The Short Answer (TL;DR)
Is the free version of ChatGPT HIPAA compliant?
No. It is a violation of federal law to paste client names, dates of birth, or diagnosis details into the free or “Plus” version of ChatGPT.
Can it become compliant?
Yes. If you use the Enterprise/Team version and sign a Business Associate Agreement (BAA) with OpenAI.
Are there easier alternatives?
Yes. Dedicated tools like PatientNotes and Freed are HIPAA-compliant out of the box and sign BAAs automatically.
Introduction
Picture this: You just had a breakthrough session with a 5-year-old client. You are exhausted. You open ChatGPT and type:
“Write a SOAP note for [Client Name] who worked on /r/ blends today…”
Stop. You may have just committed a HIPAA breach.
As Speech-Language Pathologists, we are legally required to protect Protected Health Information (PHI). But we are also drowning in paperwork. The temptation to use AI is huge.
The good news? You can use AI in your practice. You just have to do it the right way. This guide covers the 2026 rules for AI privacy in speech therapy.
The “Danger Zone”: Why Free ChatGPT is Risky
When you use the free version of ChatGPT (or even the standard $20/month “Plus” plan), two things happen that HIPAA hates:
- Data Retention: OpenAI saves your chat history to their servers.
- Model Training: Your conversation—including your client’s specific medical data—can be used to train future versions of the AI.
Imagine a future version of ChatGPT completing a sentence about your client because it “learned” from your notes. That is the nightmare scenario.
The “Green Zone”: 3 Ways to Use AI Safely
You don’t have to ban AI from your clinic. You just need to pick one of these three safe paths.
Method 1: The “De-Identification” Technique (Free but High Effort)
You can use standard ChatGPT if you strip away every single piece of PHI before you hit enter. This is called the “Safe Harbor” method.
- Remove: Names, Dates of Birth, Addresses, Phone Numbers, and distinct physical descriptions.
- Replace with: “The Client,” “7yo Male,” “Client X.”
The Risk: Human error. It only takes one slip-up (“Write a note for Mason…”) to cause a breach.
Method 2: The Enterprise BAA Route (Expensive)
If you run a large clinic, you can purchase ChatGPT Team or Enterprise.
- The Benefit: These plans allow you to turn off model training.
- The Requirement: You must request and sign a Business Associate Agreement (BAA) with OpenAI. If you don’t have the signed document, you are not compliant.
Method 3: The “Easy Button” (Dedicated Medical AI)
This is what most private practice SLPs are doing in 2026. Instead of fighting with ChatGPT settings, they use tools built specifically for healthcare.
These tools sign a BAA with you immediately and are encrypted specifically for medical records.
| Tool | HIPAA Status | BAA Available? | Best For |
| PatientNotes | ✅ Compliant | Yes (Paid Plans) | Pediatric SLPs |
| Freed.AI | ✅ Compliant | Yes | Speed & Audio Scribing |
| Heidi Health | ✅ Compliant | Yes (Pro Plan) | Free Tier users |
Recommendation: If you don’t want to worry about legal settings, use PatientNotes or Freed. They handle the security so you can handle the therapy.
Checklist: Are You Compliant?
Before you write your next note, run through this mental checklist:
- [ ] Am I using a tool that signed a BAA? (If no, go to next question).
- [ ] Did I remove the client’s name? (Use initials only).
- [ ] Did I remove the exact Date of Birth? (Use “Age 7” instead).
- [ ] Did I turn off “Chat History & Training”? (If using ChatGPT).
Conclusion
AI is a tool, just like your iPad or your laminator. It is safe if used correctly.
Don’t let fear keep you doing paperwork until 9 PM. Just choose the right tool.
Want to see which safe tool is right for you? Read our breakdown of the 5 Best AI Scribe Tools for SLPs.
Disclaimer: This article is for informational purposes and does not constitute legal advice. Always consult your liability insurance provider. (This makes you look very professional).
