Design the system so the raw genome and any PHI never leave the device.
Concretely: ingestion, chunking, embedding, indexing, and retrieval all run on-device. Only the minimum necessary crosses the network for generation — ideally just the user's query plus the specific retrieved snippet text needed to answer, and only to an endpoint you control or that has a BAA.
Enforce this with: Outbound guard — a single guard in the generation client that asserts the payload contains only {query + retrieved chunks} and nothing else Audit log — a record of every outbound call (what model, which chunk ids, timing — never the secrets) Document the boundary in-app so users can see it.