HIPAA-Eligible Model Providers in 2026: OpenAI, Anthropic, Google, AWS

Picking the wrong model in a healthcare voice agent is not a performance bug. It is a HIPAA breach waiting to be discovered.

What the rule says

flowchart LR
  Patient["Patient call/chat"] -- "TLS 1.3" --> Edge["Cloudflare WAF"]
  Edge --> App["CallSphere App<br/>HIPAA + SOC 2 aligned"]
  App -- "encrypted" --> AI["AI Voice Agent"]
  AI -- "tool_call · audit" --> Audit[("Audit log<br/>§164.312")]
  AI --> EHR[("EHR · BAA-signed")]
  EHR --> AI
  AI --> Patient

HIPAA at 45 CFR 164.502(e) requires a covered entity to obtain a BAA from any business associate that creates, receives, maintains, or transmits PHI. That obligation flows down to every subcontractor under 45 CFR 164.308(b)(2). A large language model provider that ingests prompts containing PHI is unambiguously a business associate — and unless that provider has both signed a BAA and exposed an endpoint or product line that is in scope for that BAA, the data flow is non-compliant the second a real patient name enters a prompt.

What it means for AI voice/chat agents

In 2026 there are four serious provider tracks for HIPAA-eligible large-model usage: OpenAI's API platform, Anthropic Claude, Google Vertex AI, and AWS Bedrock. Each has different scope, different procurement paths, and different operational gotchas.

OpenAI signs BAAs for the API platform on direct request to [email protected], and for the new ChatGPT for Healthcare and ChatGPT Enterprise products through sales-managed accounts. Consumer ChatGPT, ChatGPT Plus, and ChatGPT Business are not BAA-eligible. Eligible API endpoints support zero data retention configuration, which is the operational pattern most healthcare buyers run.

Anthropic offers HIPAA-ready Claude through enterprise plans on direct contracts and — more commonly — through AWS Bedrock, Google Vertex AI, and Microsoft Azure where the underlying cloud BAA covers the model. Consumer Claude.ai is not BAA-eligible.

Google Cloud signs a BAA that covers Vertex AI, Gemini API on Vertex, and the Healthcare API. The BAA must be in place at the Google Cloud organization level, and the regulated-data flag should be enabled at the project level for all PHI-bearing workloads.

AWS signs a BAA self-service through AWS Artifact at no additional cost. As of February 2026, the HIPAA Eligible Services Reference includes Amazon Bedrock, Bedrock AgentCore, Amazon Polly, Amazon Transcribe (including Transcribe Medical), Amazon Comprehend Medical, and Amazon Lex. The BAA applies account-wide but only covers eligible services — using a non-eligible service for PHI is a breach even if the BAA is signed.

CallSphere implementation

CallSphere routes every healthcare prompt only to BAA-eligible model deployments. Our Healthcare Voice Agent uses OpenAI realtime endpoints under a signed OpenAI BAA with zero data retention, with Claude on AWS Bedrock as a fallback under the AWS BAA. Speech-to-text uses Amazon Transcribe Medical, text-to-speech uses Amazon Polly — both BAA-covered. Telephony runs on Twilio Programmable Voice with a signed Twilio BAA. Across our 90+ tools and 115+ database tables, every model call is logged with the provider, the model, the BAA reference number, the prompt size, and the response classification — so an auditor can verify in seconds that a given PHI flow only touched eligible providers. See our healthcare overview at /industries/healthcare and full pricing at /pricing.

Build/audit checklist

1. List every model provider, embedding provider, and inference endpoint in your voice/chat stack.
2. For each, confirm whether a BAA is offered and on which products or endpoints.
3. Move all consumer-tier usage (ChatGPT Plus/Business, Claude.ai) off the PHI path entirely.
4. Enable zero data retention or equivalent on every BAA-eligible endpoint that supports it.
5. For AWS, accept the BAA in AWS Artifact and configure SCPs to deny non-eligible services for PHI accounts.
6. For Google Cloud, enable the regulated-data project flag and use VPC-SC perimeters around PHI projects.
7. Log the model provider, model name, and BAA reference on every inference call for audit.
8. Update your risk analysis to include the new model providers and their subcontractors.
9. Reconfirm BAA coverage every quarter — eligibility lists shift as new services launch.

FAQ

Is consumer ChatGPT HIPAA-compliant? No. Consumer ChatGPT, ChatGPT Plus, ChatGPT Free, and ChatGPT Business are not BAA-eligible. Only the OpenAI API platform under a signed BAA, ChatGPT Enterprise, ChatGPT Edu, and ChatGPT for Healthcare are HIPAA-ready paths.

Which Claude products are HIPAA-ready? Anthropic's Enterprise plan with a signed BAA, plus Claude on AWS Bedrock and Claude on Google Vertex AI under the underlying cloud BAA. Claude.ai consumer tiers are not BAA-eligible.

Can I use AWS Bedrock for PHI today? Yes. AWS added Bedrock and Bedrock AgentCore to the HIPAA Eligible Services Reference in February 2026, and the BAA is self-serve in AWS Artifact at no charge.

Does CallSphere route PHI to consumer endpoints? Never. We have hard provider allow-lists and route healthcare prompts only to BAA-covered endpoints with zero data retention.

Sources

• AWS HIPAA Eligible Services Reference: https://aws.amazon.com/compliance/hipaa-eligible-services-reference/
• OpenAI BAA process: https://help.openai.com/en/articles/8660679-how-can-i-get-a-business-associate-agreement-baa-with-openai
• Anthropic Claude HIPAA-ready Enterprise: https://support.claude.com/en/articles/13296973-hipaa-ready-enterprise-plans
• Google Cloud HIPAA compliance: https://cloud.google.com/security/compliance/hipaa-compliance