Since its launch in November 2022, ChatGPT (“GPT” stands for Generative Pre-trained Transformer), a type of artificial intelligence model, has gained over a million users. ChatGPT is used by entities in a wide variety of industries. On March 1, 2023, OpenAI, the developer of ChatGPT, updated its data usage policies[1] noting that (i) OpenAI will not use data submitted by customers to train or improve its models unless customers expressly opt-in to share such data, and (ii) OpenAI also will enter into business associate agreements in support of applicable customers’ compliance with the Health Insurance Portability and Accountability Act (“HIPAA”).

Continue Reading ChatGPT And Healthcare Privacy Risks

Virginia is now the second state, after California, to pass a comprehensive privacy law. The Consumer Data Protection Act (“CDPA”) will come into effect January 1, 2023 (the same time as the modification to California’s Consumer Privacy Act (“CCPA”), i.e., the California Privacy Rights Act (“CPRA”)). While CDPA has fairly broad exemptions for entities regulated by other laws, such as HIPAA, there is also a new “opt-in” requirement for collecting “sensitive data.”
Continue Reading What Virginia’s New Privacy Law Means for Organizations in the Healthcare Industry