Skip to main content

Why doesn't BastionGPT have web search?

BastionGPT does not include web search because search engines are not HIPAA-covered. See why, and how to work with current guidelines safely.

J
Written by Josh Spencer

BastionGPT does not include live web search, and that is a deliberate compliance decision, not a technical gap. Search engines are not HIPAA-covered services, so an AI that sends pieces of your conversation into web searches can expose patient information the moment it looks something up. Here is why we made that choice, and the safest ways to work with current guidelines, codes, and standards in the meantime.

Can a HIPAA-compliant AI search the web?

Not with today's mainstream search infrastructure. When an AI performs a web search for you, part of your conversation is sent to a search engine to find results. Google and Microsoft Bing, the two providers behind nearly all web search, have both made clear that search queries are not covered by HIPAA protections. If patient details end up in a search query, that data is unprotected, and your organization has a potential HIPAA incident.

We would genuinely love to offer real-time search. Checking whether a Medicare LCD, billing code, or clinical guideline changed last month is exactly the kind of task an AI assistant should handle. But we hold every feature to the same rule: we will never ship a feature that could put your compliance at risk. Anywhere data can go, we assume patient data will go. The same reasoning is behind our decision not to offer cross-chat AI memory: a feature has to be safe for patient data before it ships.

Couldn't you remove patient details before searching?

We asked the same question early on. Automated de-identification is roughly 99.9% accurate, and at the scale we operate, the remaining fraction would still mean exposed patient records. Since the technology is not 100%, we take the safer path: we treat everything you enter as protected health information and keep it inside our protected environment, never in a search query. Our article on how BastionGPT is secure explains that posture in more detail.

Why can ChatGPT and other AI tools search the internet?

General-purpose AI tools are not built around patient data, so passing parts of a conversation to a search engine is a reasonable trade for them and their users. For everyday consumer questions, it works well. Applied to a clinical conversation, the same feature would move PHI into systems that offer it no protection, which is why a tool built for healthcare has to make a different choice. If another tool offers you both web search and a BAA, it is worth asking that vendor exactly what happens to patient data when the AI decides to search. Our post on how ChatGPT handles your data explains the contrast in more detail.

How do I work with the latest guidelines, codes, and standards?

Give the AI the source directly. BastionGPT reads the entire document you attach, so it works from the actual current text rather than what it remembers from training:

  • Attach the current reference to your chat. Upload the latest CMS or LCD standard, payer policy, coding update, or assessment guidance alongside your other documents, and ask the AI to apply it. See what types of documents are supported.

  • Save it once in a saved prompt. If you rely on the same standard every day, attach it to a saved prompt together with your instructions. Every new chat then starts already up to date, with nothing to re-upload.

  • Do the same through the API. Developers can include reference documents with each request, so automated workflows always apply the latest requirements.

The models themselves stay current too: we evaluate each new frontier model against roughly 200 real-world clinical use cases and typically bring it live within about three weeks of release. You can read more about the AI models that power BastionGPT. Every model still has a training cutoff date, though, so for anything brand new or specialty-specific, attaching the document is the reliable path. It also gives you something web search cannot: you choose the exact version of the standard the AI applies, rather than trusting whichever result a search happens to surface.

Will BastionGPT add web search?

We want BastionGPT to be a HIPAA-compliant AI with internet access just as much as you do, and we are evaluating approaches that could let the AI search the web without patient data ever reaching an unprotected system. What we will not do is ship it early. Web search will arrive when it meets the same bar as every other BastionGPT feature: safe for patient data, with your compliance never at risk.

In the meantime, if you are not sure how to bring a specific guideline or workflow into BastionGPT, email [email protected]. A free 30-minute session with one of our prompt engineers is often all it takes to set up a workflow that keeps your reference documents front and center.

Did this answer your question?