As generative artificial intelligence (GenAI) tools such as ChatGPT, Bard and Bing Chat become more widely available, HonorHealth recognizes both the potential benefits and the significant risks they present – particularly in healthcare.

While GenAI tools can improve productivity, they also pose serious data privacy and security risks. Last week, HonorHealth blocked access to ChatGPT due to an increasing number of incidents involving the unauthorized input of protected health information (PHI) – a violation of HIPAA and our internal confidentiality policies.

Please remember:

• Any information submitted to public GenAI tools is not private. Questions entered, along with the GenAI responses, may be improperly stored, viewed by others and used to further train the tool.
• GenAI tools are not always accurate. They may produce plausible sounding, but false or misleading content.
• Entering PHI or confidential business information into any external GenAI tool is strictly prohibited. This includes patient data, team member records or any proprietary organizational information.

Our goal is to support the use of innovative technologies in a way that improves workflows and keeps our data safe. We want to emphasize that this action doesn’t reflect a rejection of GenAI innovation; rather, it reinforces our commitment to safe, ethical and HIPAA-compliant usage.

Our Information Security, IT and Analytics teams are actively:

• Developing and piloting internal GenAI tools that are secure and privacy-aware, using enterprise data protections.
• Evaluating enterprise-grade GenAI platforms that meet healthcare regulatory requirements and can be used safely across the organization.
• Establishing clear policies and guidelines to enable responsible use of GenAI by team members while protecting patient data.

We recognize there are valid use cases for these tools and have developed an exception process. If your work requires the use of a GenAI tool, please submit a Security Exception Request form for review and approval by Information Security.

Interested in learning more about how HonorHealth is using technology to advance healthcare? Join the Clinician Technology Experience Council (CTCE) to explore new ideas and suggest your own.

We are all responsible for protecting the privacy and confidentiality of our patients, team members and organization in compliance with HIPAA and HonorHealth policies. Thank you for your partnership in protecting the integrity and privacy of our patients, teams and systems.