LawSnap
Privacy Artificial Intelligence Health Care

I Uploaded My Blood Work to AI. Am I Oversharing?

Published
Source wsj.com open_in_new
Score
9

Why it matters

Background Summary

What Happened

The article addresses a growing trend of individuals uploading personal medical records and blood work results to AI chatbots like ChatGPT for interpretation and health analysis. OpenAI recently launched ChatGPT Health, a feature specifically designed to allow users to upload medical records including lab results, visit summaries, and clinical histories, enabling the AI to provide personalized health insights and trend analysis[11]. However, experts and medical professionals are raising significant concerns about whether this practice exposes users to unacceptable privacy and data security risks.

Who's Involved

Major technology companies including OpenAI (ChatGPT), Google (Gemini), and Apple are developing AI tools that process sensitive health data[5]. Healthcare providers, administrators, and approximately 40 percent of physicians express concern about AI's impact on patient privacy[8]. The featured expert in the WSJ article, Dr. Ranji, explicitly advises against uploading medical records to AI due to privacy vulnerabilities[1]. Medical institutions, research organizations, and tech companies are all involved in data-sharing arrangements that blur lines of consent and ownership[2].

Context and Timeline

Healthcare AI adoption has accelerated as these tools promise improved diagnostics and streamlined analysis. However, underlying privacy infrastructure hasn't kept pace. Research has demonstrated that even anonymized datasets can be re-identified: a 2019 study showed AI could re-identify 99.98% of individuals in anonymized datasets using only 15 demographic attributes[2]. A 2021 ransomware attack on Ireland's Health Service Executive demonstrated real-world consequences, shutting down hospital systems nationwide[2]. A 2025 IBM report found the average healthcare security breach now costs $7.4 million, with 97% of organizations lacking proper AI access controls[10].

Why It's Newsworthy Now

The story is timely because commercial AI tools are becoming mainstream health resources, yet most users don't understand the privacy implications. Unlike healthcare providers bound by HIPAA, consumer AI platforms operate under different legal frameworks. Data uploaded to these services may be used for model training, combined with other data sources for re-identification, or accessed by insurance companies and advertisers[5][6]. The tension between AI's genuine utility for health analysis and its inherent privacy risks makes this a critical consumer protection issue as adoption accelerates.

Sources

[1] https://news.futunn.com/post/71104675/i-uploaded-my-blood-work-to-ai-am-i-oversharing
[2] https://www.lepide.com/blog/ai-in-healthcare-security-and-privacy-concerns/
[3] https://www.joesipher.com/p/why-you-shouldnt-just-paste-your
[4] https://westfax.com/privacy-concerns-ai-medical-records/
[5] https://hai.stanford.edu/news/be-careful-what-you-tell-your-ai-chatbot
[6] https://pmc.ncbi.nlm.nih.gov/articles/PMC10718098/
[7] https://kffhealthnews.org/news/article/electronic-medical-records-patients-ai-chatbots-diagnosis-privacy-accuracy/
[8] https://www.providertech.com/privacy-concerns-ai-healthcare/
[9] https://www.youtube.com/watch?v=pccvZ8HW-KU
[10] https://www.wolterskluwer.com/en/expert-insights/health-system-size-impacts-ai-privacy-and-security-concerns
[11] https://time.com/7344997/chatgpt-health-medical-records-privacy-open-ai/
[12] https://405d.hhs.gov/post/detail/3900fcc7-08dd-4747-a1bb-2eb001dae582
mail

Get notified about new Privacy developments

Primary sources. No fluff. Straight to your inbox.

Related

View all Privacy

See more entries tagged Privacy.