BAA (Business Associate Agreement)
A BAA is the HIPAA-required contract between a covered entity (or another business associate) and a vendor that will create, receive, maintain, or transmit protected health information on the covered entity's behalf.
Any AI vendor processing PHI for a HIPAA-covered organization must execute a BAA. The agreement obligates the vendor to safeguard PHI per the HIPAA Security Rule and to notify the covered entity of any breach.
Not every AI provider will sign a BAA, and several explicitly decline to do so for consumer or low-tier offerings. The presence or absence of a BAA is the first question a healthcare buyer should ask.
Backplain offers a BAA at the Business tier and above, including on BYO cloud and sovereign deployments.
Prompt-time PII redaction is the removal or substitution of personally identifiable information from an AI prompt before it leaves the user's network, so the model and its provider never receive the original values.
An AI Firewall is a software layer that detects and redacts sensitive data — PII, PHI, trade secrets, or custom entity types — from a prompt before it leaves your network boundary and reaches any AI model.