Lilly Tech Systems
Intermediate
Business Associate Agreements for AI
Any third party that creates, receives, maintains, or transmits PHI on behalf of a covered entity must sign a Business Associate Agreement. AI vendors, cloud providers, and API services all fall under this requirement.
What is a Business Associate?
Under HIPAA, a business associate is any person or entity that performs functions or activities on behalf of a covered entity that involve the use or disclosure of PHI. In the AI context, this includes:
- Cloud AI service providers (Azure OpenAI, AWS Bedrock, Google Vertex AI)
- AI model training vendors
- Data annotation and labeling services
- AI consulting firms with PHI access
- Managed AI infrastructure providers
- Health-focused SaaS platforms using AI
Important: Simply sending PHI to an AI API endpoint without a BAA in place is a HIPAA violation, even if the AI provider claims to be "HIPAA compliant." The BAA must be signed before any PHI is transmitted.
Essential BAA Provisions for AI
A BAA for AI services should include specific provisions beyond standard BAA language:
| Provision | Standard BAA | AI-Specific Addition |
|---|---|---|
| Permitted uses | Define allowed PHI uses | Specify whether PHI can be used for model training |
| Data retention | Return or destroy PHI | Address model weights that may encode PHI |
| Subcontractors | Require downstream BAAs | Cover GPU cloud providers, data pipeline services |
| Breach notification | Notify within 60 days | Include model inversion and data extraction attacks |
| Audit rights | Allow compliance audits | Include AI model audits and training data verification |
Cloud AI Provider BAA Considerations
Major cloud providers offer HIPAA-eligible AI services, but with important caveats:
- Not all services are covered: The BAA typically covers only specific HIPAA-eligible services. Verify that the AI services you plan to use are included.
- Configuration requirements: You must configure services according to the provider's HIPAA implementation guide
- Data residency: Ensure PHI stays within compliant regions and does not cross jurisdictional boundaries
- Shared responsibility: The cloud provider secures the infrastructure; you secure the application and data layer
AI-Specific BAA Clauses
When negotiating BAAs with AI vendors, ensure these AI-specific clauses are addressed:
- No training on PHI: Explicitly prohibit using your PHI to train or improve the vendor's general AI models
- Data isolation: Require that your PHI is processed in isolated environments, not shared infrastructure
- Model ownership: Clarify who owns models trained on or fine-tuned with your PHI-derived data
- Output handling: Specify how AI-generated outputs containing PHI must be handled
- Logging and monitoring: Require comprehensive logging of all PHI access by the AI system
Practical tip: Maintain a centralized registry of all BAAs related to AI services. Review and update them annually, and whenever you change AI vendors or add new AI capabilities that involve PHI.