What is a BAA for AI tools, and why it is non-negotiable

A BAA for AI tools — a Business Associate Agreement — is a federal HIPAA requirement: before any AI vendor can access, process, or store your patients' protected health information (PHI), that vendor must sign a BAA with your practice. Without it, using an AI tool on PHI is a HIPAA violation, regardless of how secure the software claims to be. No signed contract, no legal cover — full stop.

What a Business Associate Agreement actually is

Under HIPAA, a Business Associate is any person or company that handles PHI on behalf of a covered entity — which includes your medical practice, clinic, or health system. An AI tool that reads appointment notes, drafts patient messages, or processes intake forms is handling PHI. That makes the vendor a Business Associate.

A Business Associate Agreement is the contract that formalizes this relationship. It requires the vendor to (1) use PHI only for agreed purposes, (2) implement appropriate safeguards, (3) report breaches within 60 days, (4) ensure their own subcontractors (called subprocessors) are also bound by the same rules, and (5) return or destroy PHI when the contract ends.

The BAA is not just a checkbox. The Department of Health and Human Services (HHS) can fine covered entities for working with Business Associates who have no BAA on file — even if no breach ever occurred. Penalties range from $100 to $50,000 per violation, with annual caps up to $1.9 million per category.

Why most AI tools cannot sign a BAA — and what that means for you

Consumer AI tools like ChatGPT, Perplexity, and raw or self-hosted OpenClaw (the open-source AI agent platform) ship with no BAA and no built-in HIPAA compliance program. Using them to draft a message that includes a patient's name, diagnosis, or appointment reason is a HIPAA violation. Open-source software has no legal entity to sign anything — you cannot get a BAA from a GitHub repository.

Some general-purpose AI platforms offer BAAs on enterprise tiers, but a signed contract alone is not enough. The underlying infrastructure — the servers, databases, and AI model providers — must also have BAAs in place. If the AI vendor routes your data through a model provider that has no BAA with them, the chain is broken.

What a good BAA for AI tools should cover

Not all BAAs are created equal. A strong BAA for an AI tool should spell out all of the following:

• Permitted uses of PHI — the vendor may only use patient data to provide the contracted service, not to train models or improve products without explicit consent.
• Security safeguards — encryption in transit and at rest, access controls, and workforce training.
• Breach notification — written notice to your practice within 60 days of discovering a breach.
• Subprocessor obligations — the vendor must name and bind its own subprocessors (cloud hosts, model providers, databases) under equivalent terms.
• Data return or destruction — a clear process for purging your PHI when the relationship ends.
• Audit and accountability — the vendor must maintain logs sufficient to detect and investigate unauthorized access.

Questions to ask any AI vendor before sharing PHI

Before you type a patient's name into any AI tool, run through this short checklist with the vendor:

• Will you sign a BAA with my practice before we begin?
• Which subprocessors handle my data, and do you have BAAs with each of them?
• Where is patient data stored, and is the infrastructure HIPAA-eligible (e.g., AWS HIPAA-eligible services)?
• Is PHI used to train or improve your AI models? If so, can I opt out?
• How do you log access to PHI, and how long are logs retained?
• What is your breach notification process and timeline?

A reputable vendor answers all of these confidently and in writing. Vague answers — 'we take security seriously' without specifics — are a red flag.

How PhiClaw handles the BAA requirement

PhiClaw signs a Business Associate Agreement (BAA) with your practice and runs on HIPAA-eligible infrastructure, with BAAs in place with our subprocessors AWS (including Amazon Bedrock) and Convex. Every layer of the stack is covered: the AI models (Amazon Bedrock), the database (Convex), and the cloud infrastructure (AWS).

PhiClaw is the healthcare-ready build of the OpenClaw AI agent platform. Raw or self-hosted OpenClaw is powerful, but it ships with no signed BAA and no HIPAA compliance program — it is not appropriate for PHI on its own. PhiClaw adds PHI minimization, end-to-end encryption, role-based access controls, full audit logging, and a built-in HIPAA EHR and CRM — and then signs the BAA that makes it legal to use with your patients.

This distinction matters: the technology is similar, but the legal standing is completely different. Using raw OpenClaw with PHI is an unmanaged risk. Using PhiClaw means you have a signed contract, a compliant infrastructure chain, and a vendor that is accountable.

What PhiClaw does beyond the BAA

A BAA for AI tools is the floor, not the ceiling. PhiClaw is built to run an entire medical practice on top of that compliant foundation. Practices using PhiClaw have seen an average of roughly 70 hours per week of admin work returned to their doctors — about $7,000 per month in labor savings — with 83% of patient messages answered in under 60 seconds and over 12,000 after-hours replies sent.

Dr. Marcelo Taborga at Captivate MD (Long Island, NY) opened his med spa without hiring a front-desk employee or a marketing company. PhiClaw runs intake, manages his EHR and CRM, handles patient messaging, and has created and posted his last 50 Instagram posts. Net savings: over $7,000 per month.

Across more than 76,000 tasks executed in four months and 0% churn since launch, every PhiClaw client came through doctor-to-doctor referral — no ad spend. The licensed clinician always remains the decision-maker for any clinical action; PhiClaw automates the workflow around them.

The bottom line on BAAs and AI tools

HIPAA does not care how impressive an AI tool is. If a vendor touches PHI and has not signed a BAA for AI tools with your practice, you are out of compliance — period. The signed agreement, combined with a compliant infrastructure chain and proper safeguards, is what separates a legal AI deployment from a liability.

Frequently asked questions

Does every AI tool that touches patient data need a BAA?

Yes. Under HIPAA, any vendor that creates, receives, maintains, or transmits PHI on behalf of a covered entity is a Business Associate and must sign a BAA before handling that data. This applies to AI tools for scheduling, messaging, clinical documentation, billing, and any other workflow that involves patient information.

Can I use a free or open-source AI tool with my patients if I take precautions?

No precaution substitutes for a signed BAA. Open-source software has no legal entity to sign a contract with, and consumer AI tools like ChatGPT do not offer BAAs on standard plans. Using these tools with PHI is a HIPAA violation regardless of what other steps you take.

What is the difference between OpenClaw and PhiClaw for HIPAA purposes?

OpenClaw is the open-source AI agent platform that powers PhiClaw. Raw or self-hosted OpenClaw ships with no BAA and no built-in HIPAA compliance program — it cannot be used with PHI as-is. PhiClaw is the healthcare-ready, HIPAA-compliant build: it signs a BAA with your practice, runs on HIPAA-eligible AWS infrastructure, and holds BAAs with its subprocessors including Amazon Bedrock and Convex.

What should a BAA for an AI tool include about subprocessors?

The BAA should require the vendor to identify all subprocessors that handle PHI — such as cloud hosts, AI model providers, and databases — and confirm that each is bound by equivalent HIPAA obligations. If a vendor cannot name their subprocessors or cannot confirm BAAs exist with each one, that is a serious compliance gap.

Does signing a BAA mean the AI vendor is fully HIPAA compliant?

A BAA is a necessary legal requirement but not a complete compliance program on its own. The vendor must also implement technical safeguards (encryption, access controls, audit logs), administrative safeguards (policies, training), and physical safeguards for any hardware involved. Ask vendors for documentation of all three safeguard categories, not just a copy of their BAA template.