Health Care Without the Hospital: ChatGPT Health and Claude Go Direct to Consumers
Following CES 2026, OpenAI and Anthropic announced consumer-facing generative AI products for health care. OpenAI launched ChatGPT Health on January 7, 2026, and Anthropic followed with Claude for Healthcare on January 11, 2026. Both products allow users to connect their medical records and wellness applications directly to these AI chatbots, marking a significant change from theoretical benchmark performance to deployment of consumer health applications.
Overview of the New Platforms
ChatGPT Health is a dedicated space within OpenAI’s ChatGPT platform where users can link their medical records and wellness applications. Through a partnership with w·ell, users can connect electronic health records from U.S. healthcare providers, as well as data from Apple Health, Function, MyFitnessPal, Weight Watchers, and other platforms. According to OpenAI, over 230 million people globally ask health and wellness questions on ChatGPT each week.
To emphasize privacy protection, the platform stores health-specific conversations, connected apps, and uploaded files separately from other chats. Furthermore, ChatGPT Health conversations are not used to train OpenAI’s foundation models and include additional encryption beyond the platform’s standard protections. Several major hospitals have already started rolling out ChatGPT Health across their teams.
OpenAI also announced ChatGPT for Healthcare, a separate enterprise product for healthcare organizations that runs on GPT-5 models and includes HIPAA-compliant options with customer-managed encryption keys. This product is specifically built for healthcare workflows and was evaluated by physicians using HealthBench.
Claude for Healthcare builds on Anthropic’s earlier Claude for Life Sciences release, adding connectors to industry-standard systems: the Centers for Medicare & Medicaid Services (CMS) Coverage Database for coverage determinations, the ICD-10 classification system for medical coding, the National Provider Identifier Registry for credentialing and verification, and PubMed for access to over 35 million pieces of biomedical literature.
On the consumer side, subscribers can connect HealthEx, Function, Apple Health, and Android Health Connect to give Claude access to their lab results, data from wearables, and health records. Anthropic has stated that health data is not used to train models and that users control what information they share.
Legal and Risk Issues to Consider with Direct-to-Consumer Health AI
While ChatGPT Health and Claude for Healthcare offer useful capabilities, they also present risks and limitations that users, healthcare providers, and organizations should evaluate before adoption.
Buyer Beware: Vendor-Friendly Terms and Conditions
Users should read the terms of service carefully, as both platforms disclaim liability for the accuracy of health-related outputs and state that their products are not intended for diagnosis or treatment. OpenAI’s terms note that ChatGPT Health “is not intended for use in the diagnosis or treatment of any health condition,” and similarly, Anthropic directs users to healthcare professionals for personalized guidance.
These terms place the burden of evaluating AI-generated health information on the user. The relationship between a patient and a licensed healthcare provider carries professional duties, malpractice liability, and regulatory oversight; however, the relationship between a user and a consumer AI platform is governed solely by the contract. Users who rely on AI-generated health information do so largely at their own risk, with limited legal recourse if that information proves inaccurate or harmful.
Taking the Human Out of the Loop
Both platforms state that their consumer products support, rather than replace, medical care. However, the practical effect of integrating medical records with AI chatbots is a shift in how patients educate themselves and determine when to seek professional opinions. When users can ask an AI to interpret their lab results, explain their diagnoses, or suggest questions for their doctors, they may be less inclined to seek professional guidance.
This is not the first time consumer health technology has raised concerns about patients bypassing clinicians. When WebMD emerged, critics worried that patients would self-diagnose based on generic articles. However, these AI tools go considerably further in several respects. WebMD provided the same static content to every user, whereas ChatGPT Health and Claude for Healthcare integrate with individual medical records, lab results, and wearable data to generate personalized responses.
Furthermore, while WebMD articles were authored and reviewed by humans, large language models can hallucinate and generate plausible but incorrect information. The combination of personalization, conversational engagement, and access to a user’s complete health history may lead consumers to place greater trust in these tools than they did in earlier consumer health resources.
Privacy Protections Beyond HIPAA
While HIPAA applies to clinical and professional healthcare settings, it does not typically apply to direct-to-consumer applications such as ChatGPT Health and Claude for Healthcare. However, other legal frameworks may still apply. Federal consumer protection laws, such as Section 5 of the Federal Trade Commission (FTC) Act and the FTC’s Health Breach Notification Rules, may afford protections around deceptive practices and privacy.
Likewise, state privacy laws like the California Consumer Privacy Act (CCPA) provide rights regarding the collection, use, and sale of personal health information. Additionally, state consumer protection laws, including prohibitions on unfair and deceptive trade practices, may apply to representations AI companies make about data handling and security.
Both ChatGPT Health and Claude for Healthcare implement privacy measures, including compartmentalized storage, encryption, exclusion from model training, and user-controlled permissions. However, these protections are voluntary and contractual rather than mandated by healthcare-specific privacy regulations, and data shared with these platforms could still be subject to subpoenas, court orders, or data breaches—a risk that consumers are unlikely to fully appreciate.
Cybersecurity Risks
Cybersecurity remains a concern with health data, and the aggregation of medical information within AI platforms creates attractive targets for bad actors. The healthcare sector continues to face data breach risks affecting millions of patients annually.
Concentrating medical records, wellness data, and health conversations within consumer AI platforms introduces new opportunities for hackers. Generative AI tools are increasingly being used to assist in hacking and social engineering attacks. While both OpenAI and Anthropic tout their security measures, any system storing sensitive health data presents cybersecurity risks that users should weigh against the platform’s benefits.
Risks in Sensitive Contexts: Mental Health and Beyond
Generative AI chatbots in certain healthcare contexts, particularly mental health, have been alleged to cause harm. Litigation against Character.AI has raised claims that AI chatbot interactions contributed to self-harm and harm to others, including cases involving minors. These lawsuits underscore the risks when AI systems engage with vulnerable users on sensitive health topics without clinical oversight.
As states begin to regulate AI chatbots that engage users in mental health conversations, such as Utah’s H.B. 452, disclosure requirements, restrictions on the use and sale of personal information, and limitations on advertising are becoming increasingly common.
ChatGPT Health and Claude for Healthcare include disclaimers and direct users to healthcare professionals. However, conversational AI can simulate empathetic engagement and maintain extended dialogues, which may encourage users to share sensitive information or rely on AI responses beyond what the platforms are designed to handle. Users and healthcare organizations should be especially cautious about AI in mental health contexts, where incorrect or poorly calibrated responses carry serious consequences.
A Testing Ground for Consumer Health AI
ChatGPT Health and Claude for Healthcare will likely serve as testing grounds for determining where consumers are comfortable engaging with generative AI for health purposes. Some use cases may be relatively low-risk, such as explaining what a lab value means or helping users prepare questions for an upcoming appointment. Other use cases are more problematic, including interpreting complex symptoms, managing chronic conditions, or addressing mental health concerns.
As millions of users interact with these platforms, patterns will emerge about where consumer health AI adds value, where it falls short, and where clinician involvement remains necessary. This real-world data will inform product development by AI companies and regulatory approaches by policymakers trying to balance innovation with patient protection.
Legal and Regulatory Framework
Both platforms disclaim that their consumer products are not intended for diagnosis or treatment, helping to draw the line between providing general health information and engaging in activities that could constitute unlicensed practice of medicine. However, integration with personal medical records raises the stakes considerably.
When an AI system has access to a user’s complete medical history, lab results, and ongoing health metrics, its responses become more personalized and potentially closer to what regulators might consider medical advice. State medical boards may scrutinize whether AI systems with access to comprehensive patient data are operating as clinical decision support tools or as direct-to-consumer health resources, a distinction with significant regulatory implications.
The EU AI Act and international considerations are also important, as ChatGPT Health is launching outside of the European Economic Area, Switzerland, and the United Kingdom, where the Act’s requirements for high-risk AI systems apply.
