That's ridiculous. Sure if you put it into ChatGPT today that's a problem. But if you have a deal with the company providing this service, and they are certified to follow the relevant regulations around sensitive data, why would that be different from any other cloud service?

If this proves actually useful I guess such agreements could be arranged quite quickly.

Yes, almost all eDiscovery is managed by cloud vendors as is, and no one worries about waiver of privilege to these companies. The only concerns I’ve heard have been relates to foreign companies or governments not wanting their data to be hosted in a foreign country. But domestically it should be fine to have a chatgpt legal where data is discarded not saved.

It's only been a few hours since Ring was hacked... a system run by a large company which assured everyone they were taking good care of their data. Surely the wonderful Amazon, with all of it's massive capital, could do the simple thing of encrypting incredibly sensitive and private user data? Right?

Why do you think sharing the data with OpenAI is legally any different than storing it on AWS/Azure/GCP/Whatever else they are using?

GCP/AWS/Azure have HIPAA programs in places, and will, consequently, sign HIPAA BAAs to legally perform as Business Associates of covered entities, fully responsible for handling PHI in accord with HIPAA rules (for certain of their services.) OpenAI itself does not seem to offer this for either its UI or API offerings.

Microsoft, OTOH, does now offer a HIPAA BAA for its Azure OpenAI service, which includes ChatGPT (which means either they have a bespoke BAA with OpenAI that OpenAI doesn’t publicly offer, or they just are hosting their own ChatGPT instance, a privilege granted based on them being OpenAI’s main sponsor.)

GCP respects hipaa (google 'gcp hipaa baa'). Does OpenAPI?

If they don't now they will in the future, if they think there is money to be made. Why wouldn't they? They could even charge a premium for the service.