AI vendors that sign HIPAA Business Associate Agreements

AI vendors that publicly offer a HIPAA Business Associate Agreement, enabling lawful processing of Protected Health Information.

For healthcare buyers — providers, health plans, clearinghouses — a signed HIPAA Business Associate Agreement is a hard prerequisite for any AI vendor that may touch PHI. The vendors below publicly offer a BAA. That alone is necessary but not sufficient: the BAA must cover sub-processors (most AI vendors route through OpenAI, Anthropic, Google, or Mistral), specify breach reporting, and address PHI handling end-to-end. Ask for the BAA template before signing the master agreement.

Vendors with HIPAA BAA

Anthropic

HQ: United States

AI safety-focused company building the Claude model family. Founded by former OpenAI researchers with a mission to develop reliable, interpr…

Score 11.44 · low

Amazon (AWS)

HQ: United States

Cloud infrastructure leader that develops proprietary Titan models and custom Trainium/Inferentia chips while offering multi-model access th…

Score 12.34 · low

Salesforce

HQ: United States

Enterprise CRM leader that combines proprietary AI models (Einstein, CodeGen, xGen) with OpenAI integration for Einstein GPT, embedding AI a…

Score 12.74 · low

Cohere

HQ: Canada

Enterprise-focused AI company specializing in natural language processing for business applications. Known for retrieval-augmented generatio…

Score 13.79 · low

IBM

HQ: United States

Enterprise technology company offering the watsonx AI platform with proprietary Granite foundation models. Combines own model development wi…

Score 14.11 · low

Microsoft

HQ: United States

Global technology conglomerate that both develops proprietary AI models (Phi series) and deeply integrates OpenAI models across its Copilot …

Score 14.68 · low

OpenAI

HQ: United States

Creator of the GPT model family and ChatGPT, one of the most widely adopted AI platforms globally. Operates as a capped-profit entity under …

Score 18.36 · low

Google DeepMind

HQ: United States

Google's unified AI research lab combining DeepMind and Google Brain, building the Gemini model family integrated across Google products and…

Score 18.85 · low

Oracle

HQ: United States

Enterprise cloud and database company offering OCI AI Services with both proprietary AI capabilities and third-party model hosting. Provides…

Score 19.89 · low

Palo Alto Networks

HQ: United States

Leading cybersecurity company integrating AI across its security platform through Cortex XSIAM (AI-driven security operations), Prisma Cloud…

Score 19.89 · low

Nuance (Microsoft)

HQ: United States

Healthcare AI unit of Microsoft providing clinical speech recognition and ambient documentation through Dragon Medical One and DAX Copilot. …

Score 20.86 · moderate

Writer

HQ: United States

Enterprise AI writing platform with proprietary Palmyra LLMs and application layer for brand-consistent content generation, compliance revie…

Score 20.93 · moderate

Mosaic (Databricks)

HQ: United States

Mosaic AI (formerly MosaicML, acquired by Databricks in 2023 for $1.3B) is the generative AI platform within Databricks. Enables model train…

Score 22.6 · moderate

SentinelOne

HQ: United States

Autonomous cybersecurity platform combining proprietary behavioral AI models with Purple AI, a generative assistant for threat hunting and S…

Score 22.96 · moderate

Snowflake

HQ: United States

Cloud data platform with Cortex AI, providing LLM-powered SQL functions, document processing, and AI assistants that operate directly on dat…

Score 24.36 · moderate

ServiceNow

HQ: United States

Enterprise workflow automation platform integrating AI through Now Assist, which combines ServiceNow's proprietary Now LLM models with OpenA…

Score 24.4 · moderate

Datadog

HQ: United States

Cloud monitoring and security platform that has expanded into AI observability with LLM Observability for monitoring model performance, cost…

Score 24.41 · moderate

SambaNova

HQ: United States

Enterprise AI company offering the SambaNova Suite, an integrated full-stack AI platform combining proprietary Reconfigurable Dataflow Unit …

Score 24.5 · moderate

PolyAI

HQ: United Kingdom

UK-based voice AI company specializing in enterprise customer service voice assistants. Powers call centers for hospitality, financial servi…

Score 24.72 · moderate

Palantir

HQ: United States

Data analytics and defense technology company offering the Artificial Intelligence Platform (AIP) that integrates LLMs with operational data…

Score 25.09 · moderate

Databricks

HQ: United States

Unified data analytics and AI platform combining data lakehouse, ML ops, and generative AI capabilities. Offers Foundation Model APIs that i…

Score 25.4 · moderate

Slack

HQ: United States

Enterprise messaging and collaboration platform owned by Salesforce. Offers AI-powered features including Slack AI for channel summarization…

Score 26.47 · moderate

Vanta

HQ: United States

Automated security and compliance platform helping companies achieve SOC 2, ISO 27001, HIPAA, and GDPR compliance. Adds AI Agent for securit…

Score 27.24 · moderate

Zoom

HQ: United States

Video communications platform offering AI Companion for meeting summaries, smart recording chapters, real-time transcription, email and chat…

Score 27.35 · moderate

CoreWeave

HQ: United States

Specialized GPU cloud provider offering NVIDIA-powered infrastructure for AI training and inference at scale. Major supplier to OpenAI, Micr…

Score 29.93 · moderate

Arize AI

HQ: United States

ML and LLM observability platform for monitoring model performance, drift, and evaluating generative AI applications. Offers Arize Phoenix o…

Score 30.6 · moderate

Zendesk

HQ: United States

Customer service and engagement platform with AI-powered features including automated ticket resolution, agent assist, and intelligent triag…

Score 30.94 · moderate

Galileo

HQ: United States

LLM evaluation and observability platform focused on hallucination detection, reliability scoring, and generative AI quality assurance. Offe…

Score 30.97 · moderate

Twilio

HQ: United States

Communications platform integrating AI for intelligent routing, voice intelligence, and customer engagement through its CustomerAI technolog…

Score 31.65 · moderate

Abridge

HQ: United States

Generative AI platform for clinical documentation that converts patient-clinician conversations into structured medical notes. Integrates wi…

Score 32.09 · moderate

Monday.com

HQ: Israel

Work operating system with AI-powered project management features including task generation, content composition, formula building, and work…

Score 32.24 · moderate

Regard

HQ: United States

Clinical decision support AI that analyzes EHR data to surface diagnoses and conditions clinicians may have missed. Integrates directly with…

Score 33.19 · moderate

Hippocratic AI

HQ: United States

Healthcare-focused generative AI platform developing safety-tested agents for non-diagnostic patient-facing tasks such as care coordination,…

Score 33.46 · moderate

Darktrace

HQ: United Kingdom

UK-based AI cybersecurity company using self-learning AI to detect and respond to cyber threats. Develops proprietary unsupervised learning …

Score 35.77 · moderate

Buyer checklist

Confirm the BAA covers sub-processors (which upstream model APIs see your data).
Verify that breach reporting timeline meets your covered entity's policy.
Confirm the vendor will return or destroy PHI at termination.
Check whether the BAA is included at all pricing tiers or only enterprise.
Run a mock incident-response tabletop covering the vendor as a business associate.

Compliance is necessary, not sufficient. Holding HIPAA BAA is a meaningful baseline, but no certification covers AI-specific risk end-to-end. Layer this on top of vendor-specific diligence — sub-processor disclosure, training-data policy, model card transparency, dependency-chain mapping.

AI vendors that sign HIPAA Business Associate Agreements

Vendors with HIPAA BAA

Buyer checklist

Related compliance frameworks