AI HEALTH · CHATGPT · PRIVACY · OWN YOUR DATA

Is It Safe to Upload Your Health Records to ChatGPT?

There is no universal yes-or-no answer. Uploading a health record to ChatGPT means trusting a specific ChatGPT product, your current settings, its retention rules, your account security, and the accuracy of the resulting answer. Those conditions differ between a regular personal chat, the dedicated Health space, and a business or API workspace.

Before uploading anything, identify which surface you are using, open its current data controls, remove information the task does not require, and decide how you will delete both the chat and any separately stored file. If you cannot verify those conditions, do not upload the record.

This is privacy and record-handling guidance, not a security guarantee or legal advice. It also does not make an AI answer clinically reliable. Use AI to organize information and prepare questions, then check important details against the source record and a qualified clinician.

The 30-second answer

Use this distinction first:

  • Regular ChatGPT in a personal workspace: OpenAI says content submitted to individual services may be used to improve models depending on the user's settings. Personal Free, Plus, and Pro users can turn off "Improve the model for everyone" for new conversations. Temporary Chat is not used for training, does not appear in history, and does not create memories, but it is still retained for up to 30 days and may be reviewed for abuse monitoring. Review the current consumer data-use guidance and Data Controls FAQ in your own account before sharing.
  • ChatGPT Health and Health Connect: These consumer Health Features have different defaults. OpenAI says medical records and health data connected through Health Features, conversations in ChatGPT Health, and conversations with Health Connect enabled are not used by default to improve its foundation models. Health information is not used for ads. Connections are managed through Health, but a June 29, 2026 update lets some early users authorize connected data in other ChatGPT conversations. Read the current Health help page and Health Privacy Notice before treating those controls as applicable to your account.
  • Business, Enterprise, Healthcare, Edu, or API: OpenAI says it does not use organization inputs or outputs for training by default. Retention, admin controls, and contractual terms vary by offering. A business plan is not automatically a HIPAA arrangement; OpenAI says Business Associate Agreements are available for eligible ChatGPT for Healthcare and API customers. Check your organization's contract and settings rather than borrowing assumptions from a consumer account. See OpenAI's current business data page.

The product name alone is not enough. Confirm the exact workspace and feature shown on screen.

Decision map comparing the controls to check before sharing a health record in a regular ChatGPT chat outside Health Features, in Health Features, or in an organization workspace or API.
Identify the surface first, then minimize the record, keep the source, verify the output, and remove uploaded copies you no longer need where controls permit.

Start with the job, not the file

Do not begin by uploading a complete PDF. Begin with the smallest useful job:

  • Copy exact values into an appointment note.
  • Compare the same marker across dated reports.
  • List missing context before a clinician visit.
  • Turn a report into questions without asking for a diagnosis.

The companion guide on what to give ChatGPT before asking about lab results shows how to preserve test names, values, units, report ranges, collection dates, sources, medications, and the question you want answered. A broader new-doctor health summary is useful when the job involves more than one report.

Once the job is clear, decide whether you need a whole document at all. A typed subset may be enough. If the layout matters, a cropped page may be enough. If a complete longitudinal history is genuinely necessary, pause and review the larger privacy and retention consequence before sharing it.

What happens in a regular personal chat

For personal ChatGPT services, OpenAI's current documentation says prompts, responses, images, and files may be used to improve model performance depending on user settings. Turning off "Improve the model for everyone" keeps new chats in history but excludes them from model training. That control does not mean the chat is not stored, cannot be accessed for the limited purposes described in the policy, or is deleted automatically.

Temporary Chat changes several things at once: it does not appear in history, does not use or create memories, and is not used for training. OpenAI still says Temporary Chats are automatically deleted from its systems within 30 days and may be reviewed for abuse monitoring. "Temporary" therefore does not mean "never retained."

File handling needs a separate check. OpenAI's current chat and file retention policy says files uploaded during a conversation may be saved to Library when that feature is available. Chat and Library files are managed separately, so deleting the chat does not delete a file saved in Library. Files attached to a custom GPT or project also follow that container's lifecycle.

Practical conclusion: for an ordinary personal chat, verify training, memory, history, file storage, and deletion separately. One privacy toggle does not answer all five questions.

What is different about ChatGPT Health and Health Connect

ChatGPT Health is a dedicated consumer space, and Health Connect controls how connected records can inform a conversation. OpenAI's current help page starts with a June 29, 2026 update that changes part of the original launch behavior. Use that current update rather than assuming every account works like the older FAQ farther down the same page.

  • Medical Records and Apple Health connections are set up and managed through Health.
  • Some early users can authorize connected health data for use in any ChatGPT conversation, not only a conversation opened from the Health sidebar.
  • OpenAI says it asks for permission each time it intends to use medical records unless the user changes that control to always allow access.
  • Medical records and health data connected through Health Features, conversations in ChatGPT Health, and conversations with Health Connect enabled are not used by default to improve foundation models.
  • OpenAI says Health information is not used for ads and ads are not shown in Health.
  • Medical-record connections are U.S.-only at launch and available to eligible users as access rolls out.
  • Users can disconnect an account; OpenAI says synchronized connected data is deleted from its systems within 30 days after disconnection.

Those are meaningful distinctions, but they are not a promise that no person or service provider can ever access the data. OpenAI's Health Privacy Notice says a limited number of authorized personnel and trusted service providers may access Health data for model-safety work unless the user opts out through the available control. It also says Health Features are available only to certain users and that data practices outside Health Features follow the ordinary Privacy Policy.

If you use connected data in an ordinary conversation, confirm that Health Connect is enabled for that request and review the permission shown. Disconnecting a source stops future access, but OpenAI says it does not automatically remove information already referenced in Health chats or memories; delete those items separately.

HIPAA is a scope question, not a safety badge

HIPAA does not cover every company that handles health information. HHS says the HIPAA Rules apply to covered health plans, health care clearinghouses, covered health care providers, and their business associates. If an entity is neither a covered entity nor a business associate, it does not have to comply with the HIPAA Rules. See HHS's current overview of covered entities and business associates.

The relationship matters. HHS explains that an app selected by a patient to receive the patient's records does not become a business associate merely by facilitating that request. If the app instead handles information on behalf of a covered provider, a business-associate relationship may exist. The HHS guidance on health apps and patient-directed access describes that distinction.

Not being covered by HIPAA does not mean there are no privacy obligations. The FTC's Health Breach Notification Rule can apply to vendors of personal health records, related entities, and service providers outside HIPAA. The FTC says the 2024 amendments make clear that health apps, connected devices, and similar products may be covered, and that an unauthorized disclosure can be a breach, not only a cyberattack. See the FTC's current Health Breach Notification Rule guidance.

For ChatGPT specifically, OpenAI says consumer Health products do not use HIPAA Business Associate Agreements, while eligible ChatGPT for Healthcare and API customers can obtain a BAA. Do not collapse those different offerings into the single HIPAA compliance label.

Removing the header helps, but it does not anonymize the record

A lab report can include your name, address, date of birth, phone number, medical-record number, account number, insurance identifier, provider, exact dates, and a detailed clinical history. Remove direct identifiers that the task does not require, but do not describe the result as anonymous.

HHS's formal de-identification guidance uses either Expert Determination or a Safe Harbor process that removes specified identifier categories and requires no actual knowledge that remaining data can identify the person. HHS also notes that properly de-identified data retains a small, non-zero identification risk. Cropping a name from a PDF is useful data minimization, not formal de-identification.

For a lab question, consider removing:

  • Name, street address, email, and phone number
  • Date of birth and insurance identifiers
  • Medical-record, accession, and account numbers
  • Barcodes, QR codes, signatures, and portal screenshots that expose navigation or account details
  • Unrelated diagnoses, medications, and encounter notes

Keep facts the task genuinely needs, such as the exact test name, value, unit, report reference range, collection date, and source lab. If an exact date is not needed, use a month or sequence label instead. If changing the date would make a trend less reliable, keep it and accept that you are sharing more identifying context.

Use a before-and-after checklist

Before sharing:

  1. Confirm whether you are in regular ChatGPT, Health, or an organization workspace.
  2. Open the current training, memory, history, app, and file controls. Do not rely on a screenshot from an old article.
  3. Enable multi-factor authentication on the account.
  4. Define the smallest useful task and share only the necessary record slice.
  5. Remove unnecessary direct identifiers and review every page, image, barcode, header, and footer.
  6. Keep the original report in a source of truth you control.
  7. Write down how to delete the chat, any Library file, saved memory, connected app, or project involved.

After sharing:

  1. Check every copied value, unit, range, and date against the original.
  2. Treat summaries and questions as drafts, not diagnoses or treatment instructions.
  3. Delete what you no longer need from each storage location, not only the chat sidebar.
  4. Disconnect apps or records you do not want available for future requests.
  5. Revisit settings before the next upload because product controls can change.

Where Libby fits, and where it does not

A patient-controlled health record can keep the original files and structured history separate from any one AI conversation. That lets you review a smaller export instead of rebuilding context from a raw portal download every time.

Libby's MCP connector also offers read-only tools for supported ChatGPT and Claude clients. "Read-only" has a narrow meaning: the connector can retrieve markers, histories, and reports but cannot modify the Libby record. It does not mean the returned data stays inside Libby. Tool results are sent to the AI client you authorize and are then subject to that provider's controls and policies. Review the current MCP connector documentation and the Libby MCP guide before connecting it.

Libby is therefore a source-of-truth and sharing-control layer, not a privacy shield for ChatGPT. It helps you preserve the record, choose a workflow, and revoke connector access. It cannot make an AI provider's retention terms or outputs risk-free. For the practical prompt workflow, continue with the guide to using lab results with ChatGPT and Claude.

FAQ

Is it safe to upload a medical record to regular ChatGPT? It depends on your settings, what the record contains, and what risk you accept. For a personal workspace, verify whether model improvement is enabled, whether memory is active, whether the file will be saved to Library, and how deletion works. Share the minimum necessary and do not treat Temporary Chat as zero retention.

Does ChatGPT train on health records I upload? The answer depends on the product. OpenAI says content in regular personal ChatGPT may be used to improve models depending on settings. It says connected medical records and health data, ChatGPT Health conversations, and conversations with Health Connect enabled are not used by default to improve foundation models. It also says organization data in Business, Enterprise, Healthcare, Edu, and API offerings is not used for training by default.

Is Health in ChatGPT covered by HIPAA? OpenAI says its consumer Health product does not use HIPAA Business Associate Agreements. HIPAA applies based on the entities and relationships involved, not because information is medically sensitive. OpenAI separately offers BAAs for eligible ChatGPT for Healthcare and API customers.

Does deleting a ChatGPT conversation delete the uploaded file? Not always. OpenAI says deleting a chat schedules that chat for deletion within 30 days, subject to stated exceptions. If an uploaded file was saved to Library, chat and file deletion are separate. Files in projects or custom GPTs follow the lifecycle of those containers. Check all storage locations shown in your account.

Is removing my name enough? No. Removing a name reduces direct exposure, but dates, record numbers, addresses, rare events, and free-text history can still identify someone. Share only the context needed for the task and call it data minimization, not anonymization.

References


Educational content, not medical, legal, or security advice. AI tools can make mistakes and are not a diagnosis or treatment plan. Check important medical information against the original record and a qualified health professional.

Educational content, not medical advice.Libby is a personal record tool, not a medical service — it doesn't diagnose, treat, or prescribe. Reference ranges vary by lab and by person. Talk to a qualified healthcare professional about your results.

Every lab you've ever taken, on one timeline.

Libby imports your lab PDFs, reconciles the units, and tracks every marker over the years — yours to own and export, ready for a conversation with a clinician or AI.

Start your record ›
← All articles