Neither of those are true, there is EHR software that can export anonymous data. Lawyers can do the same thing. But the real reason not to do it is that it makes up incorrect information. It's pretty good for short responses where you can then verify the information. For something sufficiently complex though the time chasing down the inconsistencies and errors would be onerous.

Unlike information embedded in the parameters, a LLM has the capability to "cite its source" for information in the context window.