Skip to main content

Business Associate Agreement (BAA) Template

Required BAAs

You must obtain BAAs from all vendors that handle PHI:
  • Cloud Provider BAAs
  • BAA Template
Required Vendors:LLM Provider BAAs:
  • Anthropic (Claude) - BAA available for Enterprise
  • Google (Gemini via Vertex AI) - Covered under GCP BAA
  • ⚠️ OpenAI - No BAA available (do not use for PHI)
  • ⚠️ AWS Bedrock - BAA available (verify model-specific coverage)

Next Steps

Technical Safeguards

Implement required security measures

Compliance Checklist

Verify BAA requirements

Back to Overview

Return to HIPAA overview