AI Business Associate Agreements (BAAs) in 2026: Which Vendors Will Sign One, and What That Actually Covers

If your organization is a HIPAA covered entity or business associate and an AI tool will see protected health information (PHI), the Business Associate Agreement (BAA) is the line. Without one, the AI vendor isn't a contractor of yours under HIPAA — they're a third-party processor receiving PHI without authorization, and your transmission is the breach regardless of whether anything ever leaks. With one, the vendor has assumed contractual obligations to safeguard PHI according to HIPAA's Security Rule and to notify you of incidents.

But "Vendor X offers a BAA" is not the same statement as "I can use Vendor X for PHI." Every major AI vendor that offers BAAs in 2026 offers them with specific product-tier eligibility, specific feature exclusions, and specific configuration requirements. Getting the BAA in place is step one; understanding what's actually covered under it is the work most healthcare organizations skip.

This guide walks through what BAAs actually do, which AI vendors will sign one as of May 2026, and where the most common coverage gaps sit.

What a BAA does — and what it doesn't

A BAA is a written contract required by 45 CFR § 164.504(e) between a covered entity (or business associate) and any third party that creates, receives, maintains, or transmits PHI on its behalf. It obligates the vendor to:

• Use PHI only for purposes set out in the BAA
• Implement administrative, physical, and technical safeguards aligned to the HIPAA Security Rule
• Report security incidents and breaches
• Make books and records available to HHS upon request
• Return or destroy PHI when the BAA terminates
• Bind subcontractors who touch PHI to the same obligations

What a BAA does not do:

• Convert your overall workflow into a HIPAA-compliant workflow on its own
• Cover product surfaces or features that are excluded from BAA scope
• Shift workforce training, access control, minimum-necessary enforcement, audit logging, or risk analysis responsibilities to the vendor
• Authorize use of PHI in features the vendor explicitly excludes from coverage

The phrase that compliance teams should internalize: a BAA covers the vendor's HIPAA obligations on the surfaces it explicitly covers. Everything else is yours.

Vendor-by-vendor: BAA posture as of May 2026

The facts below are drawn from each vendor's own published guidance as of May 2026. Vendor posture changes; verify current status on the vendor's compliance page before contracting.

Anthropic (Claude)

Anthropic offers BAAs for two surfaces only: the first-party Claude API, and HIPAA-ready Claude Enterprise plans. The HIPAA-ready Enterprise plan is sales-assisted only — the default Enterprise plan does not include BAA coverage; the Primary Owner must navigate to Organization Settings > Data and Privacy > HIPAA Compliance, accept the BAA, and explicitly enable HIPAA mode. Anthropic describes this enablement as "a one-way decision."

Covered surfaces under the Enterprise BAA: chat, projects, artifacts, file creation and code execution (excluding network/external sites), voice, web search, research, and skills.

Surfaces NOT covered by Anthropic's BAA: Claude Free, Pro, Max, Team, self-serve Enterprise, Claude Cowork, Workbench, Console, Claude Code (unless Zero Data Retention is separately enabled — ZDR is sales-assisted and not automatic), Claude in Chrome, third-party MCPs/connectors, Enterprise Search ("Ask Your Org"), and research previews.

Notable: BAAs signed with Anthropic before December 2, 2025 cover Claude API usage only. A separate BAA is required for the HIPAA-ready Enterprise plan unless the agreement was signed after December 2, 2025 (which can cover both).

OpenAI (ChatGPT and API)

OpenAI offers BAAs for two paths: the OpenAI API for healthcare workloads, and sales-managed ChatGPT Enterprise/Edu accounts (including the dedicated ChatGPT for Healthcare offering).

Important constraints:

• ChatGPT Free, Plus, Pro, Team, and self-serve Business are not eligible for a BAA. PHI in these tiers is a HIPAA violation.
• The API BAA covers only endpoints eligible for Zero Data Retention (ZDR). Several API features — including (historically) Assistants, Threads, the Files API, image generation, and image inputs to chat — have been excluded from ZDR coverage at various points. Verify current ZDR-eligible endpoints with OpenAI before designing PHI workflows.
• ChatGPT Enterprise eligibility has historically been limited to sales-managed accounts with significant annual commitments. Verify current eligibility requirements.

Microsoft (M365 Copilot, Azure OpenAI)

Microsoft's HIPAA BAA is delivered through the Microsoft Online Services Data Protection Addendum and covers Microsoft 365 Copilot under commercial/enterprise tenants. The HIPAA BAA does not cover Microsoft 365 Family or Personal subscriptions, so Copilot accessed under a personal Microsoft account is not BAA-covered regardless of what feature it's used on.

Azure OpenAI Service is also Microsoft's HIPAA-eligible path for API access to OpenAI's models routed through Azure, again under the Microsoft Online Services DPA.

Google (Workspace with Gemini, Vertex AI)

Google Workspace with Gemini (Business/Enterprise tiers) became HIPAA-eligible under Google's BAA in late 2025. Consumer Gemini accessed through personal Google accounts is not HIPAA-eligible. Some experimental Gemini features and Gemini in Chrome have been excluded from BAA scope at various points; verify the current "HIPAA Included Functionality" list in the Google Workspace compliance documentation before relying on a given feature with PHI.

Vertex AI on Google Cloud is the API-tier path with BAA eligibility for Gemini models, configured under the Google Cloud HIPAA BAA.

AWS (Bedrock with Anthropic, Mistral, Meta, others)

AWS will sign a BAA covering HIPAA-eligible AWS services, and Amazon Bedrock is among them. This allows organizations to use Anthropic's Claude models (and other models hosted on Bedrock) under an AWS BAA. Verify that the specific model and configuration you intend to use is in the HIPAA-eligible list and that your AWS configuration follows the HIPAA-eligible reference architecture.

Common coverage gaps that catch compliance teams

The product tier mismatch. A consumer or self-serve tier of an otherwise BAA-eligible product is not BAA-covered. Free Claude, ChatGPT Plus, M365 Family Copilot, consumer Gemini — none of these are HIPAA-covered regardless of how careful the user is.

The feature exclusion. Even within a BAA-covered tier, specific features can be excluded. Examples that have been excluded at various points: Claude Code (without ZDR), Anthropic MCPs/connectors, OpenAI API endpoints not on ZDR, Gemini in Chrome, Claude in Chrome. Read the vendor's current feature scope table.

The personal account. A clinician with a covered Enterprise tenant for the organization who logs in under their personal account is using the consumer surface, not the Enterprise surface. Workforce training should be explicit about this.

Shadow AI. A 2026 industry survey found 17% of healthcare professionals admitted to using unauthorized AI tools. Shadow AI is the most common BAA-coverage gap because it routes around the BAA entirely.

Pasting PHI into a covered tool with no minimum-necessary control. Even when the tier and feature are BAA-covered, pasting "Patient Jane Smith, MRN 4478821, DOB 03/15/1962, dx breast cancer" into the prompt without minimum-necessary filtering is the kind of disclosure HIPAA's Privacy Rule does not authorize. Tooling that enforces minimum-necessary at runtime (de-identification before prompt submission) is the next layer above the BAA.

The subcontractor flow. When you use a vendor-built application that itself uses an AI API, you need a BAA with the application vendor — and that application vendor needs a BAA with the AI provider. Walk the chain explicitly.

What to do before the first PHI prompt

1. Confirm vendor and tier eligibility in writing on the vendor's current compliance page.
2. Execute the BAA (sales-assisted; this typically takes 2-8 weeks).
3. Read the feature scope table for the BAA-covered tier. Document which features your workflow uses and verify each is covered.
4. Configure the tier per the vendor's HIPAA implementation guide (Anthropic, Google, Microsoft, OpenAI, and AWS each publish one). Some controls — Zero Data Retention, training opt-out defaults, audit logging — require explicit configuration.
5. Update your workforce training to include the specific tier and features authorized for PHI, with explicit instructions not to use consumer or self-serve tiers.
6. Implement minimum-necessary controls at the prompt layer (de-identification, filtering, runtime DLP) so the only PHI reaching the AI is what the workflow actually requires.
7. Audit and log AI usage in the same way you audit other PHI-touching systems.
8. Update your HIPAA risk analysis to reflect the new AI workflow, the BAA, and the residual risk.

What this guide is — and what it isn't

This is a starting orientation, not a compliance opinion. The BAA landscape moves; vendor scope statements change with product updates; your facility's risk analysis is the document that determines what's actually appropriate. For specific decisions about which AI products to authorize for PHI use in your environment, consult your privacy officer and HIPAA counsel.

If your organization is building out the AI documentation review function more broadly, the Healthcare Compliance Officer profession hub and the healthcare compliance officer Claude plugin are starting points for the directional-screen layer of the workflow.

---

This article is general HIPAA-compliance orientation as of May 2026. AI vendor BAA terms, eligible products, feature scope, and configuration requirements change. Verify all vendor-specific statements against the vendor's current compliance documentation before relying on them. This article does not constitute legal advice or a compliance opinion; consult your privacy officer and HIPAA counsel for your organization's specific situation. Sources: vendor compliance pages (Anthropic Privacy Center, OpenAI Help Center, Microsoft Online Services DPA, Google Workspace compliance, AWS HIPAA Eligible Services), HHS OCR HIPAA Privacy Rule (45 CFR § 164.504(e)), and industry HIPAA-AI analyses as of April-May 2026.