See also (wiki): wiki/ai-vendor-contracts.md
Executive Summary
- Every major AI vendor will sign a HIPAA Business Associate Agreement in 2026 — but only for specific product SKUs and specific features. Consumer tiers, self-serve plans, and free versions are universally excluded.
- The fastest BAAs are self-serve (Google Workspace, AWS, Azure click-through: minutes). API-tier BAAs (OpenAI, Anthropic) close in a few business days. Enterprise-tier BAAs with custom terms routinely take 6–12 weeks; 3 months is not unusual for a major cloud provider.
- Coverage is feature-scoped, not product-scoped. A Salesforce BAA does not blanket-cover every Einstein capability. A Microsoft 365 BAA covers M365 Copilot for Enterprise but not consumer Copilot. Reading the covered-services list is the legal team’s job before the deal is signed, not after.
- The quiet trap: BAAs signed before a vendor launched a new SKU often do not extend to that SKU. Anthropic requires a separate BAA for its HIPAA-ready Enterprise plan if the original Claude API BAA predates December 2, 2025. Microsoft, Google, and Salesforce have similar carve-outs when new AI features ship.
- Workday and ServiceNow sign BAAs but neither is intended for clinical PHI — they cover administrative PHI (benefits, payroll, service ticketing). Clinical workflow requires a different vendor stack.
The Current Landscape
Every healthcare, financial services, legal, and professional services organization handling protected health information asks the same question before deploying AI: will the vendor sign a BAA, what does it cover, and how long will it take? The answers vary widely. The table below reflects vendor policies as of April 2026.
What Each Major Vendor Covers
| Vendor | Product | BAA Available | Scope | Timeline |
|---|---|---|---|---|
| OpenAI | API Platform | Yes | All API usage under covered accounts | 1–2 business day response; days to sign |
| OpenAI | ChatGPT Enterprise / Edu | Yes | Sales-managed accounts only | Negotiated with sales |
| OpenAI | ChatGPT for Healthcare | Yes | Launched Jan 2026 for clinical environments | Negotiated with sales |
| OpenAI | ChatGPT Plus / Team / Business | No | Excluded | N/A |
| Microsoft | M365 Copilot for Enterprise | Yes | Covered under Microsoft General BAA | Click-through for existing M365 customers |
| Microsoft | Copilot for Security | Yes | Added to BAA scope 2024 | Click-through |
| Microsoft | Azure OpenAI Service | Yes | HIPAA-eligible Azure regions only | Click-through via Azure |
| Microsoft | Copilot Pro / consumer Copilot | No | Consumer tiers excluded | N/A |
| Anthropic | Claude API | Yes | Case-by-case review | Days to weeks |
| Anthropic | Claude for Enterprise (HIPAA-ready) | Yes | Sales-assisted Enterprise only; self-serve Enterprise excluded | Sales negotiation |
| Anthropic | Claude via AWS Bedrock / Azure / GCP | Yes | Covered under hyperscaler BAA | Click-through via hyperscaler |
| Workspace (including Gemini) | Yes | Gemini now in “HIPAA Included Functionality” | Self-serve in admin console | |
| Gemini in Chrome / consumer Gemini | No | Cannot upload PHI | N/A | |
| Google Cloud Vertex AI | Yes | Under Google Cloud BAA | Click-through | |
| Salesforce | Health Cloud | Yes | Most features in scope | Account rep negotiation |
| Salesforce | Service Cloud / Sales Cloud | Partial | Feature carve-outs; check BAA restrictions page | Account rep |
| Salesforce | Marketing Cloud | Partial | Only specific features covered | Account rep |
| Salesforce | Einstein AI | Partial | Varies by Einstein feature — read the covered-services list | Account rep |
| ServiceNow | Platform (including Now Assist) | Yes (data processor role) | ePHI in customer instance; Now Assist specifics require account-level confirmation | Account rep |
| Workday | Enterprise Products | Yes | Administrative PHI only — NOT clinical, NOT diagnosis/treatment data | Account rep |
Negotiation Timelines
Timelines separate into three tiers:
Self-service (minutes to hours): Google Workspace, AWS (all BAA-eligible services), Azure (BAA-eligible services), Microsoft 365. The BAA is a click-through addendum in the admin console. For standard deployments without custom terms, this is the fastest path.
API-tier with standard terms (days): OpenAI and Anthropic. Both respond within 1–2 business days and close within a week for standard BAA language. No custom addenda.
Enterprise-tier with custom terms (6–12 weeks, sometimes longer): Salesforce, ServiceNow, Workday, Oracle, and any vendor where the customer requires negotiated data processing addenda, negotiated liability caps, sub-processor controls, or state-specific language. Sheppard Mullin’s healthcare AI vendor contracting guidance (March 2025) notes that 3 months is a common real-world timeline for major cloud provider enterprise negotiations, driven by:
- Custom security addendum language
- Training-data opt-out clauses
- Indemnification scope (only 33% of AI vendors currently offer IP indemnification per industry contract benchmarks)
- Sub-processor disclosure and approval rights
- Liability cap negotiation (the standard “12-month fees” cap is routinely disputed)
- State-specific addenda (California CMIA, New York SHIELD, Texas HB 300)
The Carve-Out Problem
Reading a BAA as a single binary (“we have one / we don’t”) misses the structure. Every major vendor’s BAA is scoped to a published list of covered services. The same vendor will cover one product and exclude another. Three examples:
- Microsoft’s BAA covers M365 Copilot for Enterprise but excludes consumer Copilot, Copilot Pro, and Bing Chat in personal accounts. A law firm that bought 500 Copilot Pro licenses instead of E5 + Copilot add-ons is outside the BAA.
- Google’s Workspace BAA now includes Gemini for managed accounts but explicitly excludes Gemini in Chrome and any consumer Gemini usage. Uploading a PHI document to the Gemini app via a browser extension is not covered.
- Anthropic’s pre-December 2025 Claude API BAAs do not automatically extend to the HIPAA-ready Enterprise plan launched in late 2025. Customers who signed early need a second BAA for the new SKU.
The operational implication: the covered-services list is the document that matters, not the BAA itself. The legal team should read the current version before every new AI product rollout, not just at initial contract signing.
Clinical vs. Administrative PHI
Two vendors in the table warrant explicit flagging:
Workday signs a BAA but is not intended for clinical use. Workday covers administrative PHI — employee benefits enrollment, insurance data, payroll deductions for health spending accounts. It is not designed for clinical documentation, diagnosis, treatment, or patient-care workflow. A health system deploying Workday for HR is fine. A health system trying to use Workday AI to triage clinical documentation is operating outside the intended scope regardless of BAA status.
ServiceNow signs a BAA as a data processor, not a data controller. This matters for incident response: ServiceNow’s obligation is to notify the customer of security incidents; the customer retains breach-notification obligations under HIPAA. A 500-person hospital IT team that assumes ServiceNow owns breach notification is misreading the contract.
Key Data Points
| Data Point | Source | Date | Credibility |
|---|---|---|---|
| OpenAI API BAA response time: 1-2 business days | OpenAI Help Center | 2026 | HIGH (vendor-published policy) |
| OpenAI ChatGPT for Healthcare launched Jan 2026 | OpenAI / HIPAA Journal | Jan 2026 | HIGH |
| Microsoft 365 Copilot for Enterprise under BAA since early 2024 | Microsoft Service Trust Portal; techcommunity | 2024 | HIGH |
| Anthropic HIPAA-ready Enterprise requires separate BAA if original was pre-Dec 2, 2025 | Anthropic Privacy Center | 2025 | HIGH |
| Google Gemini in “HIPAA Included Functionality” for managed Workspace | Google Workspace Admin Help; Sept 2025 implementation guide | 2025 | HIGH |
| Salesforce Einstein BAA coverage varies by feature | Salesforce Compliance portal; Compliancy Group | 2025 | HIGH |
| Workday BAA excludes clinical PHI (treatment, diagnosis, medical records) | Workday Trust; Paubox 2025 | 2025 | HIGH |
| ServiceNow signs BAA as data processor only | ServiceNow HIPAA white paper | 2024 | HIGH |
| 3 months cited as real-world timeline for major cloud provider BAA negotiation | Aptible HIPAA guidance; Sheppard Mullin Mar 2025 | 2025 | MEDIUM (practitioner observation, not survey data) |
| 33% of AI vendors offer IP indemnification | Industry contract benchmarks referenced in stateofai corpus | 2025 | MEDIUM |
What This Means for Your Organization
If your organization handles PHI — clinical, administrative, or employee health data — the BAA decision is the gate that opens or closes AI deployment. Three operational moves separate organizations that get this right from those that discover the gap mid-deployment.
First, inventory the AI your workforce is already using. Most 200–2,000 person organizations have shadow AI usage that predates any procurement conversation. Employees using ChatGPT Plus or consumer Gemini with PHI are operating outside every BAA framework listed above. The first policy decision is not “which enterprise AI do we buy” — it is “how do we close the consumer-tier gap.”
Second, treat the covered-services list as living documentation. Vendor product lines change faster than legal review cycles. The BAA you signed in 2024 covers the products that existed in 2024. Every new AI feature rollout from your incumbent vendors warrants a ten-minute check against the current covered-services page before clinical or finance teams start using it.
Third, front-load the timeline. For any AI deployment touching PHI, assume the BAA negotiation is a 6–12 week path, not a week. Running a proof-of-concept with synthetic data while the BAA closes is the standard operating pattern at organizations that deploy cleanly. Waiting to start legal review until after the pilot team has committed to a vendor is how six-month implementations become twelve-month implementations.
If this raised questions specific to your organization’s vendor stack or regulatory posture, I welcome the conversation — brandon@brandonsneider.com.
Sources
- OpenAI Help Center, “How can I get a Business Associate Agreement (BAA) with OpenAI for the API Services?” — https://help.openai.com/en/articles/8660679-how-can-i-get-a-business-associate-agreement-baa-with-openai (HIGH — vendor-published policy, current 2026)
- Microsoft Learn, “HIPAA & HITECH — Microsoft Compliance Offering” — https://learn.microsoft.com/en-us/compliance/regulatory/offering-hipaa-hitech (HIGH — vendor-published, Microsoft General BAA May 2025)
- Microsoft Community Hub, “Microsoft Copilot for Security Now Covered by HIPAA BAA” (2024) — https://techcommunity.microsoft.com/blog/securitycopilotblog/microsoft-copilot-for-security-now-covered-by-hipaa-business-associate-agreement/4220174 (HIGH)
- Anthropic Privacy Center, “Business Associate Agreements (BAA) for Commercial Customers” — https://privacy.claude.com/en/articles/8114513 (HIGH — vendor-published policy)
- Claude Help Center, “HIPAA-ready Enterprise plans” — https://support.claude.com/en/articles/13296973 (HIGH)
- Google Workspace Help, “HIPAA Compliance with Google Workspace and Cloud Identity” — https://support.google.com/a/answer/3407054 (HIGH)
- Google, “Workspace and Cloud Identity HIPAA Implementation Guide” (September 2025) — https://services.google.com/fh/files/misc/gsuite_cloud_identity_hipaa_implementation_guide.pdf (HIGH)
- Salesforce Compliance, “HIPAA” — https://compliance.salesforce.com/en/categories/hipaa; Business Associate Addendum Restrictions — https://www.salesforce.com/company/legal/business-associate-addendum-restrictions (HIGH)
- ServiceNow, “Security and HIPAA” white paper — https://blogs.servicenow.com/content/dam/servicenow-assets/public/en-us/doc-type/other-document/servicenow-hipaa-security-controls.pdf (HIGH)
- Workday Trust, “Compliance and Third-Party Assessments” — https://www.workday.com/en-us/why-workday/trust/compliance.html (HIGH)
- HIPAA Journal, “Is ChatGPT HIPAA Compliant? Updated for 2026” — https://www.hipaajournal.com/is-chatgpt-hipaa-compliant/ (MEDIUM — secondary analysis, frequently updated)
- HIPAA Journal, “Is Google Workspace HIPAA Compliant? Updated for 2026” — https://www.hipaajournal.com/is-google-workspace-hipaa-compliant/ (MEDIUM)
- Paubox, “Is Google’s AI Gemini 3 HIPAA compliant? (2026 update)” — https://www.paubox.com/blog/is-googles-ai-gemini-hipaa-compliant (MEDIUM)
- Paubox, “Is Workday HIPAA compliant? (2025 update)” — https://www.paubox.com/blog/is-workday-hipaa-compliant-2025-update (MEDIUM)
- Sheppard Mullin Healthcare Law Blog, “Key Considerations Before Negotiating Healthcare AI Vendor Contracts” (March 2025) — https://www.sheppardhealthlaw.com/2025/03/articles/artificial-intelligence/key-considerations-before-negotiating-healthcare-ai-vendor-contracts/ (HIGH — law firm practitioner guidance)
- Aptible, “HIPAA-Compliant AI: What Developers Need to Know” — https://www.aptible.com/hipaa/hipaa-compliant-ai (MEDIUM)
Brandon Sneider | brandon@brandonsneider.com April 2026