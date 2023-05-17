



Privacy and security are paramount when it comes to healthcare. The Health Insurance Portability and Accountability Act (HIPAA) sets standards for the protection of sensitive patient data. Businesses dealing with Protected Health Information (PHI) must ensure that all necessary physical, network and process security measures are in place and adhered to. But is Google’s AI Bard HIPAA compliant? Let’s take a closer look at the details.

What is Google’s AI, Mr. Byrd?

Bard is an artificial intelligence system designed to have natural human-like conversations. It’s a powerful tool that can be used in a variety of applications, from personal assistance to business operations. However, its use in medical settings raises questions about compliance with HIPAA regulations.

Is Bard covered by Google’s Business Associate Agreement?

There are major considerations regarding Google and its ability to provide HIPAA-compliant services, and whether that extends to its AI tool, Bard.

Let’s start with a quick summary of terminology. HIPAA is a federal law that protects the privacy of an individual’s personal health information, also known as Protected Health Information (PHI).

As previously explained, HIPAA applies to covered entities such as health care providers, health insurance plans, and health clearinghouses. This also applies to business associates of these covered entities. These are entities that perform specific functions or activities on behalf of covered entities.

A Business Associate Agreement (BAA) is a written agreement between a Covered Entity and a Business Associate. Required by law for HIPAA compliance. In Bard’s case, if she offers a service to a customer who stores, processes and transmits her PHI on an email platform, that service definitely falls into the business associate category.

I checked the Google Bard site and found no mention of HIPAA compliance or willingness to sign a BAA in the FAQ section.

Google has signed BAAs for certain services, as described in our supporting documentation. However, Bard is not one of those services. This means that Google has not signed Bard’s BAA, which is a key component of his HIPAA compliance.

Is Bard covered by Google’s HIPAA feature?

Google’s HIPAA capabilities primarily cover various services within Google Workspace and Google Cloud Platform (GCP). Unfortunately Byrd is not included in this list. This means that while Google offers his HIPAA-compliant service, Bard is not covered by that service.

How does Bard handle incoming conversations?

According to Bard’s FAQ, conversations are used to train AI systems. They added, “We take your privacy seriously and do not sell your personal information to anyone. To help improve Bard while protecting your privacy, we use the We use automated tools to help select subsets and remove personally identifiable information.Examples of these conversations include:” Can be reviewed by trained reviewers, Google accounts and are stored separately for up to three years. ”

While this shows a commitment to privacy, it doesn’t necessarily align with HIPAA compliance. Without a BAA in place, and without specific assurances about handling PHI, healthcare organizations should exercise caution.

The bard’s FAQ states, “Do not include information that can be used to identify you or others in bard conversations.”

medical training and bard

Byrd also claimed to have no training in medical data, and when asked, “I was not designed to be used in a HIPAA compliant manner. “It doesn’t have the right security and privacy features. Plus, I don’t.” I am not trained in medical terminology, so I may not be able to provide accurate and helpful information about medical conditions and treatments. ”

Conclusion

Google’s AI Bard is a powerful tool with potential medical applications, but it may not be HIPAA compliant at this time. Bard should not be used in situations where you may come into contact with PHI unless you are covered by the BAA and excluded from Google’s HIPAA feature.

