Is Claude Fable HIPAA compliant?

Claude Fable is an AI model developed by Anthropic, designed for general-purpose reasoning, analysis, writing, and conversation. Built on Anthropic's Constitutional AI research, Fable is positioned as a capable, mid-tier model within the Claude 4 family.

With Claude Fable, organizations can build AI-powered workflows and chat experiences through Anthropic's API or deploy it directly via Claude Enterprise. Its applicability has made it an option for healthcare organizations looking to streamline clinical documentation, patient communication, and administrative tasks.

Is Claude Fable HIPAA compliant? Yes, Claude Fable can be HIPAA compliant, but there are limitations.

Will Claude Fable sign a business associate agreement (BAA)?

Yes, Anthropic will sign a business associate agreement for Claude Fable, which can be reviewed here.

In June 2026, Anthropic announced Claude Fable 5 and designated it as a "Covered Model,” a classification that carries specific data retention requirements. Covered Models like Claude Fable 5 require 30-day data retention on every platform where they're offered, as part of Anthropic's safety work, and cannot be accessed from organizations or workspaces with zero data retention (ZDR) enabled.

What does the Claude Fable BAA cover?

The Claude Fable BAA covers the use and disclosure of protected health information (PHI), stating, "Anthropic provides a Business Associate Agreement (BAA) covering our HIPAA-ready services, such as use of our first-party API or Enterprise plans. Claude Enterprise administrators can sign the BAA directly when activating HIPAA compliance in the admin settings under “Data & Privacy.” If you are a self-managed account and do not see the admin setting, please contact sales."

The BAA covers the following Claude Enterprise features:

• Chat
• Projects
• Artifacts
• File creation & code execution (excluding network access and external websites)
• Voice
• Web Search
• Research
• Skills

What does the Claude Fable BAA exclude?

Their terms say, "For clarity, the BAA does not cover Workbench and Console, Claude Free, Pro, Max, or Team plans, Cowork, or features currently in beta such as Claude in Office and Claude Design. As part of the BAA, customers of Anthropic’s HIPAA-ready services are subject to certain configuration requirements and limitations on what features/integrations are available."

Conclusion

Claude Fable may be HIPAA compliant, but only under specific configurations such as a signed BAA, a HIPAA-ready Enterprise or API plan, and avoidance of excluded features such as Claude Code

Learn more: HIPAA Compliant Email: The Definitive Guide

FAQS

What is a business associate agreement?

A business associate agreement (BAA) is a legally binding contract establishing a relationship between a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and its business associates. The purpose of this agreement is to ensure the proper protection of personal health information (PHI) as required by HIPAA regulations.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for protecting the privacy and security of certain health information, known as protected health information (PHI).

HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.

Who does HIPAA apply to?

HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.