announces healthcare workforce accelerator cohort. Link
• How the EU's new data laws could affect American health tech companies. Link
• How Mindbloom's CEO sees the future of psychedelic mental health. Link

Get featured on Paubox

Do you have strong opinions about the healthcare industry? Do you have ideas other healthcare professionals will find interesting?

Email us and let's talk about it.