Based on our research, Perplexity AI is HIPAA compliant, only for Enterprise customers who execute a Business Associate Agreement (BAA). Its free, consumer, Pro, and API offerings are not appropriate for PHI without a signed BAA.
Perplexity AI is an AI-powered research and answer engine that delivers real-time, cited insights for individuals and enterprises. With Perplexity Enterprise, organizations get SOC 2 Type II–audited security and stated GDPR and HIPAA compliance.
Perplexity can be HIPAA compliant, but only when used under an Enterprise plan with an executed Business Associate Agreement.
Yes, Perplexity will sign a business associate agreement for Enterprise accounts. The Enterprise Terms state: “Customer may not use the Services to…process any information that includes or constitutes ‘Protected Health Information’…unless Customer and Perplexity have executed a Business Associate Agreement.”
Perplexity does not publish a standalone BAA template publicly, but its Enterprise Terms and Data Processing Addendum (DPA) outline the controls that apply when PHI is processed under a signed BAA.
Based on those terms, the BAA framework covers:
Perplexity AI may be HIPAA compliant, but only for Enterprise customers who sign a BAA. Its consumer site, API, Pro versions, and other products are not covered for PHI unless governed by separate enterprise agreements.
Paubox has developed a HIPAA compliant email and texting solution that makes it easier for providers to connect with their patients. It eliminates the need for third-party apps or logins, allowing patients to receive secure, encrypted texts and emails directly on their phones.
Learn more: HIPAA Compliant Email: The Definitive Guide
HIPAA sets national standards for protecting the privacy and security of certain health information. HIPAA ensures that healthcare providers and insurers can securely exchange electronic health information. Violations can result in significant penalties.
HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates, third parties that perform functions or services involving PHI on behalf of a covered entity.
A BAA is a legally binding contract between a HIPAA covered entity and its business associate. The agreement ensures PHI is appropriately protected when handled by the business associate.