HIPAA AI Compliance (May 2026)
TL;DR: HIPAA-compliant AI requires six things: signed BAA, Zero Data Retention, encryption, access controls + audit, PHI minimisation, and breach notification. Anthropic, OpenAI Enterprise, Azure OpenAI, Google Vertex, and AWS Bedrock all sign BAAs. Consumer ChatGPT / Claude.ai do not.
The six HIPAA AI requirements
Business Associate Agreement
Every model provider and AI subprocessor that touches PHI must sign a BAA. Anthropic, OpenAI (Enterprise + Azure), Google (Vertex), AWS Bedrock, and major HIPAA-aligned hosts (Together AI Enterprise, Fireworks Enterprise) all offer BAA today. DeepSeek's hosted API does not. self-host or use a HIPAA-certified intermediary.
Zero Data Retention
The provider must not retain prompts, completions, or any derived signal for model improvement. Default-on for Anthropic paid contracts, available on OpenAI Enterprise, Gemini Vertex with appropriate contracts, and most major HIPAA-aligned hosts.
Encryption in transit + at rest
TLS 1.2+ in transit, AES-256 at rest. Standard across all major providers, confirm by reviewing the provider's SOC2 Type II report.
Access controls + audit
Unique user IDs, MFA, RBAC, automatic logoff. Every PHI-touching request audit-logged with caller identity, retained per OCR guidance.
PHI minimisation + de-identification
Strip identifiers before sending to a model wherever possible. Use Safe Harbor or Expert Determination methods per 45 CFR 164.514. Gateway-level PII redaction is the standard production pattern.
Breach notification
Documented incident response plan covering provider-side breaches and downstream notification. Most BAAs include 5-day breach notification clauses.
HIPAA-aligned AI stack
| Component | Options under BAA in 2026 |
|---|---|
| AI gateway with BAA | Swfte (BAA available), AWS Bedrock, Azure OpenAI, Google Vertex AI |
| Model providers under BAA | Anthropic (Claude Opus 4.7, Sonnet 4, Haiku 3.5), OpenAI Enterprise (GPT-5.5 Pro, GPT-5.5, GPT-5.5 mini), Google (Gemini 3.1 Pro, 3.0, 2.5 Flash via Vertex), AWS Bedrock host of Claude / Llama / Mistral |
| Open-weights self-host | DeepSeek V4 Pro, Llama 4, Mistral Large, Qwen 3 inside HIPAA-aligned VPC |
| Eval + monitoring (under BAA) | Swfte (built-in), LangSmith Enterprise, Langfuse Cloud Pro, Arize Phoenix self-host |
| PHI redaction / DLP | Swfte built-in, Microsoft Presidio (OSS), Google DLP, Skyflow, Nightfall AI |
| Audit log destination | Customer SIEM via OpenTelemetry export: Splunk, Datadog, Sumo Logic, Microsoft Sentinel |
Six HIPAA AI use cases that pay back
Clinical documentation
AI-assisted note generation from clinician dictation or ambient transcription. Models in scope: Claude Sonnet 4 (long context), GPT-5.5 (multimodal). Mature 2026 use case; Abridge, Nuance DAX, Suki AI are reference implementations.
Patient communication
Triage chatbots, post-discharge follow-up, appointment management. Conservative pattern, and full human review on every AI-drafted patient-facing message during initial deployment.
Revenue cycle management
Prior authorisation, claims processing, denial management, coding assistance. High ROI use case. typical 30-50% throughput improvement, but requires careful eval to avoid false approvals.
Clinical decision support
AI assistance for diagnosis, treatment planning, drug interaction checks. Higher-stakes, typically requires FDA SaMD review for any system making autonomous recommendations.
Provider operations
Scheduling, staffing, supply ordering, vendor management. Lower-stakes PHI exposure, faster ROI, common entry point for AI rollouts.
Research + analytics
De-identified data analysis, hypothesis generation, literature review. Strong fit for AI: PHI is not in scope when properly de-identified.
FAQ
Is AI HIPAA compliant?
AI itself is not "compliant" or "non-compliant"; the deployment is. An AI system handling PHI is HIPAA compliant when it satisfies six requirements: signed BAA with every PHI-touching provider, Zero Data Retention on those providers, encryption in transit + at rest, access controls + audit logging, PHI minimisation / de-identification where possible, and a documented breach notification process.
Which LLM is HIPAA compliant?
No LLM is HIPAA compliant in isolation, and compliance is a property of the deployment. With proper contracts (BAA + ZDR), the following are usable for PHI in 2026: Anthropic Claude (Opus 4.7, Sonnet 4, Haiku 3.5), OpenAI Enterprise / Azure OpenAI (GPT-5.5 Pro, GPT-5.5, GPT-5.5 mini), Google Gemini via Vertex (3.1 Pro, 3.0, 2.5 Flash), and AWS Bedrock-hosted models (Claude, Llama, Mistral). Self-hosted DeepSeek V4 Pro and Llama 4 inside a HIPAA-aligned VPC also qualify.
Does ChatGPT have a BAA?
OpenAI Enterprise offers a BAA. ChatGPT Plus and Team (consumer / SMB) do not. using those for PHI is a HIPAA violation. The cleanest deployment for healthcare-stack OpenAI is Azure OpenAI Service (full BAA, regional residency, MEDA enterprise procurement) or OpenAI Enterprise direct.
Does Anthropic Claude have a BAA?
Yes, Anthropic offers a BAA on paid API contracts and via AWS Bedrock / Google Vertex AI deployment paths. Claude.ai consumer (Pro and Team tiers) historically did not offer a BAA: verify current status before using for PHI.
Is DeepSeek HIPAA compliant?
DeepSeek's hosted API does not offer a BAA. For HIPAA workloads, the standard approach is to self-host DeepSeek V4 Pro inside a HIPAA-aligned VPC, or use a US-jurisdiction third-party host (Together AI Enterprise, Fireworks Enterprise) that offers a BAA on top of the open-weights model.
What is a HIPAA-compliant AI note taker?
A HIPAA-compliant AI note taker satisfies the six requirements above plus has clinical-specific evaluation (ambient transcription accuracy, ICD/CPT code accuracy, clinician edit rate). Notable products in 2026: Abridge, Nuance DAX Express, Suki AI, DeepScribe, Augmedix. For non-clinical meeting notes (admin, ops) Otter HIPAA tier and Microsoft Teams Premium with BAA are common.
How do I de-identify PHI before sending to an AI?
Two methods accepted under 45 CFR 164.514. Safe Harbor: remove the 18 specified identifiers (name, dates, geographic data finer than state, etc.) and ensure no actual knowledge of re-identifiability. Expert Determination: a qualified statistician certifies the risk of re-identification is very small. Production stacks typically use gateway-level PII redaction (Microsoft Presidio, Skyflow, Nightfall AI) for Safe Harbor pre-processing.
Is on-prem AI required for HIPAA?
No. Cloud AI under BAA + ZDR contracts is fully HIPAA compliant. On-prem AI is required only when the BAA + ZDR posture cannot be obtained, when the customer has organisational policy against cloud PHI, or when latency / sovereignty requirements demand it. Most 2026 HIPAA-aligned AI deployments run cloud-hosted via AWS Bedrock, Azure OpenAI, or Vertex AI.
What is the role of an AI gateway in HIPAA compliance?
The gateway centralises HIPAA controls. It enforces ZDR on every request, audits per-request access with PHI handling labels, applies PII / PHI redaction policies, restricts which models are allowed for PHI workloads, and provides the audit log retention required for OCR investigations. Without a gateway, every individual integration has to enforce these separately; and a single missed integration is a HIPAA violation.
What are the HIPAA fines for AI violations?
Same as any HIPAA violation, and tiered fines from $137 to $68,928 per violation per year, capped at $2,067,813 per identical-violation annual maximum (2026 indexed amounts under the HITECH Act). State enforcement and class action exposure typically dwarf federal fines in practice. Criminal penalties up to $250,000 + 10 years for wilful violations.
Run HIPAA-compliant AI on a BAA-backed runtime
Swfte signs a BAA, enforces ZDR on every supported provider, and ships PHI redaction + audit logging at the gateway. On-prem deployment available.
Free tier · OpenAI-compatible API · SOC2 Type II · On-prem available