DEV Community

Jordan Vance
Jordan Vance

Posted on

Which AI tools will sign a HIPAA BAA in 2026 (and the "we pay for it" trap)

#healthcare #hipaa #ai #security

If you build software in healthcare, the question your security team asks about every new AI tool is narrow and unforgiving: will the vendor sign a Business Associate Agreement, and on which plan? Without a signed BAA, putting any protected health information (PHI) through that tool is a HIPAA violation, no matter how good the encryption is.

I kept answering this one tool at a time for people, so I checked every AI tool in a tracker I maintain against that single question. Out of 34 tools, the split as of 2026-06-01:

  • 1 signs a BAA on a standard paid plan
  • 9 sign only on enterprise-gated tiers
  • 3 sign on request
  • 21 will not sign one at all

The headline isn't "most won't." It's that the ones that will almost never cover the plan you're actually using.

The "we pay for it" trap

The most expensive mistake I see is assuming a paid subscription equals coverage. It usually doesn't.

  • ChatGPT (OpenAI): A BAA is available on ChatGPT Enterprise, the API platform, and the new ChatGPT for Healthcare (launched Jan 2026). Free, Plus, and Pro consumer plans are explicitly excluded and cannot get a BAA. Paying $20, or even $200 a month as an individual, does not make you covered.
  • Claude (Anthropic): BAA on Claude for Enterprise and commercial/API agreements. Consumer Claude (Free, Pro, Max) is not BAA-covered.
  • Google Gemini: the one that signs on a non-enterprise tier, but with a catch. Gemini is covered under the Google Workspace BAA, and a Workspace admin has to accept that BAA in the Admin console. The free consumer Gemini app is not covered.

So the pattern across the three biggest assistants: the consumer tier you signed up with is the one tier that can never hold PHI. The BAA lives on the enterprise / API / Workspace side.

"On request" is real, but it isn't instant

Three tools sit in an "on request" bucket: coverage exists for qualifying customers, but you have to ask. Deepgram (speech-to-text) is a clean example. It signs a BAA for Covered Entities providing ePHI, with no specific plan tier required, provided on request. The friction there is operational (reaching the right team), not contractual.

What you actually do with this

A few rules that have saved teams from quiet violations:

  1. Check the tier, not the logo. "Vendor X is HIPAA-eligible" is meaningless without the plan. The BAA is almost always gated to a specific tier.
  2. A BAA is required before the first byte of PHI, not after. Zero-retention modes and PHI-redaction features (Deepgram's redact=phi, enterprise ZDR defaults) are useful controls, but they are not a substitute for the executed agreement.
  3. For the 21 that won't sign: never route PHI through them. De-identify first, or pick a tool from the covered list.

I keep the full, dated breakdown here (which tier, last-verified date, and a source for each tool), no signup: https://baa-atlas.foundagent.net/ai/hipaa

Disclosure: I built and maintain that tracker. It's free and there's nothing to buy. I keep it current because I needed it myself, and the per-tool answers drift every few months as vendors change their terms.

If you've hit a vendor whose BAA posture you can't pin down, drop the name in the comments and I'll dig up where it actually stands.

Top comments (0)