SipCyber - Presented by IT Audit Labs

Your Health App May Not Be HIPAA Protected

IT Audit Labs Season 1 Episode 34

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 4:30

In this episode of SipCyber, Jen Lotze settles into The Fox and Pantry in Plymouth, MN — a space so thoughtfully designed it immediately earns your trust — and uses that feeling as the perfect lens for a conversation about AI and healthcare privacy. Over a Pineapple Mango Mint Refresher on a blazing Minnesota afternoon, Jen breaks down a growing blind spot: millions of people are using AI tools to interpret health information, but many of those tools aren't subject to HIPAA the same way your provider is. 

The app looks secure. The interface feels clinical. But confidence and verification are not the same thing. 

Key Topics Covered:  

  • Why many AI health tools aren't covered by HIPAA — even when they market as "healthcare-focused"  
  • What to look for in a privacy policy before uploading any medical information  
  • How polished design creates a false sense of data security  
  • What business owners need to know when employees use AI with patient or customer data 
  • The one-minute habit that protects your most personal information 

This isn't about avoiding AI — it's about using it with eyes open. Your health history, mental health concerns, and lab results deserve the same scrutiny you'd give any tool handling your most sensitive data. 

☕ Featured Spot: The Fox and Pantry, Plymouth, MN 

Don't hand your health data to an app before you know where it goes. Subscribe for weekly cybersecurity insights delivered from the best local spots across the country — and share this with someone who's ever typed a symptom into an AI chatbot. 

#HealthcarePrivacy #HIPAA #AIPrivacy #HealthData #Cybersecurity #DataPrivacy #AIHealthcare #InfoSec #SipCyber #DigitalSafety #MedicalData #CyberAwareness #HealthTech 

Jennifer Lotze

Hey there, coffee lovers and internet explorers. Welcome back to Sip Cyber, where we're always searching for two things: the perfect cup of coffee and the simplest way to keep your digital life safe. Some spaces make you stop and look around before you've even made it to the counter. The Fox and Pantry in Plymouth, Minnesota was one of those places for me. The first thing I noticed wasn't the menu. It was the space itself. Bold geometric patterns, sharp contrast between light and dark, rich cognac brown leather that softened the whole room. Every detail felt intentional, modern without feeling cold, stylish without feeling busy. The kind of place where you immediately want to settle in and stay a while. I was there with my work partner in crime, Tabitha. It was one of those almost 90-degree Minnesota afternoons where the weather catches you by surprise and suddenly everyone is looking for shade. I ordered a pineapple mango mint refresher that felt absolutely perfect for the day. Bright pineapple, sweet mango, just enough mint to make the heat feel a little less serious. We sat there talking about work, life, clients, and all the things that seem to blur together when you're constantly connected. And somewhere between my refresher and Tabitha's glitter covered cake, I started thinking about trust. Recently, I was reading about the growing use of AI and healthcare. More and more people are using AI tools to ask health questions, summarize medical information, review test results, and better understand their health. Especially when you get those test results before you actually get the written description. WebMD, I get it, I've been there. And honestly, all of that is incredibly convenient, and sometimes it's even helpful. But privacy experts are raising an important concern. Many people assume that because an app is discussing medical information, it automatically follows the same privacy rules as your doctor's office or hospital. Well, that's not always the case. Some AI tools market themselves as secure or healthcare focused, but they may not be covered by HIPAA in the same way your healthcare provider is. That means the protections people expect may not always apply. The issue isn't necessarily that these companies are doing something wrong. The issue is that many users don't know exactly how their information is stored, who can access it, how long it's retained, or what happens if policies change down the road. When we're talking about health information, those details matter a lot. Medical histories, lab results, mental health concerns, family health information, some of the most personal information we have. And just like that beautifully designed coffee shop made me feel confident everything had been thoughtfully considered, a polished app can create that same feeling. But confidence and verification aren't always the same thing. And that brings me to one small step that helps. Before uploading medical records, typing in your medical questions, test results, or any additional deeply personal health information into any AI tool, take one minute to read the privacy policy. I know it sounds boring, but do it anyway. And look specifically for how your information is stored, how it's shared, and how it's protected. You want to make sure that they're not selling your data or sharing it outside of where you think it's being shared. If those answers aren't clear in the privacy policy, don't upload more information than necessary. Don't tell the AI chatbot anything else. For you as business owners, the same principle applies whenever employees are using AI tools with your customer, patient, or employee data. Trust is important, but verification matters too. And as I sat there at Fox and Pantry surrounded by those beautiful patterns and thoughtful designs, I realized something. The places we trust most earn that trust through transparency. You can see the craftsmanship, you can see the care, you can see those details. In our digital lives, we have to look for those details a little more intentionally. Sometimes the smartest question isn't whether a tool is useful, it's whether we understand what happens after we click upload. And maybe that's the lesson I carried home with me that day. A pineapple mango mint refresher on a hot Minnesota afternoon, a cold brew, and a glitter-covered all-in cake, a beautiful space designed on thoughtful design. And a reminder that trust, whether in a coffee shop or in technology, is strongest when we understand how it's built. Thanks for joining me on this trip to Fox and Pantry and for taking a small step to secure digital life. Until then, stay safe, stay human, and keep sipping.