Is Claude HIPAA Compliant? Complete Guide for 2026

A Netskope research report dropped a number that should make every healthcare compliance officer sweat: 88% of healthcare organizations now use cloud-based generative AI tools. That's not surprising. What's surprising is the next number: 71% of healthcare workers are using personal AI accounts for work.

Think about that. Seven out of ten healthcare workers are pasting patient notes, lab results, and clinical summaries into AI tools that have no business associate agreement, no audit trail, and no compliance controls whatsoever.

The Office for Civil Rights reported that 182.4 million individuals had their health information exposed in 2024 alone. That's more than half the US population. And increasingly, those breaches aren't coming from sophisticated hackers. They're coming from well-meaning employees who just wanted to draft a faster discharge summary.

So here's the question everyone in healthcare IT is asking: Is Claude HIPAA compliant?

The short version: If you need to redact sensitive documents before they reach AI systems, PaperVeil handles that layer. The rest of this article explains where it fits in the broader governance architecture.

The Direct Answer

No. And yes. It depends on which Claude you're talking about.

Claude.ai (the chat interface): Not HIPAA compliant. Anthropic explicitly states that their BAA does not cover beta products or chat products like Claude.ai. If your team is pasting patient notes into claude.ai to generate summaries, that violates HIPAA. Full stop.

Claude API: Can be HIPAA compliant. Anthropic offers Business Associate Agreements for their API products. But signing a BAA doesn't make you compliant. It makes Anthropic's service eligible for your compliant usage. You still need your own safeguards.

Claude via AWS Bedrock: Covered under the AWS BAA with no exclusions. When you use Claude through Bedrock, Anthropic cannot see your inputs and outputs. Your data stays within AWS's HIPAA-eligible infrastructure.

The distinction matters because most healthcare workers aren't using the API. They're using the chat interface. And the chat interface cannot legally touch protected health information.

What HIPAA Actually Requires

HIPAA's Privacy Rule protects "individually identifiable health information" in any form: electronic, paper, or oral. The Department of Health and Human Services defines 18 specific identifiers that make health information "protected":

  1. Names
  2. Geographic data smaller than a state
  3. Dates (except year) related to an individual
  4. Phone numbers
  5. Fax numbers
  6. Email addresses
  7. Social Security numbers
  8. Medical record numbers
  9. Health plan beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers and serial numbers
  13. Device identifiers and serial numbers
  14. Web URLs
  15. IP addresses
  16. Biometric identifiers
  17. Full-face photographs
  18. Any other unique identifying number or code

If health information contains any of these identifiers, it's PHI. And PHI requires a Business Associate Agreement with any third party that handles it.

The penalties for getting this wrong are substantial. The HHS Office for Civil Rights resolved 22 enforcement actions in 2024 alone, making it one of the busiest years for HIPAA enforcement on record. Fines range from $141 per violation at the low end to $71,162 per violation at the high end, with annual caps reaching $2.1 million. A national medical supplier paid a $3 million penalty in 2025 after failing to conduct a proper risk analysis before a phishing incident exposed patient data.

Where Claude Falls Short

Anthropic has built Claude with strong privacy principles, but several gaps prevent standard Claude usage from meeting HIPAA requirements:

No BAA for the chat interface. This is the most important limitation. Claude.ai, Claude Pro, and Claude Max plans don't have BAA coverage. Anthropic's BAA explicitly covers only API products. The vast majority of healthcare workers using Claude are using the chat interface, which means they're violating HIPAA every time they paste in patient information.

Data retention varies by plan. Consumer users who opt into training have a 5-year retention period. Those who opt out retain data for 30 days. API users see 7-day retention (changed from 30 days in September 2025). This matters because HIPAA requires you to know exactly where PHI goes and how long it stays there. Variable retention periods make compliance documentation complicated.

Training data concerns. By default, Anthropic can use consumer conversations to improve their models. Business and Enterprise customers are exempt from this, but free and Pro users need to manually opt out. Even with training disabled, the transmission itself creates compliance exposure.

No technical transmission safeguards. When you paste PHI into Claude.ai, that data travels to Anthropic's servers. Even if it's not retained, the transmission occurred. HIPAA's Security Rule requires technical safeguards for PHI in transit. Using a consumer web interface doesn't give you the audit controls, access logging, or encryption verification that compliance requires.

The Workaround: How to Use Claude With PHI

Here's the good news: you can use Claude's capabilities while maintaining HIPAA compliance. The approach requires two things: using the right access method and implementing a redaction layer.

Option 1: Claude API with BAA

Anthropic will sign a Business Associate Agreement for qualified API customers. The process works like this:

  1. Contact Anthropic's sales team through their inquiry form
  2. Describe your specific use case and deployment
  3. Anthropic reviews your compliance posture
  4. If approved, they provide a BAA covering API usage

The BAA covers inputs, outputs, and any incidental data Anthropic processes. It doesn't cover the chat interface, beta features, or any third-party applications built on Claude.

Option 2: Claude via AWS Bedrock

This is often the simpler path. AWS Bedrock is covered under AWS's existing BAA with no exclusions for Anthropic models. Here's why this matters:

When you use Claude through Bedrock, your data never reaches Anthropic. AWS handles the inference. Anthropic cannot see your prompts or responses. You inherit AWS's full HIPAA compliance infrastructure: encryption, audit logging, access controls, and all the documentation you need for your compliance records.

If your organization already has a BAA with AWS (most large healthcare organizations do), you can start using Claude through Bedrock immediately without any additional agreements.

Option 3: Zero-Data-Retention Enterprise

Anthropic offers Zero-Data-Retention mode for enterprise customers. With ZDR enabled, your prompts and responses aren't stored on Anthropic's servers at all. This eliminates retention concerns entirely, though you still need the underlying BAA and proper access controls.

Implementation Steps

Here's a practical workflow for using Claude with healthcare data:

Step 1: Never use the chat interface for PHI.

This needs to be a hard rule. Put it in your security policy. Train your staff. Block claude.ai at the network level if you have to. The chat interface has no BAA coverage and never will for consumer plans.

Step 2: Choose your access method.

For most organizations, AWS Bedrock is the path of least resistance. If you need direct API access for custom applications, initiate the BAA process with Anthropic's sales team.

Step 3: Implement pre-upload redaction.

Even with a BAA, sending less PHI is better than sending more. A redaction layer that strips identifiers before the data reaches Claude reduces your compliance surface area.

The 18 HIPAA identifiers are well-defined. Pattern matching can catch most of them: Social Security numbers, phone numbers, email addresses, medical record numbers. Named entity recognition handles names and locations. The goal isn't perfect redaction (that's impossible), but risk reduction.

Step 4: Build audit trails.

HIPAA requires documentation of who accessed what PHI and when. If you're sending patient data to Claude via API, log those transactions. Record the timestamp, the user, a hash of the input, and the response. You'll need this for compliance audits.

Step 5: Train your staff.

The Netskope research found that 81% of data policy violations in healthcare involve regulated data like PHI. Most violations aren't malicious. They're convenience-driven. Staff need to understand which tools are approved, which aren't, and why the distinction matters.

Alternatives Worth Considering

If the API/Bedrock path seems complicated, several alternatives exist:

AWS Bedrock remains the cleanest option for organizations already in the AWS ecosystem. You get Claude's capabilities with AWS's compliance infrastructure.

Azure OpenAI Service offers GPT-4 and other OpenAI models under Microsoft's BAA. If your organization is Microsoft-centric, this might be a better fit than switching to AWS.

Third-party HIPAA wrappers like Hathr.AI provide API access to Claude and other models with built-in BAA coverage. They handle the compliance infrastructure so you don't have to.

On-premises models eliminate the third-party concern entirely but require significant infrastructure investment. For most healthcare organizations, this is overkill.

The Bottom Line

Claude is not HIPAA compliant out of the box. The chat interface (claude.ai) cannot be used with PHI under any circumstances. The API can be made compliant with a BAA and proper safeguards. Claude via AWS Bedrock is the simplest path for most organizations.

The biggest mistake healthcare organizations make is treating BAAs as checkboxes. Signing a BAA doesn't make your usage compliant. It makes the service eligible for your compliant usage. You still need:

  • Access controls (who can send data to Claude?)
  • Audit logging (what data was sent and when?)
  • Staff training (does everyone know the rules?)
  • Redaction workflows (are you minimizing PHI exposure?)
  • Documentation (can you prove compliance to auditors?)

The 71% of healthcare workers using personal AI accounts for work aren't bad people. They're trying to be more efficient. They're trying to help patients. The failure is organizational: we haven't given them compliant tools that are as easy to use as the non-compliant ones.

That's a fixable problem. But it requires taking compliance seriously before the next breach, not after.

PaperVeil lets you redact sensitive information from documents before they touch any AI system. Detect and remove the 18 HIPAA identifiers automatically, strip metadata, and generate audit trails. The redaction layer that makes AI document processing actually safe for healthcare.