External Publication
Visit Post

My doctor violated my privacy by using AI (in a very disturbing way)

Privacy Guides Community [Unofficial] June 19, 2026
Source
lyricism: > If you’re in the US you can complain to HHS about a HIPAA violation. I would recommend this over confronting them directly. I don’t live in the US. I have reached out to my local data protection authority (DPA), to inquire about the legality of using Gmail and WhatsApp in healthcare, and their response was disappointing legalese. I did not ask them about AI though, but I am not sure if it’s worth it, given how it has gone so far. Even though I may get the same answer it may be a good idea to ask anyway, just to have an answer on the record. lyricism: > You can also complaint to your state’s medical licensing authority, though they may just respond advising you to submit a HIPAA complaint to HHS Contacting a medical licensing authority may be a good idea, but similar to your point, they may redirect me to the DPA. I would like to think a medical authority could answer a simple question on the legality of using AI, WhatsApp and Gmail. However, again, because the use of these tools is so rampant, they may decline to give a straight answer. lyricism: > assuming they just used a standard generative AI service and not something specifically tailored to the medical industry, and that’s almost certainly what happened based on my experience with doctors and HIPAA (they usually have good intentions but no idea what kinds of IT things they shouldn’t be doing) This is what I suspect too. When I filled out my medical form, there was no mention of a privacy policy or any mention of AI. lyricism: > However, you do not need to know for a fact that a violation occurred to submit a complaint, you just need to believe in good faith that one did based on the information available to you. Though I am confident in my claim, that is a good thing to know. lyricism: > If you’re in Europe, there may be a similar medical information specific recourse available, but I am not familiar with the process so I can’t provide details. It might just be GDPR though. In the EU there’s the GDPR, but on top of that, most EU countries have local DPAs and may have specific privacy laws on top of EU laws. beantaco: > Perhaps it is better to ask “how did you create the infographic?” rather than ask if she used AI. […] you could complement her graphic design skills and see if she discloses she used AI and not [insert graphic design application name here]. That is an excellent point, and I will definitely do that. beantaco: > Assuming she already knows about your privacy concerns, mentioning “AI” may raise her guard. I don’t think my doctor knows about my privacy concerns. I only mentioned them to her secretary as I was filling out medical forms. beantaco: > Like @lyricism recommended it may be better to take legal action rather than confront the practice. As I commented in my update in a different post, I cannot afford to sue, and even if I could, I do not wish to do that. Right now, all I want to know is if the law is on my side, and it is, confront my doctor before taking any legal actions. And my goal with my doctor is not to have an altercation, but for them to understand that they are violating patient privacy and I would like that to change

Discussion in the ATmosphere

Loading comments...