Governance March 27, 2026 9 min read

Claude HIPAA Compliance Guide: Using AI Safely in Healthcare

Complete reference for deploying Claude in HIPAA-regulated environments. Understand BAA requirements, PHI safeguards, permitted use cases, and the technical controls required for healthcare organizations.

Healthcare HIPAA compliance with AI

Does Anthropic Sign a BAA? (The Question Every Healthcare Organization Asks)

Yes. Anthropic signs Business Associate Agreements (BAAs) with healthcare organizations that need to process Protected Health Information (PHI) with Claude. This is the most important thing to know if you work in healthcare.

However, there are important conditions. Anthropic doesn't sign a BAA for every customer—the BAA is reserved for enterprise customers who meet specific criteria and are willing to work within Anthropic's enterprise agreement framework. If you're a smaller healthcare organization or a health tech startup, you'll need to discuss availability with Anthropic's enterprise team.

A Business Associate Agreement is a legal contract that obligates Anthropic (the service provider) to:

  • Only use PHI for the purposes specified in your agreement
  • Implement and maintain physical, technical, and administrative safeguards for PHI
  • Report breaches of unsecured PHI
  • Assist you in meeting your HIPAA obligations (e.g., for breach notification, audits)
  • Return or destroy PHI when no longer needed

The BAA essentially says: "We've confirmed that Anthropic will handle your patient data according to HIPAA rules." Without a BAA, you cannot legally send PHI to Claude, even if Claude is technically capable of processing it securely.

If you're considering using Claude with PHI, your first step is to confirm that Anthropic's current BAA terms work for your organization. This typically involves contacting Anthropic's enterprise sales team and reviewing their standard BAA language.

What About the Default Anthropic Terms?

Anthropic's standard Terms of Service (the ones that apply to free and paid API customers) do not include BAA protections. If you sign up for Claude API and start sending PHI without a BAA in place, you're violating HIPAA. Period. The Anthropic platform is not "HIPAA-compliant by default"—HIPAA compliance is an opt-in choice that requires an explicit BAA.

This is a critical distinction: compliance isn't a feature; it's a contract.

Building a HIPAA-Compliant Claude Strategy?

Our healthcare specialists help you determine if Claude fits your compliance framework, establish BAA terms, and design technical safeguards that protect patient data.

Request Healthcare Assessment →

What Qualifies as PHI in Claude Interactions

The HIPAA Privacy Rule defines Protected Health Information as any health information that can be used to identify an individual. This is broader than many organizations think.

PHI includes:

  • Direct identifiers: Names, medical record numbers, Social Security numbers, account numbers, IP addresses (in some contexts), email addresses, phone numbers, dates of birth, home addresses
  • Health information: Diagnoses, medical history, medications, lab results, vital signs, treatment plans, mental health records, substance abuse treatment information
  • Billing information: Insurance claims, payment records, CPT codes linked to a patient
  • Dates and codes: Even seemingly harmless information like "patient admitted on March 15" combined with other data can identify a person

The key is identifiability. If the information could be used alone or in combination with other data to identify a patient, it's PHI, even if it seems anonymous.

Examples: What You Cannot Send to Claude (Without Proper Safeguards)

  • "Patient John Smith, DOB 1985-03-15, diagnosed with type 2 diabetes" — Direct identifiers + diagnosis = PHI
  • "Patient MRN 987654, hospitalized March 10-15, primary diagnosis pneumonia" — MRN + health info = PHI
  • "55-year-old patient with hypertension from Boston area" — Age + location + condition might be identifiable = likely PHI
  • "Copy of discharge summary for patient ID 123456" — Patient ID + clinical content = PHI

Examples: What You Can Send to Claude (Generally Safe)

  • "Summarize the clinical presentation of a 55-year-old patient with hypertension and diabetes" — No identifying information
  • "Draft a template for a discharge summary for post-surgical orthopedic patients" — No actual patient data
  • "Analyze this deidentified dataset of 500 patient records showing medication patterns" — Properly deidentified data
  • "Help me write clinical documentation guidelines for our EHR" — Process guidance, no patient data

The distinction matters. You can use Claude in healthcare settings—you just need to be intentional about what data you send. Many organizations use Claude for clinical process work, documentation templates, research guidance, and even clinical support—as long as no PHI is involved.

Technical Safeguards Required for HIPAA-Compliant Claude Use

A BAA from Anthropic covers their responsibilities. Your responsibility is to implement technical safeguards at your end. HIPAA calls these "Technical Safeguards," and they're non-negotiable if you're using Claude with PHI.

Access Controls

Requirement: Only authorized individuals should be able to send data to Claude.

Implementation:

  • Restrict Claude API access to specific team members (not the entire organization)
  • Use multi-factor authentication (MFA) for anyone accessing Claude API credentials
  • Store API keys in a secrets management system (HashiCorp Vault, AWS Secrets Manager, etc.), not in code or plaintext files
  • Implement role-based access control (RBAC) so clinicians, researchers, and administrators have different permission levels
  • Log all access to Claude API—who used it, when, and what they did

Encryption in Transit and at Rest

Requirement: PHI must be encrypted when traveling to Claude and when stored anywhere in your systems.

Implementation:

  • All Claude API calls must use HTTPS/TLS (Anthropic enforces this)
  • If you cache or temporarily store prompts and responses, encrypt them at rest
  • Use VPN or network encryption if API calls travel across your organization's network
  • Encrypt any files you're using for batch processing before uploading to Claude

Audit Logging

Requirement: You must maintain an audit trail of all Claude API usage involving PHI.

Implementation:

  • Enable API logging for all Claude requests (Anthropic provides this at the API level)
  • Stream logs to a centralized system (your SIEM or log aggregation platform)
  • Log what was sent, by whom, when, and what Claude returned
  • Retain logs for at least 6 years (standard HIPAA retention period)
  • Monitor logs for unusual activity (e.g., a user suddenly querying thousands of records)
  • Have a process to investigate suspicious logs

Data Integrity and Authentication

Requirement: PHI must not be altered without authorization, and you must be able to verify that data came from legitimate sources.

Implementation:

  • Use checksums or digital signatures for critical data being sent to Claude
  • Implement tamper detection on stored logs and responses
  • Use message authentication codes (MACs) if transmitting sensitive data

Data Loss Prevention (DLP) Scanning

Requirement: You need controls to prevent PHI from being accidentally sent to Claude.

Implementation:

  • Implement DLP scanning at the API proxy level that detects patterns like SSNs, MRNs, specific keywords (patient names, diagnoses, medication names)
  • Configure DLP to block requests that appear to contain PHI, or at minimum alert your security team
  • Train users on what constitutes PHI and when Claude is appropriate to use
  • Have incident response procedures if PHI is accidentally submitted to Claude (see section below)

Permitted vs. Prohibited Claude Uses Under HIPAA

HIPAA doesn't prohibit using AI in healthcare. It prohibits using AI with PHI unless you have the right safeguards in place. Here's what's permitted and what's not:

Permitted Uses (With Safeguards)

  • Clinical decision support: Using Claude to help analyze deidentified patient data, suggest diagnostic approaches, or generate clinical reasoning
  • Patient communication: Drafting patient-facing materials, educational content, or appointment reminders (not using actual patient data)
  • Clinical documentation: Using Claude to help structure clinical notes, generate templates, or improve documentation (without sending actual PHI)
  • Research: Analyzing deidentified or properly consented data with Claude to identify patterns
  • Administrative efficiency: Scheduling optimization, staffing analysis, and operational improvements (not involving PHI)
  • Coding and billing support: Using Claude to help understand coding guidelines, verify code selection, or optimize billing workflows—but not using it to code actual patient encounters without proper safeguards

Prohibited or High-Risk Uses

  • Sending actual patient records to Claude without BAA: This is the most common mistake. Even if you have a BAA, you should never send unnecessary PHI.
  • Using Claude for automated diagnosis or treatment decisions: Claude should not be the sole decision-maker in clinical care. It can assist, but human clinicians must validate and approve.
  • Sending genetic information, mental health records, or substance abuse treatment data without specific contractual safeguards: These are especially sensitive; some organizations require additional controls.
  • Using Claude API responses directly in patient records without validation: Claude outputs should be reviewed and approved by a qualified clinician before entering the medical record.
  • Storing Claude responses indefinitely: Responses containing PHI should be retained only as long as necessary, then securely deleted.

Implementation Checklist for HIPAA-Compliant Claude Deployments

If you're implementing Claude in a healthcare setting, work through this checklist with your compliance and security teams:

Legal & Contractual

  • ☐ Confirm Anthropic has signed a BAA that meets your organization's requirements
  • ☐ Review the BAA terms with legal and compliance teams
  • ☐ Document your intended use cases for Claude in writing
  • ☐ Update your privacy policy to mention Claude use (if applicable)
  • ☐ If processing data for research, confirm you have proper IRB approvals

Technical Implementation

  • ☐ Set up API key management (use a secrets management system, not hardcoded)
  • ☐ Implement network-level encryption (HTTPS/TLS is standard; add VPN if needed)
  • ☐ Deploy a proxy layer that logs all Claude API requests
  • ☐ Configure DLP scanning to detect and block PHI in outbound Claude API calls
  • ☐ Set up centralized logging that captures all Claude interactions for 6+ years
  • ☐ Implement MFA for anyone with access to Claude API credentials
  • ☐ Test failover and disaster recovery procedures for Claude (if used in critical workflows)

Access & Governance

  • ☐ Define who is authorized to use Claude (by role and department)
  • ☐ Document approved use cases for Claude
  • ☐ Implement role-based access control (RBAC) in your API management system
  • ☐ Establish a change control process for new Claude use cases
  • ☐ Designate an owner responsible for Claude security and compliance

Training & Awareness

  • ☐ Train authorized users on what constitutes PHI
  • ☐ Train users on approved vs. prohibited uses of Claude
  • ☐ Document training completion
  • ☐ Create a simple guide for users: "5 Things You Should Never Send to Claude"

Incident Response & Monitoring

  • ☐ Establish a process to respond if PHI is accidentally sent to Claude
  • ☐ Document steps: detect → isolate → notify → investigate → document → prevent recurrence
  • ☐ Set up alerts for unusual Claude API usage patterns
  • ☐ Perform quarterly reviews of Claude access logs and usage
  • ☐ Have a plan to address DLP violations (e.g., a user repeatedly attempts to send PHI)

Documentation & Evidence

  • ☐ Document your risk assessment for Claude use
  • ☐ Maintain records of all BAA updates and reviews
  • ☐ Keep evidence of access controls, logging, and DLP configuration
  • ☐ Retain audit logs for regulatory or litigation purposes
  • ☐ Document any incidents involving Claude and PHI
🏥

Comprehensive AI Compliance Framework

Our AI Compliance white paper covers HIPAA, SOC2, and GDPR requirements for healthcare AI systems. Includes regulatory mapping, technical control specifications, and evidence collection checklists.

Read the Research →

What to Do If PHI Is Accidentally Sent to Claude

Mistakes happen. A clinician accidentally includes a patient name in a prompt. A developer copies a de-identified dataset but it contains more PHI than intended. Here's your incident response process:

Step 1: Detect (Automated & Manual)

Your DLP system should catch most incidents before data reaches Claude. But some may slip through. Have a way for users to report accidental submissions immediately (e.g., a Slack channel or form).

Step 2: Isolate

Confirm what PHI was sent, to which Claude model, at what time. Pull the API logs. Don't panic—Claude API requests are isolated; if one request contains PHI, only that request and Claude's response are affected.

Step 3: Notify

Inform your compliance team, security team, and the person who made the submission. Determine if breach notification is required (usually it's not, since Claude is in your control and Anthropic doesn't use your data for model training).

Step 4: Investigate

How did the PHI get into Claude? Was it:

  • A user misunderstanding what data is safe?
  • A technical issue (code included PHI when it shouldn't have)?
  • A procedure not being followed?

Step 5: Document

Log the incident: date, time, type of PHI, how it happened, who was involved, what actions were taken. This documentation is critical for audits and for establishing that you have a functioning incident response program.

Step 6: Prevent Recurrence

Based on the root cause, adjust controls. If a user was confused, add training. If a code was buggy, fix it. If a DLP rule didn't catch it, tune the rule.

Importantly: one incident doesn't mean Claude is unsuitable for your organization. It means you have a process to handle it, which is what auditors and regulators want to see.

Key Takeaways

Using Claude in a HIPAA-regulated environment is entirely feasible if you follow these principles:

  • Get a BAA: Don't use Claude with PHI without a signed Business Associate Agreement with Anthropic.
  • Know your PHI: Understand what constitutes PHI and train your team to recognize it.
  • Implement technical safeguards: Access controls, encryption, logging, and DLP are not optional.
  • Use Claude thoughtfully: There are many appropriate use cases—leverage them. Avoid sending raw PHI unless absolutely necessary.
  • Document everything: Your policies, controls, and incidents. Documentation is how you prove to auditors and regulators that you're taking HIPAA seriously.
  • Train continuously: PHI protection is a culture, not just a compliance checklist. Ongoing education keeps HIPAA top-of-mind for your team.

Healthcare organizations that implement Claude responsibly gain a competitive advantage: faster documentation, better clinical support, and operational efficiency—all while protecting patient privacy and maintaining regulatory compliance.

Frequently Asked Questions

Can we use Claude with patient data under HIPAA? +
Yes, but with specific conditions. You must have a Business Associate Agreement (BAA) with Anthropic, implement the required technical safeguards (access controls, encryption, logging, DLP), and ensure that the PHI being sent to Claude is necessary for your use case. Not all Claude uses require PHI—many clinical and operational applications work with deidentified or general health information instead.
What is a Business Associate Agreement (BAA) and does Anthropic provide one? +
A BAA is a contract between a healthcare organization and a vendor (in this case, Anthropic) that specifies how the vendor will protect PHI. It obligates Anthropic to implement safeguards, report breaches, and assist with your HIPAA compliance. Yes, Anthropic does provide a BAA, but it is typically available to enterprise customers under specific contract terms. Contact Anthropic's enterprise team to discuss availability and terms for your organization.
What Claude features are off-limits for PHI under HIPAA? +
Claude itself is not "off-limits" for PHI—the limitation depends on your safeguards. However, you should be cautious with: (1) using Claude for autonomous decision-making in clinical care without human review, (2) relying on Claude to code diagnoses or procedures for billing without validation, (3) sending sensitive data like genetic information or mental health records without specific contractual safeguards in place, and (4) storing Claude responses containing PHI indefinitely. Always require human validation before using Claude outputs in clinical or billing workflows.
How do we train healthcare staff to use Claude within HIPAA boundaries? +
Start with education on what constitutes PHI (names, MRNs, dates linked to health information, etc.) and create approved use cases for your organization. Provide a simple guide: "5 Things You Should Never Send to Claude"—patient names, complete medical records, financial/billing data, genetic information, and mental health records. Conduct initial training for all authorized users and update training annually or when Claude use cases change. Create a low-friction way for staff to ask questions or report potential PHI submissions. Monitor usage logs and use incidents as teaching moments.

Related Articles

Governance

Claude Governance Framework Guide

Establish governance policies and controls for Claude use across your organization.

 Governance

Claude SOC2 Compliance Guide

Achieve SOC2 compliance with Claude. Understanding audit controls and evidence requirements.

 Governance

Claude Data Handling Policies

Establish clear policies for data classification, retention, and security with Claude.