Not All Medical AI Tools Protect Your Privacy Equally – Here’s What a New Study Reveals

If you’ve used a symptom checker, mental health chatbot, or AI‑powered telehealth service recently, you’ve probably handed over some of your most sensitive personal information. A July 2026 study from Telehealth.org offers a sobering look at how well—or how poorly—different medical AI tools guard that data. The key finding: privacy risks vary dramatically depending on the type of tool you use, and patients have little visibility into which ones are safe.

What Happened

Researchers at Telehealth.org evaluated a range of AI tools used in healthcare, from general‑purpose chatbots (like ChatGPT used for medical advice) to specialized diagnostic applications designed for specific conditions. They assessed each tool on several privacy criteria: whether data was shared with third parties, whether encryption was used in transit and at rest, how transparent the tool was about data handling, and whether users had control over deletion.

The results were uneven. General AI chatbots and wellness apps scored poorly on several fronts. Many shared user inputs with third‑party analytics or advertising services, and details about data retention were often buried in dense privacy policies—or missing entirely. Smaller, direct‑to‑consumer mental health apps were also frequently weak on encryption and data minimization.

In contrast, specialized diagnostic AI tools—especially those integrated into established healthcare systems—tended to have stronger safeguards. These tools often came with clearer privacy notices, encryption by default, and processes for users to request data deletion. But even among those, the study found gaps: few tools offered independent audits or verifiable compliance with standards like HIPAA.

The full study is published on Telehealth.org, and the researchers note that their assessment is based on publicly available information and self‑reported policies, which may not always match actual practices.

Why It Matters

When you share health information with an AI tool, you’re trusting it with details that could affect insurance, employment, or personal relationships if leaked. The Telehealth.org study confirms that not all tools deserve that trust.

A general chatbot might seem convenient, but if it logs your conversations and shares them with data brokers, there’s no clear process to withdraw that data. On the other hand, a diagnostic tool used in a hospital setting likely has legal obligations (like HIPAA in the U.S.) and institutional oversight—but that doesn’t guarantee airtight privacy.

The variability also creates a confusing landscape for patients. Without clear labeling or independent ratings, it’s hard to know which tools are protecting you and which are treating your data as a product.

What Readers Can Do

You don’t need to become a privacy expert to make safer choices. Here’s a practical checklist based on the study’s findings:

Before using any AI medical tool, ask these questions:

  1. Who owns the data you enter? Look for a privacy policy that states your data belongs to you, not the company. Avoid tools that claim broad, indefinite rights to use your inputs.
  2. Is the data encrypted? Check whether encryption is used both when data is sent (in transit) and when stored (at rest). If the policy doesn’t mention encryption, consider that a red flag.
  3. Can you delete your data? A good tool will let you delete your account and all associated data easily and permanently. Test this before relying on the tool.
  4. Is data shared with third parties? Many apps share information with advertisers, analytics firms, or AI model trainers. Look for a clear “do not sell my data” option or a commitment not to share without consent.
  5. Who built the tool and for what purpose? Tools developed by reputable medical institutions or companies with a clear healthcare focus are more likely to have proper oversight than generic chatbots.

If you suspect a privacy violation: In the U.S., you can file a complaint with the Office for Civil Rights at the Department of Health and Human Services if the tool is covered by HIPAA. For other tools, report issues to the Federal Trade Commission (FTC) or your country’s data protection authority. If your data is exposed in a breach, change passwords, monitor credit reports, and consider a fraud alert.

A note on regulation: Current laws like HIPAA only cover tools used by “covered entities” (hospitals, insurers). Many consumer AI apps fall outside these rules. The Telehealth.org study highlights this regulatory gap. Until stronger rules are in place, your best protection is to ask hard questions—and to walk away from tools that don’t give clear answers.

In the end, using an AI medical tool doesn’t have to mean surrendering your privacy. But it does mean treating each tool with a healthy dose of scrutiny. The safer options exist; you just have to know where to look.

Sources

  • Telehealth.org. “Medical AI Privacy Study Finds Uneven Patient Risks.” Published July 2026. Available at: [Telehealth.org article link]
  • American Psychological Association. “Health advisory: Use of generative AI chatbots and wellness applications for mental health.” November 2025.
  • The Guardian. “Google AI Overviews put people at risk of harm with misleading health advice.” January 2026.
  • Frontiers. “A systematic review of ethical considerations of large language models in healthcare and medicine.” August 2025.
  • Telehealth.org. “Telehealth Policy in 2025: How Regulatory Gaps Disrupted Patient Access and Outcomes.” January 2026.