Registry / HIPAA BAA
Which AI providers offer a HIPAA BAA?
Business Associate Agreement availability across major AI model offerings, with sources and verification dates. The cell answers: Will they sign a HIPAA Business Associate Agreement covering this offering? Statuses below are evidence grades, not endorsements, “no public evidence” means we could not verify it from public sources, not that the answer is no.
BAA for the API is requested via [email protected] and reviewed case-by-case; no enterprise agreement is required. Critically, the API BAA covers only endpoints eligible for Zero Data Retention, a signed BAA with calls to non-ZDR-configured endpoints can be out of scope.
Microsoft's HIPAA BAA is included by default in customer agreements: the DPA states "execution of customer's volume licensing agreement includes execution of the HIPAA Business Associate Agreement", no separate signature required. BAA applies to in-scope Azure services; the service-level scope list (confirming Azure OpenAI / Microsoft Foundry) is in the gated STP "Microsoft Azure Compliance Offerings" appendix, so confirm scope inclusion before relying on it for PHI workloads.
BAA available for the first-party API: contact Anthropic sales to sign a BAA, then Anthropic provisions a dedicated HIPAA-enabled organization that automatically blocks non-eligible features (400 error). Historically HIPAA required ZDR; HIPAA-ready API access now removes that requirement. Only a feature subset is eligible (Messages API yes; Batch/Files/code execution/web fetch no). Covered Models (Claude Fable 5 / Mythos 5) require 30-day retention and are not usable with ZDR enabled. Also documented at privacy.claude.com article 8114513 ("Business Associate Agreements (BAA) for Commercial Customers").
Amazon Bedrock is on AWS's public HIPAA Eligible Services list. PHI use requires first entering the AWS Business Associate Addendum (accepted self-serve via AWS Artifact agreements). default=requires_config because the BAA must be accepted and workloads confined to eligible services before PHI is in scope.
Google Cloud offers a self-serve BAA covering its entire infrastructure, and Vertex AI Platform functionality (e.g. Vertex AI Workbench, Agent Engine) appears among HIPAA-included products. However, public evidence that Anthropic Claude partner models specifically are HIPAA-included functionality on Vertex AI was not found; Google documentation cautions that not all Model Garden LLMs support HIPAA. Graded partial pending confirmation that Claude models are on the HIPAA-included functionality list. Human review recommended.
"Google will enter into Business Associate Agreements with customers as necessary under HIPAA." The BAA-covered-products list includes "Gemini Enterprise Agent Platform" and "Generative AI on Gemini Enterprise Agent Platform" (the renamed Vertex AI; the old "Vertex AI" name no longer appears). BAA is executed self-serve via account settings (support.google.com/cloud/answer/6329727). requires_config: customer must execute the BAA and restrict use to covered products.
Amazon Bedrock is on the AWS HIPAA Eligible Services Reference. Customers must enter into the AWS Business Associate Addendum (self-serve via AWS Artifact) before processing PHI in eligible services. Marked requires_config: the BAA must be accepted and workloads configured per AWS's HIPAA guidance; eligibility is not automatic protection.
No public statement that Mistral will sign a HIPAA BAA covering La Plateforme, and no HIPAA article in the help-center compliance collection. Marketing (mistral.ai/solutions) mentions "HIPAA-compliant solutions" for healthcare without specifying deployment mode; this most plausibly refers to on-premise/private-cloud deployments, not the shared API.
no public source · full cell
Microsoft's HIPAA BAA is automatically part of the Product Terms/DPA for all covered-entity customers, but it applies only to "in-scope Azure services," and the in-scope list is in the gated Azure Compliance Offerings document on the Service Trust Portal. Public documentation does not confirm whether Mistral serverless (MaaS) or Foundry Models deployments are HIPAA in-scope; partners-and-community models are Non-Microsoft Products under the Product Terms, which typically fall outside BAA coverage. Graded partial: BAA is public and default for Azure, coverage of this specific offering is not publicly enumerated.
Documented negative for this offering: the trust center FAQ states Cohere "may execute a Business Associate Agreement (BAA) for custom model development engagements" but that the BAA "does not cover Cohere hosted products and applications such as Cohere's SaaS services" - i.e. no BAA for the hosted Cohere API. A Nov 2025 cohere.com blog announced BAA availability for healthcare custom-model work (lead only, not cited).
Platform-level (AWS). Amazon Bedrock is on the AWS HIPAA Eligible Services list; customers must execute an AWS Business Associate Addendum before processing PHI (requires_config: the BAA must be accepted and workloads configured per AWS guidance, eligibility is not automatic protection). Covers Cohere model invocations as Bedrock traffic.
Amazon Bedrock is on AWS's public HIPAA Eligible Services list, which covers Llama models served through Bedrock. PHI use requires first entering the AWS Business Associate Addendum (accepted self-serve via AWS Artifact agreements). default=requires_config because the BAA must be accepted and workloads confined to eligible services before PHI is in scope.
Microsoft offers a HIPAA BAA by default to covered entities/business associates via the Product Terms and DPA ("execution of customer's volume licensing agreement includes execution of the HIPAA Business Associate Agreement"), no separate signature needed. However, the BAA applies only to "in-scope Azure services", and the in-scope list (Appendices of the Microsoft Azure Compliance Offerings document) is a gated STP PDF; public docs do not explicitly confirm that third-party serverless MaaS model deployments (Llama) are HIPAA-BAA-in-scope. Graded partial for that gap.
The API security FAQ tells customers to "complete our BAA Questionnaire" to inquire about HIPAA compliance and a Business Associate Agreement. A BAA intake process publicly exists, but there is no public commitment that xAI will sign a BAA, no list of HIPAA-eligible services, and no HIPAA configuration documentation. Graded unclear rather than yes: an inquiry path is not evidence of willingness to sign.
Neither the DeepSeek Open Platform Terms of Service nor the privacy policy mentions HIPAA, PHI, or a Business Associate Agreement, and no BAA request channel was found. The Open Platform ToS is governed by the laws of the People's Republic of China (mainland), with disputes heard by courts at the registered office of Hangzhou DeepSeek Artificial Intelligence Co., Ltd.
no public source · full cell
Fireworks publicly states the inference platform is HIPAA compliant (docs and enterprise page), which conventionally implies BAA availability, but no public BAA terms were found and the public DPA contains no BAA or HIPAA language. Treat BAA execution as a sales conversation; confirm whether serverless DeepSeek endpoints are in BAA scope or dedicated deployments are required.