Short answer: Gemini is not "HIPAA compliant" out of the box. The free Gemini app and consumer Gemini Advanced are not BAA-eligible and cannot lawfully be used for protected health information (PHI). Google does, however, support Business Associate Agreements (BAAs) for Gemini in Google Workspace under the Workspace BAA and for Gemini on Vertex AI under the Google Cloud BAA, both with HIPAA Implementation Guides that spell out the supported configurations. This guide explains, in 2026, what HIPAA actually requires of an AI tool, which Google products can be made compliant, and how to keep PHI from leaking when clinicians and staff use unsanctioned accounts.

What HIPAA requires of any AI tool

HIPAA is implemented through three rules that all attach when an AI vendor processes PHI on your behalf:

Privacy Rule — defines PHI and the conditions under which it may be used or disclosed.
Security Rule — defines administrative, physical, and technical safeguards for electronic PHI (ePHI).
Breach Notification Rule — defines what counts as a breach and the timelines for reporting it.

For Google to lawfully process PHI for a covered entity using Gemini, three things must be true:

Google qualifies as a business associate because it creates, receives, maintains, or transmits PHI on the covered entity's behalf.
The covered entity has a signed Business Associate Agreement (BAA) that contractually extends HIPAA obligations to Google.
The Gemini product, in the configuration you actually use, supports the Security Rule's required safeguards (access control, audit logging, encryption, integrity controls, transmission security).

Without a BAA, sending PHI to Gemini is an unpermitted disclosure under the Privacy Rule, no matter how robust Google's underlying infrastructure is.

Where Google stands on HIPAA in 2026

As of April 2026, Google's HIPAA support for Gemini is split across three product surfaces:

Gemini in Google Workspace — covered under the Workspace BAA for HIPAA-eligible Workspace customers. HIPAA-covered Gemini features include Gemini in Gmail, Docs, Sheets, Slides, Meet, and the Gemini app for Workspace, when admins configure them per Google's Workspace HIPAA Implementation Guide. Customers must accept the BAA and enable HIPAA-compliant settings before using Gemini features on PHI.
Gemini on Vertex AI (Google Cloud) — covered under the Google Cloud BAA for HIPAA-eligible services. Vertex AI is HIPAA-eligible when configured per the Google Cloud HIPAA Implementation Guide, including customer-managed encryption keys, VPC Service Controls, and audit logging. The Gemini API on Vertex AI inherits Vertex's HIPAA eligibility for eligible models.
The free Gemini app, Gemini Advanced (Google One AI Premium), and the AI Studio free tier — not BAA-eligible. Activity may be retained, may be reviewed by humans for product improvement on the free tier, and is not contractually covered for PHI handling.

Two things follow:

A clinician at gemini.google.com cannot tell from the URL whether the tab is signed into a personal Gemini Advanced account, a HIPAA-configured Workspace account, or somewhere in between. Operationally, "Is Gemini HIPAA compliant?" is really "which Google account am I in, and is that account under a Workspace or Cloud BAA?"
Workspace HIPAA support for Gemini features has expanded several times since the original Duet AI rollout. The exact list of HIPAA-eligible Gemini features in Workspace changes; verify against Google's current Workspace HIPAA Implementation Guide before enabling for clinical staff.

What a HIPAA-aligned Gemini deployment looks like

A health system, payer, life-sciences org, or digital-health vendor that wants to use Gemini on PHI typically needs to:

Choose the right product surface. For workforce productivity (drafting clinical notes, summarizing emails, building spreadsheets), Workspace is usually the right path. For application backends, agents, and integrated AI features inside a clinical product, Vertex AI is usually the right path.
Sign the right BAA. The Workspace BAA covers Workspace; the Google Cloud BAA covers Vertex AI and other GCP HIPAA-eligible services. Some customers need both.
Configure per the HIPAA Implementation Guide. Disable consumer-facing features that fall outside the BAA scope; enable required logging, encryption, and access controls.
Restrict workforce access. Block consumer Gemini endpoints (gemini.google.com on personal Google accounts) at the network or identity layer. Force SSO into the BAA-covered Workspace tenant.
Configure data retention appropriately. Workspace and Vertex AI both support configurable retention; for clinical workloads, set the shortest retention compatible with your records-management obligations.
Log access to satisfy the Security Rule's audit-control requirement. Workspace exposes Admin audit logs and Drive activity; Vertex AI logs to Cloud Audit Logs and Cloud Monitoring.
Train the workforce on what may and may not be sent. A signed BAA does not authorize pasting any PHI — only PHI the workforce member is otherwise permitted to disclose for the specific task.
Document risk assessment, BAA, configuration, and training records. HHS-OCR audits documentation, not just controls.

The single most-overlooked step is #4. Most "Gemini HIPAA" incidents in 2025–2026 originated not on the Workspace tenant but on a personal Google account a staff member opened on a work laptop.

The "shadow Gemini" problem

Even with a properly executed Workspace BAA, the highest-frequency HIPAA exposure in 2026 is workforce members using consumer AI tools — Gemini Advanced, ChatGPT Plus, Claude Pro, Grok, Copilot personal — for clinical and administrative tasks because the personal account is faster and feels less monitored. Public survey data from KLAS and HIMSS in 2025 consistently put unsanctioned generative-AI use among US clinicians above 50%.

Two technical controls help materially:

Browser-level redaction. A local-first tool such as Sonomos detects PHI categories — names, dates, MRNs, diagnoses, drug names, payer IDs — inside the browser and replaces them with reversible tokens before the prompt leaves the device. Even when staff use a non-sanctioned Gemini Advanced account, the unmasked PHI never crosses the wire.
Egress controls for AI domains. Add gemini.google.com, aistudio.google.com, chat.openai.com, claude.ai, copilot.microsoft.com, and similar destinations to your DLP and CASB rules. Treat them the same way you treat traffic to a personal cloud-storage provider.

Both controls are additive, not substitutes for a BAA. They reduce the size and severity of a leak when policy slips.

Examples: what is and is not allowed

The lines below assume a covered entity has a signed Workspace BAA covering Gemini. Without that BAA, the answer to every "yes" example is "no, this is an unpermitted disclosure."

| Scenario | Compliant? | Why | | --- | --- | --- | | Clinician uses Gemini in Workspace Gmail (BAA, HIPAA features enabled) to draft a reply to a patient referencing their MRN | Yes | Permitted disclosure to a business associate | | Same clinician opens gemini.google.com on a personal Google account and pastes the same message | No | PHI to a non-BAA account | | Researcher uses Gemini in Google Sheets to summarize a column of de-identified clinical-trial outcomes | Yes | De-identified data is not PHI | | Researcher uses Gemini Advanced (consumer) to summarize the same data with patient initials and admission dates | No | Initials + dates remain PHI; non-BAA account | | Health-tech team calls Gemini on Vertex AI under the GCP BAA from a HIPAA-configured backend | Yes | Permitted disclosure under Google Cloud BAA | | Front-desk staff drafts an appointment-reminder text in personal Gemini that includes patient name and visit date | No | PHI to a non-BAA account | | Same staff drafts the message with "[Patient]" placeholders, then fills the name in the EHR | Yes | No PHI sent to Google |

The pattern: keep PHI inside the BAA boundary, or remove PHI before the request leaves the device.

How Gemini compares to ChatGPT and Claude for healthcare

All three vendors can be configured for HIPAA workloads under a BAA. The relevant differences in 2026:

Default training posture. Anthropic excludes customer prompts from training by default across consumer and enterprise tiers. OpenAI excludes Enterprise, Edu, Team, and API by default; consumer tiers require opt-out. Google's free Gemini may be reviewed by humans on the free tier; Workspace and Vertex AI traffic is governed by enterprise terms.
Cloud breadth. Google's HIPAA story is uniquely tied to its productivity suite (Workspace) and its cloud (Vertex AI). For organizations already standardized on Workspace or GCP, this is procurement-friendly.
Productivity integration. Gemini's deepest HIPAA-eligible integrations are inside Workspace apps (Gmail, Docs, Drive). For clinicians who already live in those tools, this is a workflow advantage; ChatGPT and Claude live mostly in their own surfaces or via copy-paste.
Audit and admin controls. Workspace and Vertex AI both expose mature admin and audit-log surfaces. The granularity varies by feature; verify the events your compliance program needs are captured.

The product-level "which is more HIPAA-friendly" question matters less than the organizational question: which BAA do you already hold, where does your workforce already work, and how well can you keep them inside the covered tenancy?

Frequently asked questions

Does signing the Workspace BAA make Gemini HIPAA compliant?

A BAA is necessary but not sufficient. Compliance requires the BAA plus the Security Rule's administrative, physical, and technical safeguards in your configuration and operation. Google's BAA covers their part; the rest — workforce access controls, audit logs, training, incident response — is yours.

Is the free Gemini app HIPAA compliant if I only use it for de-identified data?

If the data is genuinely de-identified under HIPAA's Safe Harbor or Expert Determination methods, it is no longer PHI and HIPAA does not apply. The risk is that "de-identified" is harder than it looks: Safe Harbor requires removing 18 specific identifier categories, and a single rare diagnosis plus a ZIP code can re-identify on its own. If you cannot document the de-identification method, treat the data as PHI.

What about Gemini in Gmail, Docs, and Drive?

For Workspace customers under the BAA, Google publishes a HIPAA Implementation Guide listing which Gemini features are HIPAA-eligible. As of 2026, Gemini in Gmail, Docs, Sheets, Slides, Meet, and the Workspace Gemini app are eligible when the admin has accepted the BAA and enabled HIPAA-compliant settings. Some preview or experimental Gemini features may not be in scope; verify against the current guide.

Is Gemini on Vertex AI the same as the Gemini app for HIPAA purposes?

No. Gemini on Vertex AI runs under the Google Cloud BAA and the Google Cloud HIPAA Implementation Guide; the Gemini app on consumer accounts is governed by Google's consumer terms. Both can use the same model family; the contractual, retention, and infrastructure posture is different. Pick the path your security and procurement teams can support.

Can I use the Gemini API directly without Workspace or Vertex AI?

The general-availability Gemini API on Google AI Studio and the public Gemini Developer API are not, by default, BAA-eligible. For HIPAA workloads, the supported path is Vertex AI under the Google Cloud BAA. Check the current Google AI Studio terms and HIPAA implementation guide before relying on any other path.

What if my staff already pasted PHI into a personal Gemini account?

Treat it as a potential breach. Investigate the account's data and retention settings, document the disclosure, and apply the Breach Notification Rule's risk-of-compromise factors. "We did not realize the tool was unsanctioned" has not been an effective defense in OCR enforcement actions.

How does Sonomos relate to HIPAA?

Sonomos is not a covered entity or business associate. It is a privacy layer that runs entirely in the user's browser and never receives PHI or any other data. By detecting PHI categories on-device and replacing them with reversible tokens before the prompt leaves the browser, Sonomos materially reduces the surface where PHI can leak — including to non-BAA Gemini, ChatGPT, or Claude accounts. It is complementary to a properly executed BAA program, not a substitute for one.

A short HIPAA + Gemini checklist

Decide which Google products your workforce may use for PHI: Workspace Gemini, Vertex AI, both, neither.
Sign the appropriate BAA (Workspace, Google Cloud, or both) covering the surfaces in scope.
Configure per the current Google HIPAA Implementation Guides (Workspace and/or GCP).
Block or proxy consumer Gemini endpoints at the network and identity layers.
Deploy a local-first redaction tool to every browser used by clinical and administrative staff.
Add AI-bound traffic to your DLP, CASB, and audit-log review.
Train staff specifically on what may and may not be sent — verify with periodic walk-throughs.
Re-assess annually; HIPAA-eligible Gemini feature lists change as Google ships new capabilities.

The bottom line

In 2026, "Is Gemini HIPAA compliant?" is the wrong question. The right questions are: which Google product am I using, which BAA covers it, is the configuration aligned with the Security Rule, am I sure my workforce is in the BAA-covered tenancy, and what happens when they aren't? Get those right and Gemini is a useful tool inside a HIPAA program — particularly for organizations already on Workspace or GCP. Skip any one of them and you are running on luck.

Is Gemini HIPAA Compliant? Workspace, Vertex AI, and the BAA in 2026