I cannot figure out how to securely send potentially HIPAA-related data to Gemini. What I gleaned by reading through the various Terms and Conditions, is that as long as Gemini for Workspace is used, sending HIPAA-relevant data to Gemini is safe. Unfortunately, there is no way to find out where the heck my Workspace Gemini IS! I’ve gone through my Workspace and enabled Gemini, but there is no URL to my safe Gemini Workspace!!
Does anyone know what the URL is for MY SPECIFIC WORKSPACE’S GEMINI instance?
The available docs are NOT CLEAR:
The word “gemini” is not even referenced in the Google HIPAA Guide…
We’re told to “turn Gemini off” to maintain HIPAA compliance…but then told to only use Gemini for Workspace…well if I turn it off for my org, how are we supposed to use it in Workspace?
Not a lawyer. Still, for a layperson, it reads as if application in medicine is not exactly encouraged by Google. Probably with good reasons. Just my $0.02.
That being said, in Google terms far, far away (typical in that no Google docs are organized in a simple, one-stop-shop manner), there is some HIPAA terminology:
This source says Gemini for Google Workspace is HIPPA compliant.
This same resource says that gemini.google.com is not HIPPA compliant
Though this general Google APIs Terms of Service says “Unless otherwise specified in writing by Google, Google does not intend use of the APIs to create obligations under the Health Insurance Portability and Accountability Act, as amended (“HIPAA”), and makes
no representations that the APIs satisfy HIPAA requirements. If you are (or become) a “covered entity” or “business associate” as defined in HIPAA, you will not use the APIs for any purpose or in any manner involving transmitting protected health information to Google unless you have received prior written consent to such use from Google.”`
I’ll take it the Google Workspace terms listed above are this “Written consent”
But before moving to PROD, this should be vetted by a reputable legal team.