Are AI Tools HIPAA Compliant?
Short answer: some are, with the right enterprise tier and a signed BAA. Here is what you need to know before letting an AI tool near PHI.
What HIPAA-Compliant Actually Requires
- Business Associate Agreement (BAA) signed with the vendor.
- Technical safeguards (encryption in transit and at rest, access controls, audit logs).
- Administrative safeguards (workforce training, incident response).
- The vendor stays HIPAA-compliant on its end of the relationship.
HIPAA does not certify products. There is no "HIPAA seal." Vendors either offer a BAA and meet the safeguards or they do not.
AI Vendors Offering BAAs (Mid-2025)
- Anthropic — BAA available on enterprise/scale tiers.
- OpenAI — BAA available on Enterprise and through API with appropriate plan.
- Google Cloud Vertex AI — BAA available; Gemini through Vertex.
- Microsoft Azure OpenAI — BAA standard; preferred by many healthcare orgs.
- AWS Bedrock — BAA available; gives you Anthropic, Cohere, Llama through one BAA.
What BAAs Typically Do Not Cover
- Free-tier or consumer products (Claude.ai free, ChatGPT free/Plus).
- Beta features or new model releases not yet in scope.
- Logging or analytics tools attached to the AI.
- Subprocessors not on the BAA's flow-down list.
Architecture for HIPAA-Safe AI in SaaS
- Use a cloud provider's AI (Azure OpenAI, Bedrock, Vertex) where you already have a BAA — fewer agreements to manage.
- De-identify data before it touches the model when possible. Less PHI in prompts means less risk surface.
- Disable logging at the model layer (most providers offer this for HIPAA tier).
- Audit-log every prompt on your side to comply with PHI access tracking.
- Set retention policies on prompt/response data to match your HIPAA retention rules.
Common Mistakes
- Pasting PHI into ChatGPT or Claude consumer interfaces (no BAA, training opt-in default).
- Using a wrapper SaaS tool without verifying its BAA flow-through.
- Treating de-identified data as not-PHI when it could be re-identified.
What to Do Next
If you handle PHI: route AI through Azure OpenAI, AWS Bedrock, or Google Vertex with a signed BAA. Avoid consumer-tier AI products entirely. Document the data flow and the BAAs in your security review for every audit.