Is our Azure OpenAI Covered with a BAA? or can it be? how so?

Hello Chaim Klar,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I understand that you are asking if your Azure OpenAI Covered with a BAA? or can it be? and how so?

These are the steps you could follow to answer your questions in details:

1. Contract/BAA proof Your BAA for Azure OpenAI comes via Microsoft’s DPA, not a per‑service contract; download and file it with your EA/MCA/CSP. Docs: DPA (Microsoft BAA terms) here: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA; HIPAA offering/roles: https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-hipaa-us. Confirm with your account team that Azure OpenAI is consumed under that agreement.
2. Scope discipline (text only for PHI) Until Microsoft explicitly lists modality coverage, treat PHI as text‑only in Azure OpenAI; don’t send PHI via images or realtime audio. Image scope caution (community moderator) → https://learn.microsoft.com/en-us/answers/questions/2106637/azure-openai-hipaa-compliance-status. Realtime audio uncertainty (eligibility not confirmed) → https://learn.microsoft.com/en-us/answers/questions/5616040/clarification-request-hipaa-eligibility-of-azure-o.
3. Private network boundary Place Azure OpenAI behind a VNET + Private Endpoints (no public ingress), and front with your private API gateway if needed. Azure OpenAI FAQ confirms VNET/Private Endpoints support here: https://learn.microsoft.com/en-us/azure/ai-foundry/openai/faq?view=foundry-classic. Keep architecture diagrams and endpoint screenshots as audit evidence.
4. Identity, access, and encryption Enforce MFA/Conditional Access and least‑privilege RBAC via Microsoft Entra ID; require TLS 1.2+ and encrypt any stored data. This maps to HIPAA’s administrative/technical safeguards under shared responsibility: https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-hipaa-us. Document policies, control owners, and monitoring in your evidence pack.
5. Data‑handling posture (no model training on your data) Azure OpenAI (Azure Direct Models) does not train foundation models on your prompts/outputs without your instruction/permission. Microsoft’s data/privacy statement for Azure Direct Models: https://learn.microsoft.com/en-us/azure/ai-foundry/responsible-ai/openai/data-privacy?view=foundry-classic. Keep this page in your auditor binder and reference it in your DPIA/Risk Analysis.
6. Abuse‑monitoring retention decides and verify Decide whether to allow Microsoft’s abuse‑monitoring storage; if you require stricter control, verify it’s off and retain proof. How to verify storage for abuse monitoring is off: https://learn.microsoft.com/en-us/azure/ai-foundry/responsible-ai/openai/data-privacy?view=foundry-classic#how-can-a-customer-verify-if-data-storage-for-abuse-monitoring-is-off. Store screenshots/change tickets alongside your logging/redaction policy.
7. If using OpenAI (direct) instead of Azure For OpenAI API (non‑Azure), obtain a separate BAA from OpenAI; ChatGPT consumer tiers are not HIPAA‑eligible. OpenAI BAA request instructions: https://help.openai.com/en/articles/8660679-how-can-i-get-a-business-associate-agreement-baa-with-openai-for-the-api-services. Regardless of path, maintain an evidence bundle: signed master agreement, current DPA, configs (VNET/PE), and data‑handling records.

I hope this is helpful! Do not hesitate to let me know if you have any other questions or clarifications.

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.