Is Gemini HIPAA Compliant? Complete Guide for 2026

In May 2024, Google launched Med-Gemini, its healthcare-specific AI models. The announcement promised "a leap forward" with "substantial potential in medicine." The research paper accompanying the launch included a section on interpreting head CT scans.

That section contained a hallucination. A fabricated clinical detail that nobody at Google caught before publication.

When a chief medical information officer at Providence (a healthcare system running 51 hospitals) saw it, his assessment was direct: "What you're talking about is super dangerous."

Seven months later, in November 2025, Google faced a class action lawsuit (Thele v. Google) for secretly enabling Gemini tracking features on Gmail, Chat, and Meet accounts. According to the complaint, Google switched "Smart Features" on by default without user consent, allowing Gemini to analyze private communications across those services.

Neither of these is a HIPAA violation in the direct sense. But they illustrate the two questions healthcare organizations should ask about any AI tool: Does it actually work correctly for clinical use? And does it handle data the way you think it does?

For Gemini, the answers depend entirely on which version you're using.

The short version: If you need to redact sensitive documents before they reach AI systems, PaperVeil handles that layer. The rest of this article explains where it fits in the broader governance architecture.

The Direct Answer: Is Gemini HIPAA Compliant?

It depends on the version.

Consumer Gemini (gemini.google.com, mobile apps): Not HIPAA compliant. No Business Associate Agreement available. Should never be used with PHI.

Gemini for Google Workspace (Business/Enterprise): Can be HIPAA compliant when configured correctly and covered under a signed BAA. As of September 30, 2025, Gemini app (excluding Gemini in Chrome) and Gemini in Workspace are explicitly included under Google's HIPAA Business Associate Addendum.

Gemini API via Google Cloud/Vertex AI: Can be HIPAA compliant. Vertex AI is included on Google Cloud's list of HIPAA-eligible services. HIPAA compliance certification was achieved in May 2025. Requires a BAA and specific project configuration.

NotebookLM: Not HIPAA compliant. Google explicitly states NotebookLM does not support ISO, SOC, or FedRAMP compliance and is not covered by the Google Business Associate Agreement.

The nuance matters. "Gemini" isn't one product. It's a family of products with different data handling policies, different compliance certifications, and different contractual protections. Using the wrong version with patient data creates immediate HIPAA exposure.

What HIPAA Actually Requires

HIPAA's requirements don't change based on the technology you use. The same rules apply whether you're processing patient records with a filing cabinet or a large language model.

Protected Health Information

PHI includes any health information combined with one of 18 specific identifiers:

  • Names
  • Geographic data smaller than a state
  • All dates (except year) related to an individual
  • Phone numbers, fax numbers, email addresses
  • Social Security numbers
  • Medical record numbers
  • Health plan beneficiary numbers
  • Account numbers
  • Certificate and license numbers
  • Vehicle and device identifiers
  • Web URLs and IP addresses
  • Biometric identifiers
  • Full-face photographs
  • Any other unique identifying code

A clinical note typically contains multiple identifiers. Patient name, date of birth, MRN, diagnosis dates, treatment history. Process that through a consumer AI account, and you've created a HIPAA violation.

Business Associate Requirements

Any entity that handles PHI on behalf of a covered entity becomes a business associate. This includes AI vendors.

When you send patient data to Google for AI processing, Google becomes a business associate. You need a signed Business Associate Agreement (BAA) in place before any PHI touches their systems.

For Google's HIPAA-eligible services, this means:

  1. You must request and execute a BAA with Google Cloud or Google Workspace
  2. The BAA must be in place before you process any PHI
  3. You must use only the services specifically covered by the BAA
  4. You must configure those services according to HIPAA requirements

Using NotebookLM with PHI? No BAA coverage, regardless of your other Google agreements. Using consumer Gemini? No BAA available at all.

The Minimum Necessary Standard

HIPAA requires limiting PHI access to the minimum necessary for the intended purpose. If you're using Gemini to summarize a clinical note, do you need to send the patient's Social Security number? Their full address? Usually not.

This is where redaction becomes a compliance requirement, not just a security measure. Sending more PHI than necessary to any AI system violates the minimum necessary standard.

Audit Requirements

The Security Rule requires audit controls that record and examine PHI access. For AI workflows:

  • What data was sent to the AI
  • When it was sent
  • Who authorized the processing
  • What the AI returned
  • How the response was used

Most informal AI usage has no audit trail. Staff members paste patient notes into Gemini, get a response, and there's no record anywhere.

Where Gemini Falls Short

Even with the right version and proper agreements, Gemini has compliance considerations healthcare organizations need to understand.

Consumer Versions

Consumer Gemini is straightforward: don't use it with PHI.

No BAA coverage. There's no mechanism to enter a Business Associate Agreement for consumer accounts.

Data retention. Consumer conversations are retained and may be reviewed by Google for quality improvement and safety purposes.

Training considerations. While Google states enterprise data isn't used for training, consumer data policies are different and less protective.

Web search integration. Consumer Gemini can pass queries to Google Search to improve results. Google Search is explicitly not appropriate for HIPAA-regulated data.

The problem is that consumer Gemini is the version most people encounter first. It's free, accessible, and works well for general queries. Staff members who've used it personally may not understand why they can't use it for work.

Workspace Enterprise

Gemini for Google Workspace Business and Enterprise editions can be HIPAA compliant, but require proper setup.

BAA execution. You must actively request and sign a BAA. Having an enterprise account doesn't automatically mean you're covered.

Configuration requirements. The BAA only applies to properly configured services. Admins must ensure Gemini settings align with HIPAA requirements.

Chrome exception. As of September 2025, "Gemini in Chrome" is explicitly excluded from HIPAA coverage, even for enterprise accounts.

Data retention. Prompts and responses are stored for up to 30 days for debugging and abuse detection. This is shorter than some alternatives but still represents data existing on Google infrastructure.

Human review policy. Enterprise content is not human reviewed or used for training outside your domain without permission. But "without permission" means you need to verify your settings don't grant that permission.

Vertex AI and API Access

For organizations building AI workflows rather than using chat interfaces, Vertex AI offers the strongest compliance posture.

HIPAA certification achieved May 2025. Gemini models on Vertex AI are explicitly HIPAA-eligible.

Zero data retention available. Vertex AI offers zero data retention configurations for workloads with strict requirements. This isn't the default setting.

Training restriction. According to Google's Service Specific Terms, they won't use your data to train or fine-tune models without your permission. This applies to all managed models on Vertex AI.

Data retention without ZDR. When zero data retention isn't enabled, prompts and outputs may be retained for 55 days for abuse monitoring.

VPC Service Controls. Vertex AI supports VPC-SC, which creates security perimeters preventing unauthorized data movement. This is essential for PHI isolation but requires explicit configuration.

NotebookLM

NotebookLM deserves special mention because it's increasingly popular for document analysis, exactly the use case healthcare organizations might want.

Google explicitly states: NotebookLM is not covered by the Google Business Associate Agreement for HIPAA compliance. It doesn't support ISO, SOC, or FedRAMP compliance certifications. Google says they plan to work toward these certifications but haven't committed to a timeline.

If staff members are uploading clinical documents to NotebookLM for analysis, that's a HIPAA violation regardless of your other Google agreements.

Building a Compliant Gemini Workflow

There are three viable paths for healthcare organizations that want to use Gemini capabilities.

Path 1: Google Workspace Enterprise with Full Configuration

For organizations already invested in Google's ecosystem:

  1. Verify your edition. HIPAA coverage requires Workspace Business or Enterprise, not personal or free accounts.
  2. Execute the BAA. Contact your Google account representative or request through the admin console.
  3. Configure HIPAA settings. Enable required security controls, verify data handling settings, disable any features not covered by the BAA.
  4. Train staff. Ensure users understand which Gemini features are approved and which (like NotebookLM and Gemini in Chrome) are not.
  5. Document everything. Create policies, document configurations, maintain audit records.

The Google admin console provides specific guidance for HIPAA configuration. Follow it precisely.

Path 2: Vertex AI for Custom Workflows

For organizations building AI into clinical workflows:

  1. Sign the Google Cloud BAA. Request through your account manager or the GCP console.
  2. Enable the regulated-data flag. This is required at the project level for HIPAA-covered workloads.
  3. Configure zero data retention. If your compliance posture requires it, enable ZDR explicitly.
  4. Implement VPC Service Controls. Create security perimeters around your Vertex AI resources.
  5. Use CMEK. Customer-managed encryption keys for PHI at rest.
  6. Apply least privilege IAM. Restrict who can access AI resources and what they can do.

Approval typically takes 1-2 business days, faster than some competitors.

Path 3: Redact Before Processing

The most flexible approach that works across any Gemini tier:

  1. Build a preprocessing layer. Detect and redact all 18 PHI identifiers before data reaches Gemini.
  2. Replace with placeholders. Convert "John Smith" to [PATIENT-1], "123-45-6789" to [SSN-1], etc.
  3. Process the redacted content. Send sanitized documents to Gemini for analysis.
  4. Reconstitute if needed. Map placeholders back to real values in your secure environment.

This approach means Gemini never sees actual PHI. The data isn't protected health information anymore; it's de-identified text that happens to have placeholders where identifiers would be.

You can use this approach with consumer Gemini for appropriate use cases (like drafting generic content based on de-identified patterns) while maintaining full compliance.

Implementation Checklist

Before using any Gemini product with patient data:

Administrative Controls:

  • Determine which Gemini products you need
  • Verify HIPAA eligibility for each product
  • Execute appropriate BAA with Google
  • Create written policies for approved AI usage
  • Document configuration settings and rationale

Technical Controls:

  • Configure Gemini/Workspace per HIPAA requirements
  • Disable non-compliant features (NotebookLM, Gemini in Chrome)
  • Enable audit logging for AI interactions
  • Implement data loss prevention rules
  • Set up monitoring for unauthorized AI usage

Workforce Training:

  • Train staff on approved vs prohibited AI tools
  • Explain why consumer Gemini cannot be used
  • Document training completion
  • Provide clear escalation path for questions

Ongoing Compliance:

  • Regular audit of AI usage patterns
  • Review Google's compliance updates quarterly
  • Update configurations as new features release
  • Refresh training annually

What Google's Training Restriction Actually Means

Google's commitment not to use enterprise data for model training deserves clarification.

For Vertex AI and Workspace Enterprise, Google states: "Your data to train or fine-tune any AI/ML models without your prior permission or instruction."

This means:

  • Your patient data won't improve Google's foundation models
  • Your prompts won't appear in training datasets
  • Your outputs won't influence future model behavior

It does not mean:

  • Your data disappears immediately after processing
  • No Google employee can ever access your data (abuse monitoring exists)
  • The data never leaves Google's infrastructure (it still goes to their servers)

The training restriction addresses one compliance concern but not all of them. Data transmission, retention, and access controls are separate considerations.

The Cost of Getting This Wrong

HIPAA penalties in 2025 range from $141 to $71,162 per violation, with annual caps up to $2,134,831. But those are just the regulatory fines.

OCR collected $9.9 million in HIPAA penalties across 22 enforcement actions in 2024. The common thread in most actions was failure of basic controls: risk analysis not conducted, access controls not implemented, audit logs not maintained.

Using consumer Gemini with patient data isn't a sophisticated compliance failure. It's the same category of basic control failure that triggers enforcement. You're transmitting PHI to a service without a BAA, failing to implement minimum necessary controls, and creating no audit trail.

Beyond penalties, consider:

  • Class action exposure (similar to the Thele v. Google lawsuit)
  • Breach notification costs if Gemini data is compromised
  • Reputational damage with patients who trusted you with their information
  • State attorney general investigations in addition to federal OCR

Moving Forward

Google has made real progress on healthcare AI compliance. The May 2025 HIPAA certification for Vertex AI, the explicit Workspace BAA coverage as of September 2025, and the training restrictions for enterprise customers address many previous concerns.

But compliance isn't a product you purchase. It's an architecture you implement.

The organizations getting Gemini right:

  • Use enterprise tiers with properly executed BAAs
  • Configure services according to documented HIPAA requirements
  • Train staff on which tools are approved and which aren't
  • Monitor for shadow AI usage on consumer accounts
  • Build audit capability into their AI workflows
  • Consider redaction as an additional protection layer

The organizations at risk assume that having a Google Workspace enterprise account means they're compliant. Or they haven't realized that NotebookLM isn't covered. Or they haven't thought about what happens when a staff member uses their personal Gemini account with patient data.

If you're considering Gemini for healthcare workflows, audit your current state first. What Google products are people actually using? Which have BAA coverage? What data is flowing where? Then build the architecture that makes compliant usage the default.

PaperVeil lets you redact all your sensitive information from PDFs in a simple drag and drop flow. Detect and remove PII, match custom patterns, strip metadata, and generate audit trails. The redaction layer that makes AI document processing actually safe.