If you are building healthcare AI features into your Next.js app and you've Googled 'is OpenAI HIPAA compliant' more than twice this month, the answer is finally settled enough to make architecture decisions on. The short version: OpenAI signs BAAs for the API and ChatGPT Enterprise; Anthropic signs them on the Enterprise plan only; Azure OpenAI is BAA-covered by default on Microsoft's Enterprise Agreement for text inputs. Image and audio modalities are still gappy. The longer version explains exactly which call types are safe to make from your Next.js Server Actions and which ones will get you fined.
Anthropic crossed the SOC 2 Type II + HIPAA finish line in March 2026, removing the last procurement objection that had pushed teams onto Azure for healthcare AI. The three vendors are now effectively at parity on the BAA story — the differences are in pricing, in which modalities are covered, and in how the BAA scope handles training data. Pick the wrong one for your use case and you ship a HIPAA violation in your first prototype.
The 2026 BAA scoreboard for AI in healthcare apps
- OpenAI API — BAA available via baa@openai.com. Covers only zero-data-retention endpoints. Email, response within 1-2 business days. ChatGPT Enterprise and ChatGPT for Healthcare BAAs are sales-managed.
- Anthropic Claude — BAA available on the sales-managed Enterprise plan only. Self-serve Enterprise tier does NOT include the BAA. Enterprise pricing starts around $50K/year minimum, more typically $170K-$2.2M first-year TCO depending on consumption.
- Azure OpenAI Service — BAA included by default in Microsoft Enterprise Agreements and CSP arrangements. Text inputs are covered. Image inputs (DALL-E, vision) are NOT covered as of mid-2026. GPT-Realtime audio coverage is not yet announced.
- AWS Bedrock (Claude, Llama, Titan) — covered under AWS's standard BAA. AWS will sign for healthcare workloads. The Bedrock model gateway is in scope; the underlying model providers are abstracted.
- Google Cloud Vertex AI / Gemini — covered under Google's BAA on Vertex. Direct Gemini API on AI Studio is NOT BAA-eligible.
- Microsoft Copilot, ChatGPT consumer (free or Plus), Claude.ai consumer subscriptions — none of these support BAAs. Using them for PHI is a violation.
OpenAI for healthcare apps: the API path with zero data retention
If your Next.js app calls OpenAI directly, the only HIPAA-compliant configuration is the API with zero data retention enabled, scoped to BAA-eligible endpoints, with a signed BAA from baa@openai.com. Email the BAA team with your company details and use case, expect a 1-2 business day response, and the BAA arrives as a click-through or DocuSign agreement depending on contract size.
What zero data retention actually means
With zero data retention, OpenAI does not store your prompt or completion data after the response is returned. No training, no logging, no abuse-monitoring retention. The catch: only certain endpoints qualify. The Chat Completions API on flagship models is eligible. Some newer specialty endpoints are not. Check the eligible-endpoints list in your BAA — sending PHI to a non-eligible endpoint voids the agreement for that call.
ChatGPT Enterprise and ChatGPT for Healthcare for non-API use cases
If your team needs ChatGPT-the-product (the chat interface, not the API) for clinical research, drafting, or knowledge-work touching PHI, ChatGPT Enterprise and ChatGPT for Healthcare both support BAAs through OpenAI's sales team. Pricing is custom; expect $60-100/seat/month range with annual commitment. The Healthcare-specific tier landed in February 2026 and includes BAA-by-default plus enhanced retention controls.
Anthropic Claude for healthcare apps: Enterprise-only and what that costs
Claude reached HIPAA-readiness in March 2026 alongside SOC 2 Type II. The BAA is gated behind the sales-managed Enterprise plan — the self-serve Enterprise tier does NOT include the BAA. Engaging Claude for healthcare means a sales call, a contract negotiation on seat count and committed API consumption, and pricing that starts around $50K/year minimum. First-year all-in TCO sits between $170K and $2.2M depending on scale, per Anthropic's published guidance.
If your healthcare app's AI features are heavy on long-context document analysis (clinical notes, prior auth, medical record summarisation), Claude's 500K-token context window earns the price tag. If your AI is shorter-form chat or copy generation, the OpenAI API path is meaningfully cheaper at the same compliance posture.
Azure OpenAI: the path most enterprise healthcare teams default to
Azure OpenAI is BAA-covered by default for customers on Microsoft Enterprise Agreements or CSP arrangements. Text inputs are HIPAA-eligible without a separate BAA negotiation — the Microsoft BAA is folded into the standard EA terms. The required configuration is non-trivial: virtual networks (VNet), private endpoints, Azure AD-based access control, RBAC, and Conditional Access, all of which your Microsoft team should already know how to deploy.
What is and is not in scope
- Text inputs and outputs on Chat Completions: in scope under the EA BAA. PHI in prompts and responses is covered.
- Embeddings (text-embedding-3-large, etc.): in scope. PHI can be embedded for vector search.
- Image inputs (vision models, DALL-E): NOT in scope as of mid-2026. Microsoft's compliance documentation explicitly excludes image modalities. Do not pass medical images to Azure OpenAI vision endpoints under PHI assumptions.
- GPT-Realtime audio API: BAA scope not yet announced. Avoid for PHI workloads until Microsoft publishes guidance, expected early 2026 audit cycle.
- Default behaviour: Azure OpenAI does not store prompts or completions for training, product improvement, or in telemetry, and platform logs do not collect PHI. This is the default, not an opt-in — but it is configurable, so verify your tenant's data-handling settings.
The Next.js Server Actions pattern for HIPAA-compliant AI calls
Every AI call from your Next.js app should sit behind a Server Action or a Route Handler with these properties: it never reaches the client with raw PHI in the request body, it logs a non-PHI audit row before and after the call, it uses a vendor SDK initialised with your zero-retention configuration, and it has explicit error handling that scrubs PHI from any thrown error before it hits Sentry or your error logger.
The minimum-viable structure
- Server Action receives a sanitised request payload that has been pre-validated by your RLS or session-bound role check.
- Audit log row written: user_id, action ('ai_call'), model, timestamp. Never the prompt content.
- AI call made via the vendor SDK with zero-retention headers explicitly set (OpenAI: 'X-OpenAI-Beta: zero-data-retention' or via your project-level configuration).
- Response received, parsed, returned to the calling Server Component or to the client. The response itself is PHI; treat it like any other PHI read.
- Audit log row updated with status (success, error, content_filter_triggered) and the response token count. Never the response content itself.
- On error: scrub PHI from the error message before logging. Sentry's beforeSend hook is the standard place to enforce this.
De-identification: when you can avoid the BAA entirely
The cheapest HIPAA-compliant AI architecture is the one where you don't send PHI to AI in the first place. HIPAA's Safe Harbor de-identification standard removes 18 specific identifiers — names, dates more granular than year, geographic units smaller than state, account numbers, biometric IDs, full-face photos, and 11 others. If your prompts can be constructed from de-identified data, the AI vendor never receives PHI and no BAA is required for that call path.
Practical pattern: a Server Action receives the patient-bound request, looks up the de-identified context in your database, constructs the prompt without identifiers, sends to the AI vendor, receives the response, then re-attaches the patient context client-side or in a downstream Server Component. The AI call itself sees only the clinical content. This pattern works for diagnosis support, clinical documentation drafting, prior-auth letter writing, and most LLM use cases that do not require the patient's actual identity.
Where it fails: anything where the AI needs to perform an action tied to the patient identity (booking an appointment, sending a notification, looking up a specific patient record). For those use cases, the BAA path is required.
Where AI in healthcare apps still goes wrong in 2026
- PHI in error logs — Sentry, Datadog, PostHog, LogRocket. Even with their HIPAA tier, your AI error path needs to scrub PHI before the error fires. Most teams discover this in their first audit, not before.
- Streaming responses without partial-response audit logging. If you stream tokens to the client and the connection drops, your audit log needs to know what was sent and what was not. Most Next.js streaming AI implementations skip this.
- Embedding pipelines that hit a non-BAA embedding provider. Voyage, Cohere, and most third-party embedding services do NOT have BAAs out of the box. If you embed PHI for vector search, the embedding call needs to land at OpenAI (with BAA) or Azure OpenAI (with EA BAA), not at the cheaper specialty providers.
- Function-calling and tool use that re-introduce PHI into a non-BAA tool path. If your Claude or OpenAI tool-call invokes a third-party API for the AI's response, that third party also needs a BAA in your stack.
- Vector stores that aren't HIPAA-eligible. Pinecone has a HIPAA tier; Weaviate Cloud does on Enterprise; the open-source self-hosted route on AWS is your responsibility under AWS's BAA. If you embed PHI to a non-HIPAA vector store, the storage layer is the violation regardless of the embedding API's compliance.
FAQ
Is ChatGPT HIPAA compliant?
Consumer ChatGPT (Free, Plus, Pro) is not HIPAA compliant under any configuration and cannot accept PHI. ChatGPT Enterprise and ChatGPT for Healthcare are sales-managed products that support a Business Associate Agreement and can be used for PHI workflows once the BAA is signed. The OpenAI API is a separate path: BAA available via baa@openai.com, response in 1 to 2 business days, but only zero-data-retention endpoints are eligible.
Is OpenAI HIPAA compliant in 2026?
Yes, with a signed BAA and zero data retention enabled, on eligible API endpoints. Email baa@openai.com to request the BAA — typical response 1-2 business days. ChatGPT Enterprise and ChatGPT for Healthcare also support BAAs through OpenAI's sales team. Consumer ChatGPT (free or Plus) is not BAA-eligible and cannot be used for PHI.
Is Anthropic Claude HIPAA compliant?
Yes, on the sales-managed Enterprise plan only. The self-serve Enterprise tier does not include the BAA. Enterprise pricing starts around $50K/year minimum. Anthropic achieved SOC 2 Type II and HIPAA-readiness in March 2026, so the procurement path is now clear, but the cost floor is significantly higher than OpenAI's API + BAA path.
Is Azure OpenAI HIPAA compliant by default?
Text inputs are covered by default under Microsoft's Enterprise Agreement BAA — no separate BAA negotiation required. Image inputs (DALL-E, vision) are NOT covered as of mid-2026. GPT-Realtime audio is not yet in scope. Customers must configure VNet isolation, private endpoints, Azure AD authentication, RBAC, and Conditional Access for the deployment to be HIPAA-defensible.
Can I send PHI to Claude.ai or consumer ChatGPT?
No. Consumer Claude.ai subscriptions and consumer ChatGPT (free, Plus, Pro) do not support BAAs and are not HIPAA-compliant under any configuration. Sending PHI to these services is a HIPAA violation regardless of what your subscription level is. Use the API path with a BAA, ChatGPT Enterprise with a BAA, or Claude Enterprise with a BAA.
Do I need a BAA if I de-identify the data first?
If your data meets HIPAA's Safe Harbor de-identification standard — 18 specific identifiers removed — the data is no longer PHI under HIPAA, and you do not need a BAA with the AI vendor for that data flow. The de-identification must be defensible: most teams under-de-identify and assume Safe Harbor when they have not actually removed all 18 identifiers. The Expert Determination method is the alternative path for cases where Safe Harbor would destroy too much utility.
Which vector database supports HIPAA out of the box?
Pinecone has a HIPAA-eligible tier on its Enterprise plan with a signed BAA. Weaviate Cloud supports HIPAA on Enterprise. Supabase pgvector is HIPAA-eligible on the Team or Enterprise plan with the $350/month HIPAA add-on. Self-hosted vector stores on AWS or Azure inherit the cloud provider's BAA. Avoid third-party vector services that do not publish a HIPAA tier — using them for PHI embeddings is a violation.
Related reading
HIPAA-compliant apps in 2026 — Next.js, WordPress, or JotForm $99 — the parent post covering all three architectural paths for healthcare apps.
HIPAA-compliant Supabase + Vercel: the $700/month setup — the database and hosting layer for everything described above.
Hosting stacks that actually sign a HIPAA BAA in 2026 — the broader hosting comparison if AWS, Azure, or GCP is in your stack picture.
WordPress Stack Advisor — paste your URL, get a tailored stack recommendation. Useful if you are weighing whether you actually need an AI feature in your healthcare app at all.
If your AI feature is the difference between an MVP that ships and a product that gets to clinical pilots, the HIPAA path matters more than the model choice. Pick the wrong vendor for the wrong modality and you rebuild the integration twice.
Book a 30-minute HIPAA stack call — describe the AI feature, the modality, and the patient-data flow. Leave with a vendor pick that is BAA-eligible for your specific use case and a price range for the year-one cost.