GCP/AWS/Azure have HIPAA programs in places, and will, consequently, sign HIPAA BAAs to legally perform as Business Associates of covered entities, fully responsible for handling PHI in accord with HIPAA rules (for certain of their services.) OpenAI itself does not seem to offer this for either its UI or API offerings.
Microsoft, OTOH, does now offer a HIPAA BAA for its Azure OpenAI service, which includes ChatGPT (which means either they have a bespoke BAA with OpenAI that OpenAI doesn’t publicly offer, or they just are hosting their own ChatGPT instance, a privilege granted based on them being OpenAI’s main sponsor.)
Microsoft, OTOH, does now offer a HIPAA BAA for its Azure OpenAI service, which includes ChatGPT (which means either they have a bespoke BAA with OpenAI that OpenAI doesn’t publicly offer, or they just are hosting their own ChatGPT instance, a privilege granted based on them being OpenAI’s main sponsor.)