How did you achieve HIPAA compliance?

It’s hard to get a BAA with OpenAI

But there are firms that certify you for PCI and HIPAA and im wondering if any devs on here have explored these channels using OpenAI? they stream over https and if we can get the confirmation that they’re not retaining our API data then couldn’t we squirrel are way around into HIPAA compliance? Has anyone tried similar hacks?


Its not a good solution for long form audio. they won’t up your rate limits with whisper.

Hi Tventura94,

While OpenAI offers HTTPS for secure data transmission, achieving HIPAA compliance involves various aspects beyond encryption. HIPAA compliance requires stringent measures to safeguard Protected Health Information (PHI). It’s crucial to assess OpenAI’s services comprehensively against HIPAA requirements, considering data storage, access controls, audit trails, and other factors.

Attempting to “squirrel” around HIPAA compliance may pose legal and ethical risks. It’s advisable to consult with legal and compliance experts to ensure adherence to healthcare data protection regulations. OpenAI may not explicitly provide HIPAA-compliant services, so exploring alternatives with established certifications could be a more secure approach for healthcare-related applications.

1 Like

I didn’t mean do anything illegal. I meant getting HIPAA compliance without the BAA.

Did not in anyway imply anything illegal, its not a common known subject, therefore someone maybe knows another way.

OpenAI provides a BAA whcih makes them hipaa compliant under a BAA…

I am posting to figure out established certifications and alternatives while still using these services.

We are able to sign Business Associate Agreements (BAA) in support of customers’ compliance with the Health Insurance Portability and Accountability Act (HIPAA). Please reach read more in our BAA FAQ: How can I get a Business Associate Agreement (BAA) with OpenAI? | OpenAI Help Center

1 Like