Business Associate Agreement (BAA)
A Business Associate Agreement is the contract HIPAA 45 CFR 164.504(e) requires between a covered entity (a hospital, health plan, healthcare clearinghouse) and any business associate that creates, receives, maintains, or transmits protected health information on the covered entity's behalf. The agreement passes the relevant HIPAA Security Rule obligations to the business associate by contract: permitted PHI uses, safeguard requirements, breach reporting timelines, and subcontractor flow-down. An AI vendor that processes PHI without a BAA in place is a regulatory violation on the covered entity's side, regardless of how the vendor describes its security posture.
Why the BAA matters for AI vendor procurement
The standard public LLM endpoints (api.openai.com, api.anthropic.com on their consumer plans, the consumer ChatGPT interface) do not come with a BAA. The enterprise tiers do: OpenAI's Enterprise tier offers a BAA, Anthropic offers a BAA for enterprise customers, AWS Bedrock and Azure OpenAI both sign BAAs under their cloud-provider master agreements. A healthcare deployment that routes PHI through an LLM without confirming which contractual surface the vendor is operating under puts the covered entity in violation at the moment the first PHI prompt leaves the network.
How BAA coverage shows up in the request layer
The BAA is a paper artifact, but it has runtime implications. The covered entity's policy has to know which model endpoints sit under a signed BAA and which do not. An enforcement layer that routes PHI prompts to a BAA-covered endpoint and blocks the same prompt going to a non-covered endpoint operationalizes the contractual restriction. The per-decision audit record carries the destination endpoint and the BAA-coverage attribute the policy used, which is the evidence form a HIPAA auditor or an OCR investigator accepts.
Related reading
- HIPAA BAAs for AI Vendors: What the Agreement Has to Cover
A Business Associate Agreement with an AI vendor transfers HIPAA obligations under specific conditions. OpenAI, Anthropic, Microsoft, AWS, and Google offer BAAs to enterprise tiers. The agreement covers what the vendor does with PHI; it does not eliminate the covered entity duty to record disclosures.
- HIPAA PHI Redaction in AI Prompts: What Inline Enforcement Requires
HIPAA requires that PHI is redacted or de-identified before disclosure to entities outside a Business Associate Agreement. AI prompts routinely contain PHI. Inline redaction at the AI request boundary is the only architecture that produces the per-request evidence HHS expects under a HIPAA audit.
- HIPAA AI Audit Trail: What Records OCR Asks For After an AI Incident
HIPAA Security Rule audit controls require recording activity in systems that contain PHI. AI deployments produce that activity at the prompt layer. OCR audits request per-request records of PHI exposure to AI services. Application logs fail. The architecture that survives is independent of the application.