With the rising demands for care and cases of staff burnouts, healthcare organizations are adopting AI faster than their compliance functions can track. From clinical documentation AI to AI transcription tools, all of these touch PHI.
And therefore, these AI tools are considered Business Associate under HIPAA. And yet, AI isn’t presumed to be a business associate, and a BAA is not thought to be the priority when dealing with AI.
And often it happens so that a team member’s access to an AI tool is hidden or not controlled, leading to IT teams being unaware of the need to verify its BAA and HIPAA compliance review.
Now, let me give you a rundown of the challenges healthcare is facing these days. In 2024, Change Healthcare suffered a ransomware attack from a group called RansomHub. It is the largest data breach in healthcare history, affecting 190 million individuals.
In a separate incident, a breach affecting 483,126 patients across six hospitals was traced to a vendor named Serviceaide, an Agentic AI-powered wokflow management tool, whose platform had no authorization controls.
Now, a BAA may not protect you from cyberattacks, but it sets a standard that enforces strict security and privacy protocols when it comes to sensitive data like PHI. Any gaps in that enforcement are where most attackers strike.
But, you must be wary that even a signed BAA is not proof of HIPAA compliance. It is the legal precondition for compliance.
The other reason you have to keep a closer eye on your AI tool is the OCR enforcement itself. In 2025, OCR collected $8,330,066 in fines with many actions tied to hidden data flows to third-party vendors such as tracking tools, analytics platforms, and pixels, that received PHI without a BAA.
The legal mechanism for AI tools is the same as any other vendor. Unauthorized disclosure of PHI by a third-party vendor without a BAA is a HIPAA violation, regardless of whether a breach occurs or not. Thus, any AI tool processing PHI on an organization’s behalf is a Business Associate and requires a BAA.
In such a landscape, you have to understand which AI tools offer BAAs and under what conditions.
This blog shines a light on this crucial issue, while answering why the gap between a signed BAA and real compliance protection is where most organizations are exposed.
How Is AI Being Actually Used in Healthcare Today?
AI tools in healthcare are becoming increasingly prevalent. A 2024 American Medical Association survey reported that AI usage by physicians has nearly doubled from the past year.
These AI tools I speak of fall into three categories, each with distinct PHI exposure profiles.
1. Clinical Decision Support Systems (CDSS)
CDSS tools synthesize patient data such as lab results, imaging, and EHR history, to recommend diagnoses and treatment pathways. Some examples of this kind of AI tool include AI-assisted diagnostic imaging platforms and sepsis prediction engines embedded directly in EHR workflows.
These tools operate at the highest level of clinical sensitivity. Every data input is ePHI, and every output is derived from the same. The PHI exposure is thus direct.
2. Administrative AI
Scheduling automation, AI-assisted medical coding, and management tools all touch PHI in ways that are easy to underestimate.
An AI that auto-populates scheduling fields using patient history, a coding assistant that reads clinical notes, or a prior auth tool that pulls diagnosis data to build insurance submissions are all Business Associates.
Their PHI access is often treated as a secondary characteristic of an “administrative” tool, but that is also why their BAA coverage is inconsistently applied.
3. HIPAA-Compliant AI Scribe Tools: The Highest-Risk Category
Ambient AI scribe tools like Nuance DAX, Abridge, and Suki record live clinical conversations and generate clinical notes. These tools sit in the room during a conversation with the patient.
Whether a HIPAA-compliant AI scribe exists at your organization is one of the most important questions your compliance team should be asking right now.
The PHI exposure happens in real-time, especially when details like the patient’s name, condition, treatment plan, and physician’s clinical reasoning are all captured.
This is the fastest-growing category of clinical AI adoption, and the one with the most inconsistent BAA coverage. Clinicians adopt these tools because they work, but the compliance question rarely comes first.
When Is an AI Tool a Business Associate Under HIPAA?
HIPAA defines a Business Associate as any third party that creates, receives, maintains, or transmits PHI on behalf of a covered entity. Thus, the question that arises is not what kind of software it is, but what it does with PHI.
Apply the test to the three AI categories:
- Clinical decision support: They receive ePHI from the EHR to generate recommendations and are Business Associates.
- Administrative AI: These tools process PHI to perform billing, coding, or scheduling functions, making them Business Associate.
- Ambient AI scribes: Their job is to record, transmit, and store PHI in the form of clinical conversations and generated notes. This definitely makes them Business Associates.
The test also applies to tools that handle PHI indirectly. A generative AI tool a physician uses to draft patient letters, for example, will require a BAA as it comes in contact with PHI records, whether deliberately or incidentally.
I should also caution you that a BAA must be in place before the first use. A retroactive BAA does not repair the HIPAA violation your organization has committed by transmitting PHI to a vendor without a signed agreement.
Is Your AI Tool HIPAA Compliant? The Honest Answer
Compliance officers have told me that they field questions regarding AI apps almost regularly.
Is ChatGPT HIPAA-compliant? Is the ambient scribe we just rolled out covered? Do any of our HIPAA-compliant AI tools BAA-covered?
The honest answer in every case is that it depends on the product, the product tier, and the configuration.
HIPAA-compliant AI is not a product designation vendors can self-certify. It is the result of a signed BAA between your organization and the vendor. A vendor can offer every technical control HIPAA requires and still leave you exposed if there is no BAA or if the BAA does not cover the specific PHI data flows in your environment.
The table below reflects vendor BAA status in 2026. It includes the OpenAI BAA structure in detail, since it is the most-searched and most-misunderstood in healthcare settings.
OpenAI explicitly does not offer a BAA for ChatGPT Business. Common misconception.
OpenAI BAA offers different terms depending on the product tier, and the distinctions matter.
ChatGPT Free, Plus, and Business have no BAA available. PHI must never be entered into these products.
The OpenAI BAA is available for ChatGPT Enterprise, ChatGPT for Healthcare, and qualifying API customers, but each with different scope and conditions, as detailed in the table above.
However, it should also be noted that a BAA with OpenAI for the API does not extend to third-party connectors or plugins built on top of that API. Each connector in the chain requires its own agreement.
Cloud provider BAAs like AWS, Azure, and GCP, cover infrastructure layers only. I have seen people mistake that an AI tool built on Azure, with Microsoft holding a BAA with the AI vendor, means their organization has a BAA with the AI tool. The reality is that the covered entity needs its own agreement with the AI vendor directly.
Many enterprise AI tools have features that fall outside the scope of the vendor’s BAA by default. Administrators must verify which product features are covered and disable non-covered features where PHI flows are possible.
What Must a BAA With an AI Vendor Actually Contain?
The truth is that standard BAA language was not written for AI. The data flows are different. The risks are different. And there are provisions that standard BAA templates simply do not include.
Most organizations discover this after the fact. They have a BAA in place and assume the compliance box was checked, only for the audit to reveal that the agreement does not restrict the vendor’s AI-specific data practices as it should.
Here are the four provisions that differentiate an AI-grade BAA from a standard one:
Provision 1: Explicit Prohibition on Using PHI for Model Training
This is the most consequential gap in most AI vendor BAAs. Many AI vendors, including major platforms, retain inputs and outputs for model training unless the customer has a specific enterprise agreement that prohibits it.
The default policy at the consumer tier allows training, but it is only at the enterprise tier that you can opt out. If your BAA does not contain a specific, written prohibition on using PHI to train, fine-tune, or improve the vendor’s models, the vendor’s default policy applies. And that policy may permit training on patient data.
Using PHI to train an AI model without explicit, written patient authorization violates HIPAA’s Privacy Rule. Thus, the prohibition must be in the contract.
Provision 2: Defined Data Retention Limits and Deletion Obligations
PHI must not persist in vendor systems beyond what is necessary. This means the BAA must specify how long PHI may be retained in the vendor’s systems, under what conditions, and what the verified deletion mechanism and timeline are.
Ambient AI scribes store conversation recordings before transcription. Generative AI tools may cache session data. API platforms may retain inputs and outputs for abuse detection. Each of these retains PHI.
A BAA that does not define retention limits and requires deletion after a scheduled time leaves the covered entity with no contractual basis to demand compliance. Zero Data Retention (ZDR) endpoints, where possible. should be specified and required for PHI processing.
Provision 3: Full Subprocessor Disclosure and Chain-of-Liability Requirements
An AI vendor’s product does not operate in isolation. It runs on cloud infrastructure, third-party compute providers, and in some cases, third-party AI inference APIs. Each subprocessor that touches PHI in the chain is itself a Business Associate, and under HIPAA, the primary BA is responsible for obtaining BAAs from all downstream subcontractors.
A standard BAA may acknowledge subprocessors in general terms. An AI-grade BAA must name or describe the subprocessor chain, restrict sub-processing of PHI to named or approved entities, and require advance notice and approval for material changes to the chain.
The compliance gap almost always lives between systems, not within any single approved tool.
Provision 4: Breach Notification Timeline Aligned to HIPAA's Clock
HIPAA requires covered entities to notify affected individuals within 60 days of discovering a breach. The BAA must require the Business Associate to notify the covered entity on a timeline that leaves enough room for the covered entity to meet that obligation.
Many AI vendor commercial contracts default to 72-hour or 30-day incident notification. If the vendor takes 30 days to notify you of a breach, you may have 30 days left to meet HIPAA’s 60-day clock. The BAA must set a specific notification deadline for the vendor that accounts for the covered entity’s own obligation.
One additional requirement that has become newly relevant is the 2025 HIPAA Security Rule. It removes the distinction between addressable and required safeguards and introduces stricter expectations for vendor risk management.
If finalized, it will require annual verification of BAA terms and vendor compliance posture. Well-managed BAA programs are already doing this. Organizations that are not will face a new compliance obligation on top of an existing gap.
What Should You Know About Shadow AI?
Shadow AI is the most immediate source of ungoverned PHI exposure in healthcare right now. These are AI tools adopted by staff to make their work easier, but without notifying IT or the compliance officer.
For example, if a physician uses a consumer AI chatbot to draft a patient letter or a nurse using a free transcription app to capture care instructions, those are Shadow AIs.
The Netskope Threat Labs Healthcare 2025 report found that 88% of healthcare organizations have integrated cloud-based generative AI tools into their operations, and 96% use tools that employ user data for training.
So, what is the implication? The large majority of healthcare organizations have PHI flowing into AI systems under terms that do not restrict training. Most of those organizations do not know it is happening.
OCR has already established that unauthorized disclosure to a third party without a BAA is a HIPAA violation, regardless of intent and regardless of whether a breach occurred. Shadow AI produces exactly this pattern at scale.
Identifying ungoverned AI tool use is not a one-time audit. It requires ongoing controls:
- Policy that explicitly addresses generative AI tools and requires approval before using any AI tool that touches PHI.
- Endpoint and network monitoring to identify traffic to known AI platforms from clinical devices.
- Access log review for SaaS AI tools on managed devices.
- Regular staff training that uses real examples of what shadow AI looks like clinically.
The goal is not to prohibit AI use. It is to bring AI use under governance.
Staff will continue to adopt tools that make their work easier. The compliance function’s role is to create a path for that adoption that includes vendor evaluation and BAA execution before PHI flows anywhere.
How to Work with an External Team to Close the Gap?
Most healthcare organizations have a growing list of AI tools in use across departments where BAAs that were probably signed months or years ago without specific provisions, and no systematic evaluation has taken place before the PHI started moving.
The gap between a signed BAA and a compliant AI deployment is almost always a contract review and vendor governance problem, not a technical one. The AI tools are doing what they were configured to do. The question is whether the legal agreements and internal controls around them reflect that.
At KLEAP, we work with hospitals, health systems, and healthtech platforms to help them understand what HIPAA–compliant AI actually requires in practice, starting with ungoverned vendor relationships, assess BAA language against the AI-specific provisions that matter, and help compliance teams build a sustainable process for evaluating new tools before PHI reaches them.
We don’t work on templates. The vendor landscape is changing fast enough that a checklist from twelve months ago may already be incomplete.
If you’re not sure which AI tools in your environment qualify as Business Associates, or you have BAAs that haven’t been reviewed against the provisions above, that’s the conversation we start with.
