Trust and security
AI built inside Claude Enterprise, with a HIPAA BAA on file.
Before an agent touches your data, your quality and procurement teams will have questions. Here are the answers we give them, up front.
We build inside Claude Enterprise. Anthropic signs a Business Associate Agreement that covers Enterprise and API use, so protected health information can be in scope under HIPAA. That agreement does not reach the consumer Claude plans people open on their own laptops, which is the whole reason the tenancy we build in matters. We scope every deployment to the least data the work needs, and nothing extra rides along for convenience.
21 CFR Part 11
Part 11 is not a box a model checks. It comes from how the whole system is run. We put a named person accountable for what each agent produces, keep a record of what it did and when, and version those records so someone can walk them back a year later. Before we build anything for a regulated workflow, we run a Part 11 evaluation of that specific workflow and tell you plainly where it stands and what it would take to close any gap.
What stays yours
Your data stays in your tenant. We do not train on it. When the build is finished, the system and its records are yours, and we are still the team that keeps it running. If procurement needs this in writing, we will put it in writing.
Common questions
Does Anthropic sign a HIPAA BAA?
Yes, for Claude Enterprise and API use. We build inside that tenancy and scope the deployment to the minimum data the work requires.
What does the BAA not cover?
The consumer tiers, the Pro and Team plans people run on their own laptops. PHI should not pass through those, so we keep your work inside the Enterprise tenant.
Is our data used to train models?
No. Your data stays in your tenant and is not used to train any model.
Can AI meet 21 CFR Part 11?
Part 11 comes from how the system is governed. We put a named person accountable for each agent and keep a full audit trail, and we version the records so an auditor can retrace them. We evaluate the workflow against Part 11 before building it.
15 min. 5-day written diagnosis. No deck.