BBAA Atlas

Is Databricks HIPAA compliant?

Cloud data platform · vendor site ↗

Signs a BAAPHI with conditionsSOC 2 Type II
Will Databricks sign a HIPAA BAA?
Yes — Databricks will sign a HIPAA Business Associate Agreement (BAA).
Databricks signs a BAA and supports HIPAA on AWS, Azure and GCP. An active BAA must be in place before any PHI is processed, and HIPAA workloads require enabling the compliance security profile; preview features are generally not supported for PHI.
PHI eligibility
PHI may be processed/stored once a BAA is executed and the compliance security profile is enabled; do not enter PHI into free-text fields such as workspace/cluster names or tags, and avoid unsupported preview features.
SOC 2
SOC 2 Type II
Trust center
databricks.com
Sub-processors
Notes
Databricks offers a combined SOC 2 Type II + HIPAA report on request from the account team.
Last verified 2026-05-31confidence: high· Vendor terms change — confirm directly with Databricks before storing PHI.

Get notified when this changes

We track Databricks's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.

One email per change. No newsletter, no selling your address.

How to request and sign a BAA with Databricks

Yes — Databricks will sign a HIPAA Business Associate Agreement (BAA).

Request routeSelf-serve — enable it in your account
  1. 1
    Confirm your account is covered
    Databricks signs a BAA and supports HIPAA on AWS, Azure and GCP. An active BAA must be in place before any PHI is processed, and HIPAA workloads require enabling the compliance security profile; preview features are generally not supported for PHI.
  2. 2
    Request the Business Associate Agreement
    Databricks lets you obtain the BAA without a sales call. Follow the path named in the plan requirement above — typically an in-product toggle or a billing / compliance settings page — then request and accept the agreement from your own account.
  3. 3
    Confirm what PHI is allowed before you store any
    PHI may be processed/stored once a BAA is executed and the compliance security profile is enabled; do not enter PHI into free-text fields such as workspace/cluster names or tags, and avoid unsupported preview features. Match your configuration to this scope before putting protected health information into Databricks.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Databricks before you rely on it. This is cited public information, not legal advice.

Frequently asked questions

Does Databricks sign a HIPAA Business Associate Agreement (BAA)?
Yes — Databricks will sign a HIPAA Business Associate Agreement (BAA). Databricks signs a BAA and supports HIPAA on AWS, Azure and GCP. An active BAA must be in place before any PHI is processed, and HIPAA workloads require enabling the compliance security profile; preview features are generally not supported for PHI.
Is Databricks HIPAA compliant?
Databricks can be used in a HIPAA-compliant way: it signs a Business Associate Agreement (BAA), which HIPAA requires before you process PHI with a vendor. PHI may be processed/stored once a BAA is executed and the compliance security profile is enabled; do not enter PHI into free-text fields such as workspace/cluster names or tags, and avoid unsupported preview features.
Can you store PHI (protected health information) in Databricks?
PHI may be processed/stored once a BAA is executed and the compliance security profile is enabled; do not enter PHI into free-text fields such as workspace/cluster names or tags, and avoid unsupported preview features.
Is Databricks SOC 2 certified?
Databricks reports a SOC 2 Type II attestation according to its public security documentation.
How do I request a HIPAA BAA from Databricks?
Databricks lets you obtain the BAA without a sales call. Follow the path named in the plan requirement above — typically an in-product toggle or a billing / compliance settings page — then request and accept the agreement from your own account. Confirm current terms directly with Databricks before storing PHI.
What plan do I need to sign a BAA with Databricks?
Databricks signs a BAA and supports HIPAA on AWS, Azure and GCP. An active BAA must be in place before any PHI is processed, and HIPAA workloads require enabling the compliance security profile; preview features are generally not supported for PHI.

Sources

HIPAA | Databricks on AWS
https://docs.databricks.com/aws/en/security/privacy/hipaa
Supports: BAA required/signed; compliance security profile; PHI restrictionsdated: undated
HIPAA Compliance at Databricks
https://www.databricks.com/trust/compliance/hipaa
Supports: HIPAA support across AWS/Azure/GCP; SOC 2 Type II + HIPAA reportdated: undated
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Databricks before processing protected health information.

Check another vendor

ConfluentSigns a BAAElastic CloudSigns a BAAFivetranBAA on select plansSnowflakeBAA on select plansActiveCampaignBAA on select plansAcuity SchedulingBAA on select plans

See all HIPAA compliant databases & data platforms
Browse all 105 vendors by category →