BAA Generator
HomeResourcesDoes Amplitude Sign a HIPAA BAA?
Vendor BAA Guide

Does Amplitude Sign a HIPAA Business Associate Agreement?

By BAA Generator Editorial  ·  Published Apr 20, 2026  ·  Last reviewed Apr 20, 2026  ·  5 min read

Key Takeaways

Direct answer: Yes — Amplitude signs a HIPAA BAA for Enterprise plan customers. Digital health and healthtech companies using Amplitude to analyze user behavior must be on the Enterprise plan and have an executed BAA before allowing any PHI to enter Amplitude's analytics pipeline.

Amplitude is a leading product analytics platform used by digital health apps, patient portals, and healthtech companies to understand how users engage with their products. When those products handle protected health information — such as symptom tracking features, medication management flows, or telehealth scheduling — compliance with HIPAA becomes essential for any analytics tool in the stack.

Amplitude Plan Coverage for HIPAA BAA

Plan Price BAA Available?
Starter (Free) Free No BAA
Plus $61/month No BAA
Growth Custom pricing BAA available on request
Enterprise Custom pricing Yes — BAA included

Only the Enterprise plan guarantees HIPAA BAA availability. If you are a healthtech startup on the Starter or Plus plan, you should not be sending any PHI to Amplitude without first upgrading and executing a BAA.

Why Product Analytics Can Involve PHI

Many engineering teams assume analytics events are inherently anonymous, but product analytics platforms can receive PHI in several ways:

Amplitude recommends stripping all PHI from events before they are sent. This is good practice regardless of whether you have a BAA — but if any PHI enters Amplitude's systems, a BAA is legally required.

How to Get a HIPAA BAA from Amplitude

Amplitude's BAA is available through their Enterprise plan. To obtain a BAA:

Amplitude's BAA is a standard addendum to the Enterprise service agreement. The BAA process is straightforward for Enterprise customers — the main requirement is being on the qualifying plan tier.

What Happens If You Use Amplitude Without a BAA?

If your health app or patient portal sends PHI to Amplitude without an executed BAA, you are in violation of HIPAA's Business Associate provisions. This can result in:

The violation begins the moment PHI enters Amplitude's systems without a BAA — not just if a breach occurs. Proactively auditing your analytics events for PHI is essential before going live with any health application.

For a broader look at which vendors provide HIPAA BAAs, see our vendor BAA lookup guide. If you are a healthtech startup evaluating your entire vendor stack, see our Mixpanel HIPAA BAA guide for a comparable analytics platform comparison.

Frequently Asked Questions

Does Amplitude sign a HIPAA BAA?

Yes — Amplitude signs a HIPAA Business Associate Agreement for Enterprise plan customers. The Growth plan may also offer a BAA on request. Free Starter and Plus plans do not qualify for HIPAA coverage.

Can Amplitude analytics contain PHI?

Yes — event properties, user properties, and URL tracking in Amplitude can capture PHI if not properly filtered. Amplitude recommends stripping all PHI before sending events. If any PHI reaches Amplitude's servers, a signed BAA is required.

Which Amplitude plan includes a BAA?

The Enterprise plan (custom pricing) guarantees HIPAA BAA availability. The Growth plan may offer a BAA on request. The Starter (free) and Plus ($61/month) plans do not include HIPAA BAA support.

How does Amplitude compare to Mixpanel for HIPAA?

Both Amplitude and Mixpanel offer HIPAA BAAs at their enterprise tiers. Both recommend stripping PHI from analytics events as a baseline practice. The decision between them for healthcare applications typically comes down to product features, existing integrations, and pricing — not HIPAA eligibility, as both can be made compliant at enterprise scale.

Need a BAA for your Amplitude integration?

Generate a HIPAA-compliant Business Associate Agreement in minutes — covers all vendor types, free to start.

Generate Your BAA Free →