Key takeaways
- You can use AI with HIPAA data, but only through specific enterprise channels with a signed Business Associate Agreement (BAA). The consumer apps cannot be used with protected health information.
- ChatGPT.com, Claude.ai, and the Gemini app are off-limits for PHI. The enterprise APIs from Anthropic (Claude) and OpenAI, plus Azure OpenAI and Google Vertex AI, will sign a BAA and can be used.
- A compliant model is necessary but not sufficient. The data has to reach it through a compliant pipeline, and the vendor must agree not to train on your data.
- Used correctly, AI on PHI is genuinely useful: summarizing case notes, triaging intake, drafting communications, extracting data from documents, all with a human reviewing the output.
This is one of the most common questions I get from healthcare and home care teams right now, and it’s usually asked with a wince: “Can we even use ChatGPT for this, or is that a HIPAA problem?” The honest answer is more nuanced than yes or no.
So, is ChatGPT HIPAA compliant? The consumer version at ChatGPT.com is not, and you cannot put protected health information into it. But OpenAI’s enterprise API will sign a BAA, and so will Anthropic for Claude. So the real answer is: yes, you can use AI with HIPAA data, but only through the right door, with the right contract, and with the data flowing through a compliant pipeline. Use the wrong door and it’s a violation, even if the model itself is excellent.
Here’s how to tell the difference, vendor by vendor, and what you can actually build once you’re set up correctly.
Why the consumer apps are off-limits
The reason isn’t that the AI is unsafe. It’s contractual and architectural.
HIPAA requires a Business Associate Agreement with any vendor that handles protected health information (PHI) on your behalf. The consumer products, ChatGPT.com, Claude.ai, and the Gemini app, do not come with a BAA. That alone makes them non-compliant for PHI, regardless of how secure they are.
There’s a second problem with consumer tools: data handling. Consumer tiers may retain your inputs and, depending on settings, use them to improve the models. The moment patient data goes into a system that might train on it or retain it outside a compliant boundary, you’ve lost control of it in a way HIPAA doesn’t allow.
So the rule is simple: no PHI in any consumer AI app, ever. Not in ChatGPT, not in Claude.ai, not in the free Gemini or Copilot apps. If a team member is pasting patient details into ChatGPT to “draft a quick note,” that’s a breach waiting to happen, and it’s worth a clear internal policy.
What makes an AI tool HIPAA compliant
Three things have to be true before AI can touch PHI:
- The vendor signs a BAA. This is the gate. No BAA, no PHI. (See our full explainer on BAAs.)
- You use a HIPAA-eligible product or tier. A vendor’s BAA usually covers specific products, not everything they offer. The enterprise API is covered; the consumer app on the same brand is not.
- Your data isn’t used for training. The agreement has to confirm your inputs won’t be used to train the model. Enterprise API agreements typically guarantee this; consumer terms typically don’t.
And one that catches people: the BAA has to cover the whole path the data takes, not just the model. If PHI passes through an automation tool, a database, or an email service on its way to or from the AI, each of those needs its own BAA too. One unsigned link breaks the chain.
Vendor by vendor: who signs a BAA for AI
As of 2026 (always confirm in writing, since these policies move):
Will sign a BAA, through enterprise channels:
- Anthropic (Claude) signs a BAA for its API with the appropriate enterprise agreement. We build with Claude for compliance-heavy clients for exactly this reason.
- OpenAI signs a BAA for its API (not ChatGPT.com) with an enterprise agreement, and offers a zero-retention option.
- Microsoft Azure OpenAI Service is covered under Microsoft’s BAA, which is often the cleanest path for teams already in the Microsoft ecosystem.
- Google Cloud Vertex AI (which serves Gemini models) is covered under Google Cloud’s BAA for HIPAA-eligible services.
Will not work for PHI:
- ChatGPT.com (any consumer tier, including Plus) — no BAA.
- Claude.ai consumer app — no BAA; use the API.
- The Gemini app and consumer Copilot — no BAA.
The pattern mirrors every other HIPAA tool decision: the brand name doesn’t tell you whether it’s allowed. The product tier and the signed contract do. “We use Claude” can be compliant or non-compliant depending entirely on whether you’re going through the API under a BAA or pasting into the consumer app.
What you can actually do with AI on PHI
Once you’re set up correctly, the use cases are real and valuable. The ones we see deliver the most for healthcare and home care operations:
- Summarizing case notes and documents. Turn long intake packets, evaluations, or visit notes into structured summaries a clinician or case manager reviews.
- Intake triage and data extraction. Pull structured fields out of messy referral documents, faxes, and forms so they land in your system without manual re-keying.
- Drafting communications. Generate first drafts of client updates, status messages, or internal summaries, with a person approving before anything sends.
- Decision support. Surface the relevant history or flag the missing document, so the human makes a faster, better-informed call.
The constant across all of these: a human reviews the output. AI on PHI works as an assistant that drafts and surfaces, not an autonomous system that acts on patient data unsupervised. That’s both good practice and good risk posture.
The catch: a compliant model doesn’t make your pipeline compliant
This is where teams get a false sense of safety. You sign a BAA with Anthropic or OpenAI, and you assume you’re covered. But the model is one stop on the data’s journey.
Walk the actual flow. PHI leaves your database, maybe passes through an automation tool to get formatted, hits the AI API, comes back, and gets written somewhere or emailed to someone. Every one of those stops handles PHI, and every one needs its own BAA. The automation glue is the usual leak: tools like Zapier don’t sign BAAs, so routing PHI through them to reach a compliant model breaks compliance before the model ever sees the data.
So the right mental model is: a compliant AI vendor is necessary, not sufficient. You need the BAA with the model and a compliant path to and from it. We lay out the full stack, layer by layer, in our guide to building a HIPAA compliant portal.
Common questions
Can I use ChatGPT Plus if I just don’t include names? Risky and usually not worth it. PHI is broader than names, and “de-identification” done by hand is error-prone. The safe path is the enterprise API under a BAA, not careful pasting into a consumer app.
Is Microsoft Copilot HIPAA compliant? The consumer Copilot app is not. Copilot offerings tied to a covered Microsoft 365 / Azure agreement under Microsoft’s BAA can be, depending on the specific product. Confirm which Copilot you mean and check the BAA scope.
Does a BAA mean my data is private from the AI vendor? A proper enterprise agreement confirms your data isn’t used for training and is handled under HIPAA terms. That’s exactly why the BAA and the eligible tier matter: they’re what create that guarantee.
We’re a small practice. Is this realistic for us? Yes. The enterprise API tiers are accessible, and the setup is mostly a one-time configuration. The harder part is usually the pipeline around the model, which is the part worth getting help with.
If you want to use AI on protected data without tripping a violation, the work is in designing the pipeline, not just picking the model. That’s the core of our AI implementation work for compliance-heavy businesses, and it’s what we build into HIPAA-aware systems for healthcare and home care teams. Start with the BAA explainer and the HIPAA portal guide, or book a call and we’ll map what your specific setup would need.