Are AI Health Bots Sharing Your Data? How to Check Their Privacy Policies

Are AI Health Bots Sharing Your Data? How to Check Their Privacy Policies

More people are turning to AI health bots for quick symptom checks, medication reminders, or mental health support. But a recent report from Healthcare Brew highlights a growing concern among experts: the privacy policies of these tools are often obscure, and federal rules barely cover them. If you’ve used or are considering using an AI health bot, it’s worth understanding what happens to the data you type in.

What happened

In June 2026, Healthcare Brew published an article featuring experts who reviewed privacy policies from several popular AI health bots. Their conclusion: many policies are vague, buried in dense legal text, or written in ways that make it hard to tell whether your health information is being shared with third parties, used to train models, or sold. The article also noted that existing federal regulations—like HIPAA—do not consistently apply to these bots, because most are not run by “covered entities” such as hospitals or insurers. The FTC has issued some guidance, but specific rules for AI health bots remain limited.

Why it matters

Health data is among the most sensitive personal information you can share. A chatbot that asks about your symptoms, mental health history, or medications may collect far more than you realize. If the bot’s policy allows data to be used for training AI models or shared with advertisers, that information could be difficult to retract. Unlike a direct conversation with a doctor, there’s no clear legal duty of confidentiality for many of these tools. And because policies change over time, even a bot that seems safe today might not stay that way.

What readers can do

You do not need to be a privacy lawyer to make more informed choices. Here are practical steps you can take:

1. Read the privacy policy – but focus on the right parts.
Look for sections titled “Data Sharing,” “Third Parties,” or “Use of Information.” Ask yourself: Does the bot say it will not sell your data? Does it list specific partners (like cloud providers or analytics companies)? If the policy says data may be used for “improving the service” without further detail, that often means it can be used to retrain the model.

2. Check if the bot is HIPAA-covered.
HIPAA only applies to healthcare providers, health plans, and their business associates. Most AI health bots are not covered. If the bot claims to be HIPAA-compliant, verify that claim – reputable services will explain how they meet those standards (e.g., signing business associate agreements with hosting providers).

3. Consider what you type.
Even a bot with a strong privacy policy might log your conversations. Avoid sharing identifiable information such as full name, address, or Social Security number unless you are certain of the bot’s protection. For symptom checkers, you can often give general descriptions without your real name.

4. Look for an easy way to delete your data.
A trustworthy bot should allow you to delete your account and conversations. Try to find that option before you start. If the policy is silent on deletion, or says data can be retained “as long as necessary,” treat that as a red flag.

5. Use browser extensions or tools to check tracking.
Tools like Privacy Badger or the EFF’s Cover Your Tracks can show you what third-party trackers load when you use a health bot’s website. If the bot has an app, check its privacy nutrition label on the App Store or Google Play – though these labels are self-reported, they can still help you spot claims of data collection.

6. If you suspect misuse, file a complaint.
Even without specific health-bot rules, the FTC has authority to act on deceptive practices. If a bot’s policy promises not to share data but does so anyway, you can report it at reportfraud.ftc.gov. State attorneys general also sometimes pursue privacy violations.

Sources

The information in this post draws from the Healthcare Brew article “Experts call out obscure privacy policies for AI health bots, limited federal rules” (published June 17, 2026). For further background, the FTC’s guidance on AI and consumer protection, and HIPAA definitions from the U.S. Department of Health and Human Services, are publicly available. No specific health bot names are cited here because the concerns apply broadly across the category. As with any new technology, the landscape may shift – check for updates to policies and regulations regularly.