The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. federal law that requires privacy and security protections for protected health information (PHI). Our API platform can be a great fit for any covered entity or business associate looking to process protected health information, and we’d be happy to assist you in fulfilling your HIPAA compliance. To use our API platform with PHI, you’ll first need a BAA with OpenAI.

How do I get started?

If you require a BAA before you can use our API, email us at baa@openai.com with details about your company and use case.

Our team will respond within 1-2 business days. We review each BAA request on a case-by-case basis and may need additional information. The process is usually completed within a few business days.

What happens if I’m not approved?

We are able to approve most customers that request BAAs, but occasionally a use case doesn’t pass our team's evaluation. Reconsideration for any use cases not initially approved is only available for customers that are working with a member of our sales team. Please reach out to your account director or contact sales for more information.

Are all API services covered by the BAA?

No, only endpoints that are eligible for zero retention are covered by the BAA. You can see a list of those endpoints here.

Is an enterprise agreement requirement to sign a BAA for API services?

To use the API Platform, an enterprise agreement is not required to sign a BAA.

Can I get a BAA for ChatGPT?

If you're interested in exploring a BAA for ChatGPT Enterprise or Edu, please contact sales. Only ChatGPT Enterprise or Edu customers that have a sales-managed account are eligible for a BAA for ChatGPT at this time. Please note that we don’t offer a BAA for ChatGPT Team.