menu_open Columnists
We use cookies to provide some features and experiences in QOSHE

More information  .  Close

AI's privacy tipping point: Why America needs a HIPAA for chatbots

5 0
24.02.2026

Sign Up Account Profile Log Out

Newsletters Morning Report 12:30 Report Evening Report Business Defense Health Care Technology Newsletter Energy & Environment Whole Hog Politics The Gavel The Movement

Technology Newsletter

NEWS Senate House Administration Courts Future America Media Campaign News Education In The Know Latino LGBTQ DC News Race & Politics State Watch Print Edition People in the News

POLICY Defense Health Care Energy & Environment Technology Transportation International Cybersecurity National Security Space Sustainability

BUSINESS Budget Taxes Personal Finance Lobbying

OPINION Columnists Congress Blog All Contributors Opinions – Campaign Opinions – Civil Rights Opinions – Criminal Justice Opinions – Cybersecurity Opinions – Education Opinions – Energy and Environment Opinions – Finance Opinions – Healthcare Opinions – Immigration Opinions – International Opinions – Judiciary Opinions – National Security Opinions – Technology Opinions – White House Submit Opinion Content

All Contributors Opinions – Campaign Opinions – Civil Rights Opinions – Criminal Justice Opinions – Cybersecurity Opinions – Education Opinions – Energy and Environment Opinions – Finance Opinions – Healthcare Opinions – Immigration Opinions – International Opinions – Judiciary Opinions – National Security Opinions – Technology Opinions – White House

Opinions – Civil Rights

Opinions – Criminal Justice

Opinions – Cybersecurity

Opinions – Energy and Environment

Opinions – Healthcare

Opinions – Immigration

Opinions – International

Opinions – National Security

Opinions – Technology

Opinions – White House

Submit Opinion Content

EVENTS Upcoming Events About

Sign Up Account Profile Log Out

Live updates: State of the Union

Trump approval rating

Content from Google Cloud

US forces board third oil tanker in Indo Pacific tracked from Caribbean to Indian Ocean Defense | 2 minutes ago

Opinion John Quincy Adams’s State of the Union rebuttal is a model worth reviving Opinions - White House | 5 minutes ago

Olympian says members of US men’s hockey team will attend Trump State of the Union Media | 14 minutes ago

Democrats select their ‘designated survivor’ for State of the Union address House | 21 minutes ago

House Democrat on State of the Union boycotts: Trump ‘has had total disregard for Congress’ House | 34 minutes ago

Opinion AI’s privacy tipping point: Why America needs a HIPAA for chatbots Opinions - Technology | 35 minutes ago

Most say Trump becoming more erratic: Survey Administration | 40 minutes ago

Senate Democrat: Patel at Olympics ‘continuation of amateur hour’ Administration | 54 minutes ago

AI’s privacy tipping point: Why America needs a HIPAA for chatbots

A federal judge just confirmed it: Your AI conversations are not private. 

On Feb. 10, the Southern District of New York ruled that a defendant’s AI chatbot conversations are not protected by attorney-client privilege, even after he shared them with his lawyers. He assumed the conversation was confidential. But the chatbot’s privacy policy permits disclosure to government authorities. 

That ruling should alarm every American who has ever typed something personal into a chatbot.

OpenAI’s research confirms that’s most of us — nearly three-quarters of all ChatGPT conversations are personal, not work related. Forty million people ask ChatGPT health questions every day, checking symptoms at two in the morning, asking about medications and diagnoses, navigating insurance claims. Seven in ten of those health conversations happen outside clinical hours.

No diary never had a privacy policy. Confessionals never had terms of service. But that’s what these conversations are governed by, if they are governed by anything at all.

My mother is a cancer survivor. If she had typed her symptoms into a chatbot before her diagnosis, that conversation would have no privilege, no HIPAA protection, and no barrier between the prompt and a subpoena. AI does not need to be sentient to be dangerous; it just needs to be in the room when you say something you thought was private. 

Every generation gets a technology that outruns the instinct for privacy. In 1888, Kodak put a camera in the hands of amateurs and created the crisis that gave us American privacy law. A century later, Steve Jobs put a camera, a microphone, and a GPS tracker in more than 3 billion pockets. Both times, the technology moved first and the law caught up.

But once, the law got there early. In 1996, Congress passed HIPAA when most medical records were still on paper. The law looked like a solution searching for a problem. Then the federal government pushed healthcare to go digital. Every diagnosis, every prescription, every clinical note became electronic, portable and vulnerable overnight. If HIPAA had not already been in place, the most intimate details of every American’s health would have been exposed during the largest data migration in the history of medicine.  

The data migration is already happening. Americans are sharing their most private thoughts with commercial platforms, outpacing the adoption of the internet and the personal computer. And there is no framework, no federal standard. No HIPAA for the conversations Americans are having with machines they believe are listening in confidence. 

The Heppner privilege ruling is not an isolated case. It’s the latest in a pattern that has been accelerating for months.

Last November, a major San Diego health system was hit with a class action alleging it used an AI ambient listening tool to record more than 100,000 patient encounters without consent. Everything said in the exam room had been captured and sent to a vendor’s servers. Charts allegedly documented that patients “consented.” They say they never did.  

AI scribes are giving doctors back the conversation that technology has been stealing for decades. Less typing during visits, less charting in pajamas after the kids go to bed. These tools will succeed if Americans can trust them. But trust is not built in a term of service agreement that nobody reads.

America needs today what it needed in 1996: a federal standard that arrives before the catastrophe, not after. It needs HIPAA but for AI — national rules treating prompt data as private by default. It needs meaningful informed consent in plain language, required before any AI tool records or processes a conversation.

No, it doesn’t need a checkbox at the bottom of a 40-page privacy policy — it needs actual notice and understanding for when conversations are no longer private. A breach disclosure must be required when those protections fail. Clear definitions are needed of of which platforms are covered, which data is protected, and what enforcement looks like when the rules are broken. 

Congress had a chance to start building that framework during consideration of the One Big Beautiful Bill Act. Instead, legislators proposed a 10-year moratorium on state AI regulations without preempting them with anything federal. That moratorium was rejected. What remains is a regulatory vacuum. Every state draws its own lines. No two of them match. Principles without law are suggestions. And suggestions do not survive a courtroom.

Forty million people are asking these machines their most personal questions every single day, and there is not a single comprehensive federal law that protects the answers. The road is already crowded. Washington has not posted a single speed limit.

Bryan Rotella is a lawyer and legal strategist.

Copyright 2026 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

More Opinions - Technology News

Gorsuch takes aim at fellow Supreme Court justices in tariff decision

Hegseth says he’ll order random pizzas to throw off monitoring app

France bars US ambassador Kushner from meeting government officials  

White House plays hardball with Democrats over DHS shutdown

Democratic leaders scrambling to prevent repeat of last year’s rowdy State of ...

Democrats prepare to protest Trump State of the Union: What to know

Here’s how Trump’s polling has changed since last year

Republicans eye opening for DHS deal this week as Democrats double down

Senate Democrat: Trump has ‘no intention of following’ Constitution on ...

GOP set for internal battle over Supreme Court tariff ruling

Trump puts Iran’s leader in double bind: Capitulation or risk of war

GOP members call on Tony Gonzales to resign over alleged affair

Former FBI official: Patel Olympics appearance sends ‘horrible’ message to ...

Senate Democrats unveil proposal to discourage private equity ownership of homes

Trump administration ending collections on tariffs deemed illegal

Texas GOP Senate candidate: ‘It’s time for the next generation of American ...

Most say Trump becoming more erratic: Survey

Democrats select their ‘designated survivor’ for State of the Union address

The Hill Podcasts – Morning Report

2024 Election Results

2024 Election Forecast

Regulation - Administration

Energy & Environment Video Clips

Health Care Video Clips

Technology Video Clips

Transportation Video Clips

International Video Clips

Cybersecurity Video Clips

National Security Video Clips

Contributors to The Hill

Submit Opinion Content

PRIVACY POLICY 09/30/2025

Advertise with Nexstar

Journalistic Integrity

THE HILL 400 N CAPITOL STREET NW, SUITE 650 WASHINGTON DC 20002

© 1998 - 2026 Nexstar Media Inc. | All Rights Reserved.

Provided by Nexstar Media Group, Inc.

Sign in to create a free account. No password needed.

By clicking on any of the sign up options below, you confirm that you have read and agree to our Terms of Use, which includes a jury trial waiver and class action waiver, and that you have read our Privacy Policy detailing our collection, use and sharing of your personal information.

By clicking on any of the sign up options below, you confirm that you have read and agree to our Terms of Use, which includes a jury trial waiver and class action waiver, and that you have read our Privacy Policy detailing our collection, use and sharing of your personal information.

The Hill is provided by Nexstar Media Group, Inc., and uses the My Nexstar sign-in, which works across our media network.

Learn more at nexstar.tv/privacy-policy.

The Hill is provided by Nexstar Media Group, Inc., and uses the My Nexstar sign-in, which works across our media network.

Nexstar Media Group, Inc. is a leading, diversified media company that produces and distributes engaging local and national news, sports, and entertainment content across its television and digital platforms. The My Nexstar sign-in works across the Nexstar network—including The CW, NewsNation, The Hill, and more. Learn more at nexstar.tv/privacy-policy.

Provided by Nexstar Media Group, Inc.

Check your email inbox

Provided by Nexstar Media Group, Inc.

Thanks for registering!

Provided by Nexstar Media Group, Inc.

Are you sure you want to log out?


© The Hill