Short version, since you're probably on lunch break: the ChatGPT, Claude, and Gemini products most therapists use are not HIPAA-compliant. The enterprise and API tiers usually can be, but the details matter — and the details are where most of us get tripped up.
I'm a licensed private-practice mental health counselor in Washington State. I'm also the engineer who built Wren Clinical. This post is what I wish someone had handed me the first time I wondered whether I could paste a session note into ChatGPT to clean it up.
Let's get into it.
What HIPAA actually requires
For any tool that touches Protected Health Information (PHI) — which includes anything identifying a client, their presenting problem, their treatment, or their session content — you need three things in place:
- A Business Associate Agreement (BAA) with the vendor. This is a specific contract HIPAA requires; a "privacy policy" is not a BAA.
- Subprocessor obligations in the BAA. The vendor should be contractually required to flow down HIPAA protections to any third party that touches your data — and ideally publish a subprocessors list so you can confirm it.
- Adequate technical safeguards on their end. Encryption in transit and at rest, access controls, audit logging, and a data retention policy you can actually verify — all the vendor's responsibility, not yours.
The Security Rule is satisfiable by most serious cloud vendors. The BAA is where the consumer AI apps fall down.
ChatGPT / OpenAI
Consumer ChatGPT (free, Plus, Pro) — no BAA. The terms of service explicitly disclaim HIPAA. Pasting a session note in is a HIPAA disclosure, full stop.
ChatGPT Team — no BAA. Despite the "business" branding, the Team tier does not include a BAA. This surprises a lot of therapists.
ChatGPT Enterprise — BAA available. OpenAI will execute BAAs with Enterprise customers. Enterprise is sold via their sales team and typically priced at $60+/user/month with a substantial seat minimum (historically 150, currently negotiable). For a solo or small-group practitioner, the economics never work out.
OpenAI API with Zero Data Retention — BAA available. If you're a developer or building on the API, OpenAI will execute a BAA and enable zero-retention on your account after a short application process. This is the most accessible path for smaller organizations, but it requires you (or a vendor) to build on top of the API — you can't use the chat.openai.com interface under a BAA.
Claude / Anthropic
Consumer Claude (Claude.ai free and Pro) — no BAA. Same story as ChatGPT consumer.
Claude for Work (Team / Enterprise) — BAA available on Enterprise. Anthropic offers BAAs with Enterprise customers. Like OpenAI, this is a sales-led tier aimed at larger organizations.
Anthropic API — BAA available. Anthropic executes BAAs with API customers who request one. This is how most HIPAA-compliant Claude deployments work.
Via AWS Bedrock — BAA covered by AWS. This is worth its own paragraph. Claude models are available on Amazon Bedrock, and AWS's BAA — which most healthcare organizations already have in place — covers Bedrock usage. This is the path Wren uses. You get Claude's quality without a separate Anthropic contract. Google Cloud's Vertex AI offers Claude under Google's BAA as well.
Gemini / Google
This is the one most people get wrong, myself included until I dug into it.
Consumer Gemini (gemini.google.com, the Gemini mobile app, Gemini in Chrome) — no BAA. Not HIPAA-compliant. This is the version most therapists encounter first, and it's out.
Google Workspace with a signed BAA — partial coverage. Google has been expanding Gemini features inside Workspace apps (Gmail, Docs, Meet, etc.), and Google now includes Gemini-for-Workspace features under the Workspace BAA when properly configured. That means if you have a signed Google Workspace BAA and you're using Gemini through a Workspace interface and your admin has enabled the relevant features under BAA coverage, PHI is in scope. The caveats are real — not every Gemini feature is covered, configuration matters, and your IT setup has to be right. Most solo therapists do not have a Workspace BAA configured this way.
Google Cloud Vertex AI — BAA available. For developers building on the API, Vertex AI is fully HIPAA-compliant under Google's BAA. Gemini models are accessible there. Similar to OpenAI's API path: compliant, but you need to be building on top of it.
"I already pasted a note into one of these"
If that's you, take a breath.
Pasting PHI into a non-BAA-covered AI is an impermissible disclosure under §164.502(a). It is not automatically a reportable breach — the reporting thresholds turn on whether the information was secured, how much was disclosed, and a risk assessment per §164.402. In most cases, a single paste by a solo practitioner will be documentable as a low-probability compromise with appropriate remediation (delete the chat history, note the incident, review your practice, move to a compliant tool).
Call your liability insurer if you're unsure. Most have a hotline for exactly this. Document what happened and what you did about it.
The thing you should not do is keep using the tool the same way tomorrow.
What to look for in a HIPAA-compliant AI setup
Regardless of which tool you end up on, these are the five questions I ask any vendor:
- Do you sign a BAA with me, directly — not just with my employer? For solo and small-group practices, this is non-negotiable.
- Which subprocessors have access to my data, and do you have BAAs with each of them? Ask for the list. If they won't share it, that's your answer.
- Do you train models on my content? The correct answer is no, and that should be in the BAA — not just a blog post.
- What's your data retention default? For clinical content, shorter is better. Audio recordings should be deleted post-transcription.
- Do you maintain audit logs I can request in the event of an audit? If you ever get audited, you'll need them.
If a vendor can't answer any of these cleanly, keep looking.
What Wren does (since you're on our site)
Wren runs on Claude via AWS Bedrock under AWS's BAA. Our transcription subprocessor (AssemblyAI) has a BAA with Wren. Wren signs a BAA with every user during onboarding. We don't train any models on your content. Audio is deleted immediately after transcription. Session content never appears in our backend logs — but the actions we do log (authentications, admin operations, deletions, inference calls) are retained and available if you're ever audited. And you don't need to ask us for it — every Wren user can view and export their own audit log anytime, right from the app.
That's the whole answer. No SOC 2 badge, no HITRUST — just the BAA chain HIPAA actually requires, plus technical safeguards you can verify.
If you're working around the consumer-AI limitations by writing your own prompts, running things through OpenAI or Anthropic's APIs, or setting up a Workspace BAA — that's all legitimate, and some therapists run that stack well. If you'd rather hand that part to someone else, try Wren free for 14 days.
The free ChatGPT is for recipes and cover letters. Not session notes.
BAA availability, pricing, and tier structures are accurate as of the publication date and subject to change. Verify directly with each vendor before making compliance decisions.