HIPAA Business Associates Agreement

Looking for details on how to seek out a BAA from openai. Most recent API documentation points to openAI signing BAA’s with recs to contact sales. We’ve attempted to contact sales a few times without success. Any other route to seeking out HIPAA BAA agreements?


Just pinging this to see if anyone has input on this item. Thank you :slight_smile:

not sure, but openai can be accessed via azure? they have HIPPA cert and maybe you can use it via API directly?

1 Like

Thanks for the feedback Xerxes. This is very valuable insight. I will look into this. I assume azure would have the necessary agreements in place with OpenAI for customers with whom they have a BAA, but will have our team do our due diligence. Does anyone else have experience with the use of OpenAI through azure and whether or not that then would include necessary PHI protections for patient data?

I assume they will have that included but I’m not entirely sure. You can check the security they have here - Azure OpenAI Service – Advanced Language Models | Microsoft Azure

I hope you’ve found your way, if not I would recommend contacting an azure rep for this

I too have been trying very unsuccessfully to this issue as well. Multiple emails and nada. Any Luck?

If you build AGI apps in Google Workspace using PaLM 2, BAA is automatic.

I have also been unable to contact sales. I get a form email back talking about enterprise accounts, which seems to not be a thing.

Hi Everyone, Sorry for the delay in response. Just to extend the help that I’ve gotten to everyone else the best solution is to seek an Azure AI studio account (uses GPT 4) and to get a BAA with them. Microsoft was really quick with the turnaround.


Thanks! This update about Azure is very helpful! I will link it in a thread I wrote about the same topic.

@drboazak I am trying to get a BAA for our early stage startup and I am not getting any traction with Microsoft. One of their sales partners said that they can only do a BAA with managed customers and those tend to be larger companies.
It sounds like you were successful in getting a BAA. Are you a managed customer? How big is your company? Appreciate any tips!

Hi and welcome to the Developer Forum!

Some people were earlier to the AI space than others and so were afforded access to personnel and features when demand was lower and the ratio of support personal to users was higher.

The reality is that no matter which supplier of AI services you go with, the demand now outstrips the supply of personal to help by a fair amount. This will get better with time as automation methods are developed and more staff are onboarded, for the moment it’s pretty much a waiting game and making sure you’re on as many lists as possible and take advantage of opportunities like conferences as and when they occur.

This is very much a case of the early bird catches the worm and no matter where you think you are in that list, you are before everyone who has yet to discover AI, so you are in fact ahead of the curve still by some margin.

1 Like

@amexist we’re actually a small group. I hadn’t realized microsoft was turning away BAA’s for smaller groups now. As far as options, if you’re looking for “out the box” solutions, I would look at the Bard API and see if you can get a BAA, perhaps Claude with anthropic. Since you will need some technical skillset and know-how to get whatever build you develop up and running, it may be worthwhile to look at some of the open-source models. Many outperform gpt 3.5/are approaching 4 and the cost to run them will be cheaper overall. I would look at llama-2, Falcon, or Mistral. You would need to run it off a sufficiently powered platform/machine, but there are solutions out there now that allow for a fairly straightforward setup (for someone with software dev experience). Note, some of these opensource solutions do outperform Bard.

Seems like with Azure you do not need to get a BAA it’s already part of it - This was posted on their website " How can my organization sign a BAA for Microsoft Azure?
There is no separate contract to sign to enter into a HIPAA Business Associate Agreement (BAA) with Microsoft because the [HIPAA BAA]({link removed}) is available via the Microsoft [Product Terms]({link removed}) (formerly Online Services Terms) by default to all customers who are covered entities or business associates under HIPAA. The Microsoft Product Terms references the Microsoft Products and Services [Data Protection Addendum]({link removed}) (DPA), which states that “execution of customer’s volume licensing agreement includes execution of the HIPAA Business Associate Agreement.”

Well all, the recent openai news has shifted our internal frame about our utilization of openai for agile internal development. I haven’t seen anything from microsoft yet about matching capabilities. So back to the original question, while I’ve become somewhat of the domain person for BAA’s for various LLMs outside of OpenAI I remain unaware of how to reliably go about getting one from OpenAI. Anyone have input. Perhaps creating enough discussion in this forum will lead to their taking notice.

I was assisted by our friendly neighborhood transformer to extend a public plea in this forum:

Dear OpenAI,

I come to you, keyboard in hands, a smile on my face, and a twinkle in my eye, in the hopes that you’ll find it in your gigabyte-generous hearts to entertain a whimsical, yet earnest plea from us healthcare mortals at Animo Sano.

Firstly, let’s acknowledge the elephant in the room – and no, it’s not just the leftover Halloween decoration that we all keep forgetting to take down. It’s the fact that your AI, much like a spoonful of sugar, makes the medicine go down in the most delightful way. Your technology could revolutionize our virtual health practice, where we strive to blend the best of both bytes and bedside manners.

Now, I’m no AI – my attempts to predict behavior don’t extend beyond guessing who’ll eat the last donut in the break room (it’s always Kevin). However, I dare say that with a Business Associate Agreement (BAA) from you, our care would soar higher than my cat’s ego when he ignores me.

Imagine, if you will, a world where our providers, with a little AI assistance, can focus more on the “aha” moments and less on the “uh-oh” paperwork. Where our patients receive insights not just from years of professional expertise, but also from the deep, vast ocean of knowledge that your AI wades through – all while staying HIPAA-happy.

Now, I understand that with great data comes great responsibility, and you might feel more protective of your information than a squirrel with a golden acorn. But we’re not asking for the keys to the kingdom – just a BAA scroll, signed with a quill perhaps, that allows us to harness your AI powers for the greater good.

We promise to use this power for healing, not hocus-pocus (though a little AI magic would be appreciated). We’ll guard the data like it’s the secret recipe to Grandma’s famous cookies – and believe me, that’s under lock and key.

So, dear OpenAI, let’s make history together. Let’s be the Batman and Robin of healthcare innovation (you can pick who’s who). Let’s show the world that even the smallest of healthcare institutions can pack a punch when armed with the mightiest of AIs.

In conclusion, consider this not just a plea, but an invitation to a partnership that could make waves in the healthcare pond – hopefully, not enough to upset the HIPAA Hippos, but just enough to make a splash.

Warmest regards and hopeful smiles,

Mina Boazak

Assisted by your very own GPT

I’ll pile onto this request.

It would be really swell if we could actually get a reliable process for BAAs from Open AI.
The official documentation even advertises it!

" We are able to sign Business Associate Agreements (BAA) in support of customers’ compliance with the Health Insurance Portability and Accountability Act (HIPAA). Please reach out to our sales team if you require a BAA. "

But requests to the sales team seems to fall on deaf ears these days…

As a result of not being able to even open a dialog about this we are currently are doing a bunch of development using Palm (which just doesn’t work very well) and Azure (which is slow and way behind feature wise). It technically works but is a suboptimal workaround for just using the GPT apis here…

I too will add to this request.

I’ve submitted an inquiry about BAA’s to the sales team via a contact form, but I have no way of tracking the request.

Is that the best way to initiate the BAA process?
If not, what is the best way to initiate the BAA process?

Thank you, and any insight would be greatly appreciated!

Any updates, I’m also wondering in regards to the processes. Has anyone gotten a BAA with openai successfully?

We are able to sign Business Associate Agreements (BAA) in support of customers’ compliance with the Health Insurance Portability and Accountability Act (HIPAA). Please reach read more in our BAA FAQ: How can I get a Business Associate Agreement (BAA) with OpenAI? | OpenAI Help Center