HIPAA-Compliant AI Tools in 2026: The Vendor Selection Framework for Healthcare Practices
By the spring of 2026, almost every clinic, medical group, and health system in the United States has at least one AI tool already touching Protected Health Information — whether the compliance officer knows about it or not. Physicians are pasting de-identified (and sometimes not de-identified) chart notes into ChatGPT. Front-desk staff are using AI scribes during patient calls. RCM teams are running denials through generative AI to draft appeals. Marketing is using AI to write patient outreach.
Most of these deployments started without a Business Associate Agreement. Many were never reviewed by the compliance team. And a meaningful fraction of them are, at this moment, ongoing HIPAA violations that have not yet been discovered.
The fix isn't "ban AI." That ship has sailed — your physicians will not stop using tools that save them four hours of charting per week. The fix is to operationalize a vendor selection framework that lets your practice deploy AI safely, document the BAA chain, and prove compliance to your auditor and your cyber insurance carrier when they ask.
This guide is the framework we deploy with healthcare clients. Use it before you sign a single AI vendor contract — and use it to audit the AI tools your team is already using without IT's knowledge.
The State of HIPAA and AI in 2026
HHS has not issued AI-specific HIPAA rules. The framework remains the existing HIPAA Security Rule, the Breach Notification Rule, and the Privacy Rule — applied to a new generation of vendors. The novelty is the scale: a single AI deployment can touch more PHI in a week than a legacy clinical system touches in a year, and the data-flow paths are far less obvious than "EHR → biller → claim."
For our healthcare clients, three regulatory realities now drive every AI vendor selection conversation:
- Every AI tool that touches PHI is a Business Associate — full stop. A signed Business Associate Agreement is required before any PHI can flow to the vendor. Verbal assurance does not count. A privacy policy does not count. The signed BAA is the document.
- "HIPAA compliant" is a marketing claim, not a regulatory designation. HHS does not certify AI tools. A vendor that says "HIPAA compliant" is asserting that they will sign a BAA and have technical controls in place — the actual compliance status depends on how your practice configures and uses the tool.
- The covered entity carries the breach burden. If the AI vendor's controls fail, the breach is still reportable by you. The BAA can shift indemnity but not regulatory responsibility. This is why the vendor selection matters: you cannot delegate the consequences.
If you need the foundational walk-through of what "HIPAA compliant AI tool" actually means before reading this framework, start with our earlier guide on HIPAA-compliant AI tools for medical practices and the complete HIPAA compliance checklist.
The 9-Criteria HIPAA AI Vendor Selection Framework
Before any AI vendor touches PHI in your environment, the procurement and compliance review should answer these nine questions in writing. If any answer is "no" or "unclear," do not sign the contract.
Criterion 1 — BAA Availability and Scope
The vendor must offer a Business Associate Agreement, and the BAA must cover the specific service you intend to use — not "the platform" generically. Many vendors offer a BAA on their enterprise plan but exclude specific features (consumer chat interface, marketplace plugins, third-party integrations). Read the BAA. Confirm it lists the service you will actually use.
Also confirm: who is the BAA executed with — the parent company, or a subsidiary entity? A BAA executed with a shell subsidiary is harder to enforce than one with the named vendor.
Criterion 2 — Data Residency and Processing Location
Where, geographically, is your PHI processed? Where is it stored? Is it processed in the United States only, or does the vendor route through other regions? HIPAA itself does not prohibit foreign processing if the BAA holds, but state laws (notably California, Texas, and New York) add residency obligations that AI vendors based outside the U.S. may not satisfy by default.
Criterion 3 — Model Training on Customer Data
This is the single most-overlooked criterion. Confirm in writing that the vendor will not use your prompts, completions, or uploaded documents to train models. Many AI vendors train on customer data by default and require an explicit opt-out. The opt-out must be settable at the account level and verifiable in the admin console — not a verbal "we'll handle that."
For Microsoft Azure OpenAI Service, see the Microsoft HIPAA/HITECH offering documentation. For Anthropic Claude, the relevant settings are described under their trust portal and commercial terms. For OpenAI, the enterprise data handling commitments and BAA process are documented on the OpenAI Trust Portal and the OpenAI enterprise privacy page.
Criterion 4 — Data Retention and Deletion
How long does the vendor retain prompts, completions, and uploaded files? Can retention be set to zero on a per-account basis? Can you trigger an on-demand deletion that is verified by the vendor in writing? "We delete on request" without a written verification process is not enough for an audit.
The strongest configurations: zero data retention for prompts and completions, encrypted at rest with customer-managed keys when files are stored, and a 30-day maximum retention for logs.
Criterion 5 — Audit Logging and Access Controls
HIPAA requires audit logs of who accessed what PHI and when. The AI tool's logging must capture, at minimum: user identity (not shared credentials), timestamp, prompt content (or a hash if content cannot be stored), model invoked, and any data sources accessed (e.g., retrieval-augmented generation indexes).
Logs must be exportable to your SIEM or accessible via API for the duration the vendor stores them. If logs are only viewable in the vendor's UI and cannot be exported, you fail the audit trail requirement.
Criterion 6 — Encryption In Transit and At Rest
TLS 1.2 minimum in transit, AES-256 at rest. Customer-managed encryption keys (CMK) are strongly preferred for high-sensitivity workloads. If the vendor uses platform-managed keys only, the BAA must address key access controls and key rotation policies explicitly.
Criterion 7 — Incident Response and Breach Notification Timing
HHS requires breach notification within 60 days of discovery. Your BAA with the vendor should require the vendor to notify you of any security incident affecting your PHI within a shorter window — we recommend 72 hours — so you have time to investigate, document, and meet the 60-day external clock.
Confirm: how does the vendor define "discovery"? How is the notification delivered (email to a static address, secure portal, phone)? Who at the vendor is responsible for the notification?
Criterion 8 — Third-Party Subprocessors and Supply Chain
Most AI vendors use subprocessors — cloud infrastructure (AWS, Azure, GCP), embedding vendors, vector databases, observability platforms. The BAA must require the vendor to flow down BAA-equivalent obligations to all subprocessors and to notify you of subprocessor changes before they take effect.
For reference, the underlying cloud platforms commonly used by AI vendors all offer their own HIPAA programs: Microsoft Azure, AWS, and Google Cloud.
Criterion 9 — Termination and Data Return
When the contract ends — for any reason — the vendor must return all PHI in a usable format and destroy all copies. The BAA should specify the format (typically CSV, JSON, or the vendor's native export), the timeline (30–60 days), and the destruction verification (certificate of destruction signed by an officer of the vendor).
The pattern that fails an audit: "We will delete your data within 90 days of termination" with no verification mechanism. The pattern that passes: defined format, defined timeline, written certificate of destruction, and audit logs showing the deletion occurred.
The 2026 HIPAA AI Vendor Landscape
The vendor universe sorts into four practical categories. Each has a different risk profile, and the right one for your practice depends on data sensitivity, deployment scale, and your existing IT stack.
| Category | Examples | BAA available? | Best for | Common pitfall |
|---|---|---|---|---|
| Hyperscaler AI platforms | Microsoft Azure OpenAI Service, AWS Bedrock, Google Vertex AI | Yes, on enterprise tiers | Custom AI applications, RAG over EHR data, embedding workloads | Service-by-service eligibility; not all features covered by BAA |
| Foundation model providers | OpenAI (API and Enterprise), Anthropic (API and Enterprise) | Yes, by request | Direct API integrations, prompt-based workflows, chat-style internal tools | Consumer ChatGPT/Claude are NOT covered; BAA is on enterprise/API only |
| Healthcare-specific AI vendors | Abridge, Suki, DeepScribe, Nuance DAX (Microsoft), Notable, Hint Health AI | Yes, baseline expectation | Clinical documentation, ambient scribe, RCM, prior auth | Subprocessor chains often poorly documented; ask for the SOC 2 + HITRUST |
| General SaaS with AI features | Otter.ai, Notion AI, Grammarly, Zoom AI Companion, Microsoft 365 Copilot | Mixed — read carefully | Non-PHI administrative workflows only, unless BAA explicitly covers AI features | Generic SaaS BAA often excludes the AI feature; that exclusion makes PHI use a violation |
Category 1 — Hyperscalers (the Build Path)
If your practice has internal or partner engineering capacity, building on a hyperscaler AI platform with a signed BAA gives you the most control. Azure OpenAI Service, AWS Bedrock, and Google Vertex AI are all HIPAA-eligible for the specific services covered under each vendor's compliance program. The control surface is best in this category: data residency, customer-managed keys, network isolation, and detailed audit logging are all available.
The pitfall is scope. The hyperscaler BAA covers the platform — your application built on top of it must itself implement the technical safeguards required by the HIPAA Security Rule. The platform is not your compliance program; it is the foundation.
Category 2 — Foundation Model Providers (the Rent Path)
OpenAI and Anthropic both offer BAAs through enterprise and API tiers. The consumer products — ChatGPT free or Plus, Claude.ai consumer — are not HIPAA-eligible and cannot legitimately be used with PHI under any configuration. The enterprise tiers can, with a signed BAA, zero data retention enabled, and SSO + access controls properly configured.
The pitfall: staff who already use the consumer versions personally will continue to do so unless your practice (a) blocks the consumer URLs at the network layer, (b) provides a sanctioned enterprise tier as a replacement, and (c) trains staff on what is and isn't allowed. Without all three, shadow AI use of consumer ChatGPT will continue regardless of policy.
Category 3 — Healthcare-Specific AI Vendors (the Vertical Path)
Clinical documentation tools (Abridge, Suki, DeepScribe, Nuance DAX), prior-authorization automation (Notable, others), and revenue cycle AI vendors are built specifically for healthcare. BAAs are baseline. Most carry SOC 2 Type II and HITRUST certifications.
The pitfall is the subprocessor chain. A clinical scribe vendor may carry HITRUST themselves but route audio transcription through a non-BAA-covered subprocessor. Demand the full subprocessor list. Demand the audit reports. Demand that the SOC 2 scope includes the AI service, not just the legacy product.
Category 4 — General SaaS with AI Features (the Trap)
This is where most accidental violations happen. Microsoft 365 Copilot, Zoom AI Companion, Notion AI, Otter.ai, and Grammarly are all general SaaS products that added AI features in 2024–2025. The original product may have a BAA — but the BAA may not extend to the AI features specifically.
The pattern we see most often: a practice has a BAA with Microsoft for Microsoft 365 and assumes Copilot is covered. The BAA may or may not extend depending on the licensing tier and configuration. Read the current version of the BAA, confirm the AI feature is explicitly in scope, and check the licensing tier before sending PHI.
The HIPAA AI Deployment Process We Use With Healthcare Clients
The 9 criteria above are the evaluation. Below is the deployment process — how to take a vendor from "approved on paper" to "running in production with documented compliance."
Phase 1 — Pre-Deployment (Weeks 1–2)
- Complete the 9-criteria vendor selection framework. Document each answer in writing.
- Execute the signed BAA with the vendor. Store in your contract management system, tagged for HIPAA review.
- Configure account-level settings: disable model training, set zero or minimum data retention, enable audit logging export.
- Define the specific PHI use case in writing — what data flows in, what comes out, who uses it, what business need it serves.
Phase 2 — Controlled Rollout (Weeks 3–6)
- Pilot with a single department or workflow. Capture metrics: usage, errors, false positives, near-miss PHI disclosures.
- Implement data loss prevention (DLP) policies that detect PHI being pasted into non-sanctioned AI tools and alert IT.
- Block consumer AI URLs (chat.openai.com, claude.ai consumer endpoints, Bard/Gemini consumer) at the network layer.
- Train pilot users on permitted use, prohibited use, and incident reporting. Document training completion.
Phase 3 — Production and Monitoring (Week 7+)
- Roll out organization-wide once the pilot proves stable. Maintain DLP policies and consumer-AI blocking.
- Quarterly review: pull audit logs, sample prompts for PHI handling, verify retention settings are still configured correctly.
- Annual review: revisit the 9-criteria framework against the vendor's current contract terms. Vendors change terms; your evaluation must keep up.
- Update your Security Risk Analysis to include the AI tool. Document the BAA, the controls, and the risk decision.
Our AI solutions team and healthcare IT services deploy this process end-to-end for clinical practices, RCM organizations, and digital health companies — including BAA negotiation support, DLP deployment, and Security Risk Analysis updates.
Common 2026 HIPAA AI Violations to Audit For Now
If you don't know whether your practice has ongoing AI-related HIPAA violations, the answer is almost certainly yes. Audit for these specific patterns first:
- PHI in consumer ChatGPT, Claude, or Gemini. Pull web traffic logs and search for traffic to the consumer URLs. Any clinical or billing staff hitting those URLs during work hours is a flag.
- AI scribes with no BAA. Any ambient scribe, transcription service, or voice-to-text tool used in a clinical setting needs a signed BAA. Ask each clinician what they use; cross-check against your BAA inventory.
- Shadow AI in SaaS tools. Microsoft 365 Copilot, Zoom AI Companion, Otter.ai, Grammarly, Notion AI — any of these in active use without an AI-specific BAA review.
- BAA-eligible service used without the BAA actually executed. Many practices use Azure OpenAI or AWS Bedrock services without having signed the specific addendum that puts them under the BAA. The cloud BAA is not automatic.
- Training-on-customer-data still enabled. Pull the admin console for every AI tool. Confirm "do not train on my data" is set. The default is often the opposite.
- Shared AI account credentials. Audit logs that show "[email protected]" used the AI tool cannot satisfy the HIPAA audit trail requirement. Every clinician needs their own credentials.
How Managed IT Fits Into HIPAA AI Deployment
The 9-criteria framework is procedural. The deployment process is operational. Both require ongoing technical execution that most practices cannot run in-house.
| Control | Practice owns | Managed services partner owns |
|---|---|---|
| BAA inventory and negotiation | Sign the BAA | Maintain inventory, flag renewals, support negotiation language |
| Account-level AI config (training, retention) | Approve policy | Configure, verify quarterly, document for audit |
| DLP policies blocking PHI in shadow AI | Approve scope | Deploy, tune, monitor alerts, escalate violations |
| Audit log collection and SIEM integration | — | Configure log export, retain per HIPAA, support audit requests |
| Consumer AI URL blocking | Approve allow-list | Configure firewall/proxy rules, monitor bypass attempts |
| Staff training on AI permitted-use policy | Define policy, require attendance | Deliver training, track completion, refresh annually |
| Security Risk Analysis updates | Approve the SRA | Draft the AI section, integrate findings into the practice's full SRA |
| Incident response when AI vendor reports breach | Approve external notification | Lead technical investigation, coordinate with vendor and counsel |
The boundary that matters: the practice owns the policy and the regulatory decisions. The managed services partner owns the technical configuration, monitoring, and documentation generation. The cyber insurer and the HHS auditor will both want the documentation.
What to Do This Quarter If You're Behind
If your practice has no documented HIPAA AI program, this is the realistic 60-day catch-up sequence:
Days 1–14: Inventory. Survey every department. List every AI tool currently in use. Classify by category (hyperscaler, foundation model, healthcare-specific, general SaaS with AI features). Identify which have BAAs in place and which do not.
Days 14–30: Shut down the obvious violations. Block consumer AI URLs at the firewall. Pause AI features in tools without BAA coverage. Document the temporary policy in writing.
Days 30–45: Stand up sanctioned alternatives. If clinicians need an AI scribe, procure a BAA-covered scribe. If admin staff need ChatGPT-style productivity AI, procure ChatGPT Enterprise or Azure OpenAI Service with the BAA in place. Friction without a replacement just drives shadow IT.
Days 45–60: Document. Update the Security Risk Analysis. File the BAAs in the contract system. Stand up DLP policies. Run the first staff training session. Generate the documentation set the next HHS audit (or cyber insurance renewal) will want to see.
If you need this work executed against deadline pressure, schedule a 45-minute HIPAA AI readiness assessment. We will inventory your current AI footprint, identify the most exposed violations, and deliver a prioritized 60-day remediation plan.
Conclusion: HIPAA AI Is a Discipline, Not a Checklist
The practices that will avoid the next round of OCR enforcement actions, civil monetary penalties, and class-action lawsuits over AI-handled PHI are not the ones with the most restrictive policies. They are the ones with the clearest vendor selection discipline: a written framework applied consistently, a documented BAA chain, technical controls verified quarterly, and shadow AI use blocked at the network edge rather than addressed only after an incident.
HIPAA-compliant AI is achievable. It just requires treating AI vendor selection with the same rigor as any other PHI processing decision — the same rigor your practice applies to picking an EHR or a clearinghouse. The vendors marketing themselves as "HIPAA compliant" are not lying, but they are also not your compliance program. Your compliance program is what you build on top of them.
Cobrix Solutions deploys this framework for clinical practices, medical groups, and digital health companies across the United States — including BAA chain mapping, DLP deployment, Security Risk Analysis support, and ongoing quarterly verification. Talk to our AI solutions team, browse our healthcare IT services, or contact us to start the conversation.
Frequently Asked Questions
Is ChatGPT HIPAA compliant?
Standard consumer ChatGPT is not HIPAA compliant and cannot be used with PHI. ChatGPT Enterprise and the OpenAI API can be made HIPAA-eligible by executing a Business Associate Agreement with OpenAI, enabling zero data retention, and configuring access controls and audit logging on the user side. The BAA does not exist by default — it must be requested and signed before any PHI touches the platform. Read the current terms on the OpenAI enterprise privacy page.
Is Claude HIPAA compliant?
Anthropic offers a Business Associate Agreement for Claude through its enterprise and API tiers. Like all general-purpose AI tools, Claude is only HIPAA-eligible — not automatically compliant — once a signed BAA is in place, no-training settings are enforced, and the covered entity implements the technical safeguards required by the HIPAA Security Rule on its side. See the Anthropic Trust Center for current control documentation.
What is a Business Associate Agreement (BAA) and why is it required for AI tools?
A Business Associate Agreement is the written contract required by 45 CFR 164.502(e) and 164.504(e) between a HIPAA-covered entity and any vendor that creates, receives, maintains, or transmits Protected Health Information on the covered entity's behalf. Without a signed BAA, sending PHI to an AI vendor is a HIPAA violation regardless of the technical security of the platform. The HHS-published sample BAA provisions are the baseline most vendors model their template on.
Are Microsoft, AWS, and Google Cloud HIPAA-compliant for AI workloads?
All three offer BAAs and HIPAA-eligible service tiers, but coverage is service-by-service rather than account-wide. Microsoft Azure OpenAI Service is HIPAA-eligible; the consumer Bing Chat is not. AWS Bedrock and SageMaker are HIPAA-eligible; many AWS Marketplace AI tools are not. Google Cloud Vertex AI is HIPAA-eligible; consumer Gemini is not. Always check the specific service against the vendor's HIPAA-eligible services list before sending PHI.
What are the most common HIPAA violations when using AI tools?
The most common violations are: (1) pasting PHI into a consumer AI tool with no BAA, (2) using a HIPAA-eligible AI service without disabling model training on customer data, (3) failing to configure audit logging on AI prompts and responses, (4) sharing AI account credentials across staff so individual access cannot be tracked, and (5) using AI scribes or transcription tools that have no BAA and store recordings outside the covered entity's control. Each is a distinct violation pattern that an HHS audit will flag.
Need a HIPAA AI readiness assessment for your practice before the next audit or insurance renewal? Contact our healthcare IT team or review the full HIPAA and managed IT FAQ.