Is Perplexity AI HIPAA compliant? (2026 update)

Perplexity AI is the company behind a broader set of products, including its consumer search platform, paid consumer plans such as Pro and Max, API services, and its business offerings, Perplexity Enterprise Pro and Perplexity Enterprise Max. For HIPAA purposes, that distinction matters. Perplexity’s current public Enterprise Terms apply only to Perplexity Enterprise Pro and Perplexity Enterprise Max, not to Perplexity’s general website, free consumer product, or Perplexity API.

Is Perplexity AI HIPAA compliant? Yes, Perplexity Enterprise Pro and Perplexity Enterprise Max are HIPAA compliant.

What changed this year?

As of March 2026, Perplexity’s public Enterprise Terms of Service, last updated February 6, 2026, expressly state that customers may not use Perplexity Enterprise Pro or Perplexity Enterprise Max to create, receive, maintain, transmit, or otherwise process PHI unless a business associate agreement is in place. Public Perplexity materials also continue to describe Enterprise as having enterprise-grade privacy and security controls, and Perplexity’s developer-facing privacy and security materials still reference a 2025 HIPAA Gap Assessment.

Will Perplexity AI sign a business associate agreement?

Perplexity’s Enterprise Terms say customers may not use the services for PHI unless Customer and Perplexity have executed a Business Associate Agreement. That is a strong sign that Perplexity can sign a BAA for at least some enterprise customers. However, we did not find a publicly posted standalone BAA on the legal hub or trust-center materials we reviewed, so the exact availability and scope appear to depend on enterprise contracting rather than a public self-serve BAA.

What does the Perplexity AI BAA cover?

Perplexity does not publicly post the BAA text in the materials we reviewed, so the exact coverage is not publicly verifiable. Publicly, Perplexity’s Enterprise Terms establish only the baseline rule: enterprise customers cannot process PHI in the services unless a BAA is in place, and the agreement also incorporates a Data Processing Addendum. Because the BAA itself is not public, we cannot responsibly list confirmed covered uses, breach terms, return or destruction terms, or individual-rights obligations from Perplexity’s contract.

What does the Perplexity AI BAA exclude?

Public materials show several limits. First, the Enterprise Terms apply only to Perplexity Enterprise Pro and Enterprise Max, not to Perplexity’s API, website, or ProShop. Second, Perplexity’s help center says Perplexity Health is a personal wellness product and says HIPAA does not apply to consumer health products like Perplexity Health. Third, Perplexity’s general consumer data policy says some free and non-enterprise user data may be used for AI training unless the user opts out, while Enterprise data is never used for AI training. Taken together, that means the safest HIPAA analysis is limited to contracted Enterprise deployments with a signed BAA, not Perplexity as a whole.

Conclusion

Perplexity Enterprise Pro and Perplexity Enterprise Max may support HIPAA-regulated use when a covered entity or business associate has a signed BAA with Perplexity. Perplexity’s consumer platform, consumer paid tiers, and other non-Enterprise offerings should not be treated as HIPAA compliant by default simply because Perplexity offers an Enterprise product line.

Learn more: HIPAA Compliant Email: The Definitive Guide

FAQs

What is a business associate agreement?

A BAA is a contract required when a covered entity shares PHI with a business associate. HHS explains that these contracts are meant to ensure the business associate appropriately safeguards PHI and to clarify the permitted uses and disclosures of that information.

What is HIPAA?

HIPAA is the federal law and regulatory framework that sets national standards for protecting protected health information. HHS explains that the Privacy Rule protects individually identifiable health information and that the Security Rule sets administrative, physical, and technical safeguards for electronic protected health information.

Who does HIPAA apply to?

HIPAA applies to covered entities such as health plans, healthcare clearinghouses, and certain healthcare providers that conduct covered electronic transactions, and it also applies to business associates that create, receive, maintain, or transmit PHI on behalf of those covered entities.