HIPAA BAA chain for AI medical scribes 2026: the Whisper-to-Claude audit map
An AI medical scribe looks like one product but touches PHI through 2–3 vendors. Every link needs its own Business Associate Agreement (BAA). Skip one and you have a HIPAA gap — even if every individual vendor is "HIPAA-compliant" on their marketing page.
This is the practical map: what the chain looks like, which 2026 vendors will sign a BAA, where Whisper actually fits, and a 5-item audit checklist you can run on any scribe — yours or a vendor's.
What is the BAA chain (in two sentences)
HIPAA requires every party that handles PHI on a covered entity's behalf to sign a BAA. If your scribe sends audio to vendor A, A sends transcript to vendor B, and B sends notes to your EHR — you need BAAs with A, B, and the EHR, plus A and B need BAAs with their cloud providers. One missing link breaks the chain.
The four-stage chain in 2026
| Stage | What touches PHI | Typical vendor |
|---|---|---|
| 1. Capture | Microphone, mobile app, recording storage | Your phone OS, recording app, S3/GCS bucket |
| 2. ASR (speech-to-text) | Audio file, transcript | OpenAI Whisper API, Azure OpenAI, Deepgram, AssemblyAI, AWS Transcribe Medical |
| 3. LLM (note generation) | Transcript, structured note (SOAP, OASIS, H&P) | Anthropic Claude, OpenAI GPT, Azure OpenAI, Google Vertex |
| 4. Delivery | Final note, attachments | EHR (Epic, Athena, eCW), email, Slack, Teams |
Each row is a separate BAA. A consumer-grade scribe app that uses raw OpenAI ChatGPT (not Enterprise/BAA tier) breaks the chain at row 3 even if rows 1, 2, and 4 are clean.
2026 vendor BAA matrix — ASR (stage 2)
| Vendor | BAA available? | Notes |
|---|---|---|
| OpenAI Whisper API (api.openai.com) | Yes — via OpenAI Enterprise or paid API with BAA addendum (request through legal@openai.com) | Default consumer accounts have no BAA. You must sign one before sending PHI. |
| Azure OpenAI Whisper | Yes — covered by Microsoft's standard HIPAA BAA | Easiest enterprise path; usage is per-token in Azure subscription. |
| Deepgram | Yes — paid plans, BAA included for healthcare | Higher per-min cost than Whisper but lower latency. |
| AssemblyAI | Yes — Enterprise tier | Free tier and pay-as-you-go without enterprise contract are not BAA-covered. |
| AWS Transcribe Medical | Yes — covered by AWS HIPAA BAA | Specifically tuned for medical vocabulary; more expensive than Whisper. |
| Google Cloud Speech-to-Text | Yes — under Google Cloud HIPAA BAA | Medical Conversation model is separate; check coverage. |
| Self-hosted whisper.cpp / faster-whisper | N/A — runs on your own infrastructure, no third party touches PHI | Best HIPAA story; you become the responsible party. |
2026 vendor BAA matrix — LLM (stage 3)
| Vendor | BAA available? | Notes |
|---|---|---|
| Anthropic Claude API (direct) | Yes — Enterprise / Scale plan with BAA addendum | Default Free/Pro plans on claude.ai have no BAA. API with BAA addendum is the path. |
| OpenAI GPT API | Yes — Enterprise / API BAA | Same gotcha as Whisper API — default account is not covered. |
| Azure OpenAI | Yes — Microsoft HIPAA BAA | Easiest path; same Azure subscription covers Whisper + GPT models. |
| Google Vertex AI (Gemini, PaLM, Med-PaLM) | Yes — Google Cloud HIPAA BAA | Med-PaLM is medical-tuned; Gemini for general SOAP works. |
| AWS Bedrock (Claude, Titan, Llama) | Yes — AWS HIPAA BAA | Covers Claude through Bedrock without separate Anthropic agreement. |
| Local LLM (Llama 3, Mistral, Qwen) | N/A — on-prem | Performance gap vs Claude/GPT for clinical reasoning is closing but still real. |
The four common chains in 2026 — pick one
Chain A: All-Microsoft (easiest enterprise sale)
Recording app → Azure Blob Storage → Azure OpenAI Whisper → Azure OpenAI GPT-4 → EHR via API. One BAA covers stages 1–3. Only EHR BAA is separate. This is what hospital IT departments approve fastest.
Chain B: All-AWS (developer-friendly)
Recording app → S3 → AWS Transcribe Medical → AWS Bedrock (Claude or Llama) → EHR. One BAA covers everything except EHR. Lower per-token cost than Azure for high volume.
Chain C: Best-of-breed (Whisper + Claude direct)
Recording app → your-server-S3 (with AWS BAA) → OpenAI Whisper API (with OpenAI BAA) → Anthropic Claude API (with Anthropic BAA) → EHR. Three vendor BAAs plus EHR. More paperwork but you get cheapest Whisper and Claude's clinical reasoning. Most adopters underestimate the Anthropic BAA — it requires Enterprise contact, not self-serve.
Chain D: Fully self-hosted (smallest BAA surface)
Recording app → on-prem storage → whisper.cpp on local GPU → Llama 3 / Qwen / Med-PaLM-style local LLM → EHR via local export. Zero third-party BAAs needed for the AI stack. You own all the risk. Best for solo and small clinics that already have a NAS or workstation. Solo PA / DIY pipeline math here.
Where the chain commonly breaks (audit findings, real cases)
- Free ChatGPT used "just to clean up the transcript". No BAA on consumer ChatGPT. PHI is now in OpenAI's training-eligible logs.
- Recording stored on personal iCloud / Google Drive. Apple iCloud has no HIPAA BAA option. Google Drive on a personal account is not BAA-covered (Workspace Enterprise with BAA is). Move audio to a BAA-covered bucket within minutes of capture.
- Email delivery to physician. Standard Gmail/Outlook is not BAA-covered for end-to-end PHI email. Use HIPAA email services (Paubox, Hushmail) or deliver inside the EHR.
- "My vendor is HIPAA-compliant" without a signed BAA. Marketing claims aren't a BAA. Ask for the executed PDF.
- Sub-processor chain not disclosed. If your scribe vendor uses a sub-processor (e.g., they call Whisper API from their cloud), you need that documented in their BAA.
The 5-item BAA chain audit (run this on any scribe)
- List every vendor. Get a written stack diagram from the scribe vendor: capture → storage → ASR → LLM → delivery. If they can't produce it, that's your finding.
- Get one signed BAA per vendor. Executed PDF, not a "BAA available on request". Direct vendor or via a parent (Azure, AWS, GCP).
- Confirm tier matches the BAA. Many vendors have BAA only on Enterprise/Scale tiers. Verify the actual tier you use is covered, not the marketing tier.
- Check sub-processor disclosure. If vendor X calls Whisper or Claude on your behalf, that flow must be in vendor X's BAA, with sub-processor list.
- Audit the data path with logs. One real PHI sample, traced through every system; confirm encryption in transit + at rest at each hop. Most gaps show up here, not in the paper.
Cost comparison: which chain is cheapest at 100 visits/day
Assumptions: 15-min average visit recording, 2-min average note generation, 100 visits/day, 22 working days. Per-visit costs (May 2026 list pricing):
| Chain | ASR cost | LLM cost | Storage | BAA fees | Per-visit | Per-month |
|---|---|---|---|---|---|---|
| A: Azure end-to-end | $0.09 (Whisper) | $0.04 (GPT-4 mini) | $0.001 | $0 (in subscription) | ~$0.13 | ~$286 |
| B: AWS end-to-end | $0.23 (Transcribe Medical) | $0.05 (Bedrock Claude Haiku) | $0.001 | $0 | ~$0.28 | ~$616 |
| C: OpenAI Whisper + Anthropic Claude | $0.09 | $0.06 (Sonnet) | $0.002 (S3) | $0 (no surcharge once contracts signed) | ~$0.15 | ~$330 |
| D: Self-hosted (whisper.cpp + Llama 3 70B) | $0 (local) | $0 (local) | $0 (NAS) | $0 | ~$0 (excl. hardware/electricity) | $0 |
Self-hosted has a one-time hardware cost (~$2,500–$6,000 for a usable workstation in 2026) but pays back inside 12 months at >25 visits/day. For solo and small practice, that's the cheapest HIPAA-clean chain.
Where LessRec fits
LessRec is stage 2 only — Whisper-based transcription at $0.05/min. We sign a BAA for healthcare workloads (ask hello@lessrec.com). Your stage 3 (LLM note generation) is your choice; we don't lock you into one. For practices wanting an end-to-end OCR + transcription HIPAA pipeline, see nurse-ocr.
HIPAA-clean transcription for $0.05/min
BAA on request. No subscription floor. Try with 10 free minutes — no signup.
Transcribe a file →