The Orchestration Vendor BAA Gap: What Most Healthcare Procurement Teams Miss in 2026

We have audited a recurring pattern in Q1 2026 healthcare AI deployments: the model vendor BAA is clean and the orchestration vendor BAA does not exist. The procurement-screen update that catches this before contract signing.

The procurement screen most teams use catches half the chain Most healthcare procurement teams we have worked with this year run the same screen on AI vendors: confirm the model vendor offers a BAA, confirm the BAA covers the inference endpoint and zero data retention is in place, file the executed agreement, move the deal forward. The screen is correct as far as it goes. It catches the headline vendor, Anthropic, OpenAI under the enterprise tier, Bedrock, Foundry. The BAA chain link to the model is solid. The problem is that the model is no longer the only vendor on the request path. Somewhere between the application and the model, an orchestration layer has appeared. In a typical 2026 deployment it is one of: a managed orchestration platform (LangChain Cloud, Vellum, LangSmith, Humanloop), a RAG-as-a-service product (Pinecone, Weaviate Cloud, a vector-DB-plus-retrieval offering), an agent platform that brokers tool calls, an observability vendor that ingests prompt-and-completion content for debugging, or a custom service the engineering team stood up on Vercel, Render, Fly, or a non-Shield Heroku tier. PHI flows through that layer. It is a business associate by function. Most procurement screens never ask whether it offers a BAA, and a meaningful number of these vendors will not sign one even if asked. The audit finding writes itself. The model BAA is clean. The orchestration vendor sat on the request path for nine months with PHI passing through, no BAA in place. The procurement screen has to test the full path, not the headline vendor. The five orchestration vendor categories The orchestration layer is not one product. It is five overlapping categories, each with a different BAA posture and a different common procurement mistake. Managed orchestration platforms. LangChain Cloud, Vellum, LangSmith, Humanloop, and the broader prompt-management category. These vendors host prompt templates, route requests to model APIs, and frequently log prompt-and-completion content. BAA availability is uneven; some offer enterprise tiers with HIPAA addenda, most default tiers do not. Common mistake: assuming the model BAA covers the orchestration layer because "it just calls the API." Ask: does this vendor offer a HIPAA BAA, on which tier, and does the scope include logged content? RAG-as-a-service. Pinecone, Weaviate Cloud, managed Chroma, and the embedding pipelines that feed them. PHI lives in the index. BAA availability has improved through 2025 but is still tier-gated. Common mistake: treating the vector DB as "just storage" and skipping the BAA conversation. Ask: which tier carries the BAA, and does it cover the embeddings pipeline, the index, and any logging? Agent platforms and tool brokers. Platforms that orchestrate multi-step agents, broker tool calls, and increasingly host MCP servers. BAA availability is the weakest of the five categories, most agent platforms are early-stage and do not yet have a HIPAA-grade tier. Common mistake: piloting on the standard tier and assuming an upgrade path exists. Ask: is there a current HIPAA tier, what is the SLA on signing a BAA, and what is the architecture if the answer is no? Observability and tracing vendors. Datadog LLM Observability, Honeycomb, Arize, LangSmith in its tracing capacity, and any tool that ingests prompt-and-completion content for monitoring. This is the category teams most often miss. Common mistake: treating observability as infrastructure rather than as a data processor. Ask: does the tracing vendor ingest prompt content, can content be redacted before ingestion, and is there a BAA on the tier in use? Custom services on third-party hosting. The orchestration service the engineering team built and deployed to Vercel, Render, Fly, or a non-Shield Heroku tier. The hosting provider is the BAA chain link. Common mistake: assuming the cloud provider BAA further down the stack covers the PaaS layer. It does not. Ask: which tier is in use, does it offer a BAA, and is there an executed agreement on file? The five-question procurement screen The screen below is the one we use on Adopt-AI-Safely engagements through Q1 2026. Every answer passes or the deal does not move. 1. What components sit on the AI request path between the application and the model? Pass: a written list naming every managed and custom service with hosting provider. Fail: "we just call the OpenAI API." 2. For each component, is there a HIPAA BAA on the tier in use? Pass: an executed BAA on file. Fail: "we are on the standard tier and the enterprise tier has the BAA." 3. What prompt-and-completion content is logged, retained, or transmitted at each component? Pass: a content map with retention windows and downstream destinations. Fail: "we do not log prompts" without an artifact confirming it. 4. Where is the audit-log surface that captures the full request path? Pass: a single queryable surface joining request ID across application, orchestration, and model layers. Fail: three dashboards with no join key. 5. What is the remediation path if any orchestration vendor declines to sign a BAA? Pass: a documented architectural fallback. Fail: "we will figure it out." Three or more failed answers is a deal-blocker until remediation. Two is a conditional pass with a written remediation plan and a date. What we keep finding in audits The pattern below is sanitized across multiple Q1 2026 engagements and reflects what we see, not any single client. A mid-market healthcare buyer signs an enterprise BAA with the model vendor and ships a patient-intake summarization workflow. Months later, an internal audit asks for the BAA chain. The model BAA is clean. Procurement also finds a managed prompt-orchestration vendor on the path, signed up by an engineer on a self-serve credit-card plan with no BAA. A tracing vendor added during debugging is still ingesting prompt content; that vendor offers a BAA on a higher tier the team did not select. The custom service runs on a PaaS tier without a BAA. PHI has flowed through several BAA-less vendors for the duration of the deployment. The remediation is not fast. Each vendor relationship has to be renegotiated, downgraded, or replaced. Logged content has to be assessed and, where the BAA scope cannot be retroactively cured, deleted with documentation. The board memo has to explain why the procurement screen did not catch it. In the engagements we have walked through this year, the screen above would have caught the gap at contract signing if it had asked questions two and three. Where the Diagnostic Fits, and three actions this week The Adopt-AI-Safely Diagnostic walks the full request path against the seven HIPAA controls AI tools must satisfy and produces a sequenced fix plan with cost ranges. Two to three weeks, fixed-scope, fixed-price written report. The report stands on its own, you keep it whether or not you engage us further. The orchestration-vendor shape of that work: we inventory every component on the path, score each BAA chain link, surface the gaps, and recommend remediation in priority order. Most engagements surface at least one orchestration-vendor gap the internal team had not flagged. Two actions any CIO, CTO, or compliance lead can take inside the next five business days, regardless of whether they engage us: 1. Pull the orchestration-vendor inventory. Ask engineering for a written list of every managed and custom service on the AI request path, with hosting provider for each. The list almost always surprises somebody. 2. Run the five-question screen against the inventory. Score each component. Anything missing a BAA on the tier in use is a procurement conversation this quarter, not next. The Vendor BAA Chain Procurement Field Guide grounds the broader framework at . Healthcare guidance lives at , regulated-SaaS at , counsel at . The Diagnostic is at and .