This article is about our commercial products such as Claude for Work and the Anthropic API. For our consumer products such as Claude Free, Pro, Max and when accounts from those plans use Claude Code, see here.
After review of HIPAA-related compliance items and your specific use case, Anthropic may provide a Business Associate Agreement (BAA) covering our HIPAA-ready services, such as use of our first-party API or Enterprise plans.
For our first-party API, our BAA is only available for customers who qualify for certain HIPAA-ready services such as those subject to zero data retention agreements.
For clarity, the BAA does not cover Workbench and Console, Claude Free, Pro, Max, or Team plans, and other beta or chat products, features, or integrations. As part of the BAA, customers of Anthropic’s HIPAA-ready services are subject to certain configuration requirements and limitations on what features/integrations are available.
Below is a breakdown of what’s covered under the BAA, by feature and product surface.
What’s covered under Anthropic’s BAA
ELIGIBLE SERVICES - Covered under Anthropic’s BAA for use with PHI |
✅ Claude Enterprise: Includes projects, artifacts, voice, web search, Research, Skills ✅ Code execution and file creation: Covered under BAA (excluding network egress to external websites; admins can configure network access in settings) ✅ Native (1p) API with Zero Data Retention: Subject to limited exceptions, Anthropic does not store inputs or outputs ✅ Claude Code with Zero Data Retention: Covered under BAA; ZDR enabled automatically when purchasing the Claude Code with ZDR SKU |
NOT COVERED - Available to use, but admins are responsible for ensuring compliant usage |
❌ MCPs/Connectors: 3rd-party data flows not covered; admin-controlled; off by default ❌ Enterprise search ("Ask Your Org"): 3rd-party data flows not covered; admin-controlled; off by default ❌ Claude in Chrome: 3rd-party data flows not covered; admin configures site access ❌ Claude Code (without ZDR): Not covered; contact your account team if you would like to use Claude Code as an eligible service under the BAA ❌ Claude Code in Web/Desktop [Beta]: Not covered under BAA ❌ Claude Code Review [Beta]: Not covered under BAA ❌ Claude Cowork [Beta]: Not covered under BAA ❌ Claude for Office (Excel, PowerPoint) [Beta]: Not covered under BAA |
Product BAA coverage by surface
CLAUDE ENTERPRISE |
|
Core chat features | BAA coverage status |
Chat | ✅ Eligible under BAA |
Projects | ✅ Eligible under BAA |
Artifacts | ✅ Eligible under BAA |
Code execution and file creation | ✅ Eligible (excl. network / ext. sites) |
Voice | ✅ Eligible under BAA |
Web search | ✅ Eligible under BAA |
Research | ✅ Eligible under BAA |
Skills | ✅ Eligible under BAA |
Integrations (3rd-party data flows) | BAA coverage status |
MCPs / Connectors | ⚠️ 3P data flows not covered by Anthropic BAA |
Enterprise Search ("Ask Your Org") | ⚠️ 3P data flows not covered by Anthropic BAA |
Claude in Chrome | ⚠️ 3P data flows not covered by Anthropic BAA |
Claude Code | BAA coverage status |
Claude Code (CLI) | ✅ Eligible only with ZDR enabled |
Claude Code in Web (beta) | ❌ Not covered under BAA |
Claude Code in Desktop (beta) | ❌ Not covered under BAA |
Claude Code Review (beta) | ❌ Not covered under BAA |
Beta | BAA coverage status |
Cowork | ❌ Not covered under BAA |
Claude for Office (Excel, PowerPoint) | ❌ Not covered under BAA |
CLAUDE PLATFORM (API) |
|
ZDR-Eligible (covered under BAA with ZDR) | BAA coverage status |
Native (1p) API | ✅ Eligible only with ZDR + commercial org key |
Claude Code via API (CLI) | ✅ Eligible only with ZDR enabled |
Not ZDR-Eligible (may retain data) |
|
Batch API | ❌ Not ZDR-eligible |
Files API | ❌ Not ZDR-eligible |
Code Execution (API-side) | ❌ Not ZDR-eligible |
Claude Code metrics logging | ❌ Not ZDR-eligible |
To learn more about Anthropic’s HIPAA-ready services or begin the BAA process, please submit an inquiry with the details of your deployment to our Sales team via this form.
Please see our Trust Portal for more information about our compliance commitments.