The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. federal law that requires privacy and security protections for protected health information (PHI). Our API platform can be a great fit for any covered entity or business associate looking to process protected health information, and we’d be happy to assist you in fulfilling your HIPAA compliance. To use our API platform, you’ll first need a BAA with OpenAI.
How do I get started?
If you require a BAA before you can use our API, email us at baa@openai.com with details about your company and use case.
Our team will respond within 1-2 business days. We review each BAA request on a case-by-case basis and may need additional information. The process is usually completed within a few business days.
Can I get a BAA for ChatGPT?
If you're interested in exploring a BAA for ChatGPT Enterprise, please contact sales.
What happens if I’m not approved?
We are able to approve most customers that request BAAs, but occasionally a use case doesn’t pass our team's evaluation. In that case, we’ll give feedback and context as to why that is and give you the opportunity to update your intended use of our API and re-apply.
Are all API services covered by the BAA?
No, only endpoints that are eligible for zero retention are covered by the BAA. You can see a list of those endpoints.
Is an enterprise agreement requirement to sign a BAA?
No, an enterprise agreement is not required to sign a BAA.