A quick note before you start your day. Think twice before uploading your personal medical data to an AI chatbot.
People frequently rely on generative AI chatbots like OpenAI's ChatGPT and Google's Gemini to ask questions about medical concerns and better understand their health conditions. For example, some people rely on questionable apps that use AI to determine if a person's genitals are free of disease. And most recently, since October, users of social media site
Health data is a special category with federal protections, and in most cases, only you can choose to avoid it. But just because you can doesn't mean you should. Security and privacy advocates have long warned that sensitive data uploaded can be used to train AI models, putting private and sensitive information at risk of being exposed in the future.
Generative AI models are often trained based on received data, with the assumption that the uploaded data helps build the information and accuracy of the model's output. However, it's not always clear how the uploaded data is being used, for what purpose, or with whom the data is shared, and companies can change their minds. You should pretty much take the company's word for it.
People are finding their personal medical records in AI training datasets. That means anyone can find you, including healthcare providers, potential employers, and government agencies. Additionally, most consumer apps are not subject to the U.S. health privacy law HIPAA, so the data you upload will not be protected.
In a post, X owner Elon Musk encouraged users to upload medical images to Grok, saying that while Grok's results are “still in the early stages,” the AI model “will be very good. “I guess so,” he admitted. By asking users to send medical images to Grok, the idea is that the AI model will improve over time and be able to interpret medical scans with consistent accuracy. It is not clear who has access to this Grok data. As noted elsewhere, Grok's privacy policy states that X shares some users' personal information with an unspecified number of “affiliated” companies.
It's good to remember that what's on the internet never leaves the internet.