BastionGPT: Reviewing HIPAA Compliance and Key Features

What is BastionGPT?

BastionGPT is an AI tool designed explicitly for healthcare professionals. It utilizes the most powerful AI models to answer questions based on reputable healthcare, summarize documents, and transcribe audio files. All while keeping healthcare information private and maintaining compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Ideal use cases for BastionGPT include:

• Mental health experts and school psychologists can rely on BastionGPT to create reports and agendas, manage documentation, and transcribe audio files.
• Medical professionals can utilize BastionGPT as a safety net to identify inconsistencies and errors in patient data, summarize records, and extract key medical findings.
• Durable medical equipment companies can use Bastion for note-taking, drafting letters, summarizing clinical documentation, and organizing sensitive patient data.
• PTs, OTs, and sports medicine professionals can use Bastion to draft SOAP notes, SMART goals, and treatment plans.

Is BastionGPT HIPAA Compliant?

Yes, "BastionGPT is engineered to support the requirements of both HIPAA and 42 CFR Part 2 for the handling of sensitive health information." They do this by using "HIPAA-compliant versions of leading AI models that are not publicly available." (ie. they are in private environments)

In addition, all subscription plans automatically include a Business Associate Agreement.

BastionGPT vs. ChatGPT 

Other AI technologies, such as ChatGPT, are powerful tools, but they lack HIPAA compliance. That means healthcare professionals who include private healthcare data when using a tool like ChatGPT are in violation. Violations of HIPAA regulations can result in large fines, criminal charges, reputation damage, and employee termination.

On the other hand, BastionGPT is designed to exceed HIPAA requirements.

BastionGPT Review: Key Features

• Scalable Pricing Plans

  BastionGPT's technology is powerful, but it's not financially prohibitive. At the time of this writing, Bastion has three-part, scalable subscription plans you can choose from based on your unique situation.

  1. Professional
  2. Professional Plus
  3. Enterprise

  Professional	Professional Plus	Enterprise
  $20 per user monthly	$45 per user monthly	$65 per user monthly
  Access to powerful AI models Direct document upload capability up to 10,000 words long  HIPAA security and compliance Unlimited audio transcription	Everything from the Professional plan Multiple document upload capability up to 150,000 words Analysis of images, graphs, and charts Early access to updated AI models	Everything from the Professional and Plus plans Customizable security procedures Single Sign-On capability Runs locally within your company's cloud

• Minimization of Pseudoscience

  Multiple AI technologies make up BastionGPT. It's designed to use the most effective AI model tool based on your inquiry. This includes licensed versions of:

  • GPT-4.1
  • GPT-5
  • Open AI O3
  • Claude Opus 
  • Google Gemini 3 Pro

  While using these technologies is not unique, per se, what makes BastionGPT different is that it's specifically designed to minimize pseudoscience. Instead, it encourages the usage of good, hard, evidence-based healthcare science.

• Direct Document Uploads

  You can copy and paste text of any kind into BastionGPT (and other AI models). But what makes BastionGPT super powerful for healthcare professionals is its direct document upload capability.

  You can directly upload PDF, TXT, and Word documents. In addition, with Bastion's Professional Plus and Enterprise price plans, you can upload images (JPG, GIF, TIF) and additional file formats (Excel, CSV, PowerPoint, and HTML).

• No Question Limit For Regular Usage

  BastionGPT's prices are affordable, at least currently. This might lead you to believe that there is a hard limit on the volume of queries you can ask Bastion or the number of documents you upload, according to your subscription plan.

  Thankfully, that is not the case. Bastion's initial affordability is possible thanks to its monitoring system that prevents bot use and account sharing. Normal usage of BastionGPT by a regular healthcare provider does not trigger its limits.

• Siloed Memory Within Individual Chats

  To prevent leakage of a patient's sensitive information, BastionGPT's memory is siloed within the individual chats you create. In other words, it will only remember information within a single chat session. It will not build a model of your entire chat history, nor will it remember details across your different chats. This is a deliberate design feature to protect client privacy and meet healthcare compliance regulations.

• Best-in-Class Security Practices

  BastionGPT employs what they call "a defense-in-depth" strategy. Their strategy includes regular internal risk assessments. In addition, BastionGPT conducts 3rd-party penetration tests. The penetration test is designed to identify vulnerabilities and strengthen defenses. Bastion also conducts code reviews during every code deployment.

  Information submitted to BastionGPT is limited to a need-to-know basis, in accordance with the principle of least privilege. Chat history is stored on a secure cloud server and deleted after 30 days. Chat history is not provided to OpenAI and is not used to train other AI models.

  No information is shared with a third party, apart from Microsoft. It's important to know that BastionGPT has all the requisite HIPAA Business Associate Agreement security assurances with Microsoft to ensure sensitive information remains secure.

  Their system maintains an A with SecurityScorecard.

  For the most up-to-date information regarding Bastion's current security and compliance protocols, you can review the BastionGPT FortaTech portal page.

Tips For Getting Started With BastionGPT

BastionGPT offers a seven-day free trial of its Professional and Professional Plus subscription plans. Try for yourself. If you like it and want to move forward, here are some helpful next steps:

• Communicate Naturally

  When interacting with BastionGPT, it's recommended to communicate naturally, as if you are speaking with a colleague. Over time, you can focus more on deploying specialized techniques for crafting prompts to elicit better responses from Bastion.

• Use the Dictation Microphone Feature

  Most of us are faster talkers rather than typers. So, to be the most efficient, you can use Bastion's dictation microphone capability for voice dictation to create a prompt instead of typing.

• Create Model Scripts

  To save time and get the AI model to communicate like you prefer, you can give it an example or a model. With your model, Bastion can mimic your writing style, formatting, and tone.

  You can also add details such as your personal preferences, company policies, billing and coding guidelines, or other background info you want to train the AI with. The AI can then use that information as a form of memory moving forward.

• Modulate Bastion's Response Mode

  BastionGPT defaults to an "auto detect" mode when responding to your prompts. Using the auto-detect mode is perfectly fine for starting. However, it's helpful to know you can manually switch to other response modes such as "analytical" and "creative."

  The analytical mode is suitable for structured, detailed outputs, such as generating summaries and reports. The analytical response mode can take longer due to the material's density (15-20 seconds). On the other hand, the creative response mode can help brainstorm intervention ideas more quickly.

• Review All AI Answers

  AI models like BastionGPT are impressively intelligent. And they are getting smarter every day. However, they are not perfect and they make mistakes. New users of BastionGPT need to be aware of this inevitability.

  Further, Bastion users must carefully review the sources and responses they receive. And correct Bastion when necessary. Remember– BastionGPT is an extra set of eyes assisting your healthcare practice. But you are still the healthcare expert.

Staying HIPAA Compliant In The Age Of AI

It's understandable to have some trepidation around HIPAA compliance and AI models. Sometimes AI memory  can leak sensitive information. Nonetheless, AI tools in healthcare, like BastionGPT, are increasingly becoming more popular. And to a large extent, they do an excellent job of maintaining HIPAA compliance.

Therefore, due to AI's growing popularity in healthcare, most institutions are in a "when AI is implemented" situation and not an "if AI is implemented" situation. 

We know the transition process comes with many questions. For a one-stop resource center on HIPAA, its impact on businesses, and how your organization can prepare for HIPAA compliance, please visit our HIPAA Resource Center.

Giva's AI Copilots: Bringing HIPAA Compliance to Your Support Teams

Giva's help desk, customer service and ITSM software also use a secure and private Microsoft Azure implementation for its AI Copilots. Leveraging the Microsoft Azure and OpenAI partnership, this ensures top-tier data privacy and security:

• Private and Secure Instance

  Giva operates within a dedicated Azure environment

• Data Protection

  Your prompts, completions, and data are:

  • Not available to other Microsoft or OpenAI customers
  • Not available to Microsoft or OpenAI to train or improve models
  • Not used to improve any Microsoft, OpenAI or 3rd-party products or services

• HIPAA Business Associate Agreement (BAA)

  Giva has a BAA with Microsoft, ensuring HIPAA compliance, and Giva will sign your BAA as well

Discover how Giva can partner with you in all of your support software needs. Get a demo to see Giva's solutions in action, or start your own free, 30-day trial today!

BastionGPT Frequently Asked Questions (FAQs)

• Compliance, Safety and Data Privacy Concerns

  • Is BastionGPT safe for handling sensitive medical data?

    Yes. BastionGPT uses private, healthcare-specific AI deployments and security layers like encryption, strict access controls, and short retention windows to keep PHI protected.

  • Does BastionGPT store or train models on my information?

    No. BastionGPT never uses your data to retrain or improve its models. Your uploads and prompts stay private and are automatically removed after a short retention period.

  • How does BastionGPT compare to other HIPAA-compliant AI tools?

    BastionGPT stands out because it uses multiple top-tier models (GPT-4.1, GPT-5, Claude Opus, Gemini 3 Pro, etc.) and selects the one most appropriate for each clinical task, something most HIPAA-aligned tools do not offer.

  • How does BastionGPT manage memory and patient information across chats?

    Memory is intentionally siloed so PHI from one patient's chat never mixes with another. This helps support HIPAA and 42 CFR Part 2 privacy standards.

• Clinical Use Cases and Documentation

  • What can BastionGPT help mental health providers and therapists do?

    Therapists can create progress notes, generate treatment plans, summarize sessions, or convert spoken or raw text into clear, structured documentation.

  • Can BastionGPT assist with SOAP notes or progress notes?

    Yes. BastionGPT can organize dictation or uploaded content into a complete SOAP or progress note while highlighting missing details providers may want to add.

  • Can BastionGPT help reduce documentation mistakes or inconsistencies?

    It can identify potential issues such as mismatched dosages, missing vitals, unclear timelines, or inconsistent problem descriptions--helping catch errors early.

  • Can BastionGPT work with EHR exports, PDFs, or clinical attachments?

    Yes. BastionGPT can analyze common EHR-exported PDFs, TXT files, and Word documents to extract key information, summarize encounters, or prepare referral content.

  • Does BastionGPT support voice dictation for notes?

    Yes. Providers can dictate notes hands-free, and BastionGPT will format them into structured clinical documentation or summaries.

• Features, Models and Workflow Integration Related

  • Which AI models power BastionGPT?

    BastionGPT uses a private mix of top AI models and automatically routes each query to the engine most likely to produce clinically accurate results.

  • Are there usage limits for how many questions or documents I can submit?

    Typical daily provider usage doesn't hit any limits. Only unusually high-volume or automated activity triggers protective rate controls.

  • Which BastionGPT plan is best for my clinic or organization?

    Smaller practices often choose the Professional plan, while clinics needing large-file handling or unlimited transcription prefer Professional Plus. Enterprises needing SSO or custom security typically use the Enterprise tier.

  • Does BastionGPT promote evidence-based results and minimize pseudoscience?

    Yes. BastionGPT is built to prioritize medically grounded, evidence-based information and reduce speculative outputs by choosing the most reliable model for each task.

  • Can BastionGPT integrate smoothly into my existing clinical workflow?

    Most providers incorporate BastionGPT through templates, dictation, and document uploads. Response modes (analytical, creative, or auto-detect) help tailor the output to your workflow.