Governance
BAA (Business Associate Agreement)
A BAA (Business Associate Agreement) is the HIPAA-required contract between a covered entity (hospital, insurer) and a third-party service provider that processes PHI. Cloud AI providers — AWS, Azure, Google Cloud, OpenAI Enterprise, Anthropic Enterprise — sign BAAs as part of healthcare-targeted offerings. No BAA, no HIPAA-compliant deployment.
Related terms
- HIPAA — HIPAA (Health Insurance Portability and Accountability Act) is the US federal law governing protected health information (PHI).
- PHI (Protected Health Information) — PHI (Protected Health Information) is any individually identifiable health data covered by HIPAA — diagnoses, treatments, billing, demographic identifiers tied to health context.