Artificial intelligence (AI) major and ChatGPT maker OpenAI on 8 January announced its “OpenAI for Healthcare” set of products aimed at helping organisations “deliver more consistent, high-quality care for patients—while supporting their HIPAA compliance requirements”.
The products include two offerings — ChatGPT for Healthcare and OpenAI API. Notably, the company claims that both of its offerings are compliant with United States’ Health Insurance Portability and Accountability Act (HIPAA) of 1996, which ensures privacy and disclosure protections to patients.
“Advances in models have significantly improved AI’s ability to support real-world clinical and administrative work, like helping clinicians personalize care using the latest evidence. OpenAI for Healthcare helps close that gap by giving organizations a secure, enterprise-grade foundation for AI—so teams can use the same tools to deliver better, more reliable care, while supporting HIPAA compliance,” it stated.
What is HIPAA? Why is it important?
According to the US Centers for Disease Control and Prevention’s (CDC) official website, HIPAA establishes federal standards protecting sensitive health information from disclosure without patient’s consent.
Besides this, the act also covers health insurance coverage for workers, national standards for electronic healthcare transactions, guidelines for pre-tax medical spending accounts, guidelines for group health plans, and oversees company-owned life insurance policies.
The rules — HIPAA Privacy Rule and HIPAA Security Rule — have been issued by the US Department of Health and Human Services (US HHS) to protects patient information as per HIPAA requirements, it added.
What are the exceptions to HIPAA compliance?
According to the US CDC, the law permits disclosure without individual’s authorisation, for the following situations:
How is OpenAI ensuring compliance of its AI products with HIPAA?
OpenAI in its announcement blogpost said that its products allow clients to access management and governance through a centralized workspace with role-based access controls and organization-wide user management. “This gives healthcare organizations the governance and visibility they need to deploy AI across clinical, administrative, and research teams,” it stated.
Further, in terms of data control and support for HIPAA compliance, the company said that patient data and PHI remain under an organisation’s control, “with options for data residency, audit logs, customer-managed encryption keys, and a Business Associate Agreement (BAA) with OpenAI to support HIPAA-compliant use”.
It added, “Content shared with ChatGPT for Healthcare is not used to train models.”
