HIPAA BAA for OpenMetal Large v5 TDX Workloads

Posted on May 15, 2026 by Sash Ghosh

Q: Does OpenMetal sign a HIPAA BAA for TDX-protected workloads on the Large v5?

Yes — OpenMetal is HIPAA compliant at the organizational level and signs Business Associate Agreements for customer workloads deployed on dedicated hardware, including TDX-protected Large v5 servers in HIPAA-compliant facilities.

Healthcare on OpenMetal

OpenMetal’s HIPAA posture is org-level, not service-level. A single BAA covers the customer’s dedicated hardware footprint regardless of how it’s used — non-confidential VMs, TDX-protected guests, Hosted Private Cloud clusters, or storage servers. This differs from public cloud HIPAA, where eligibility is per-service and the BAA scope must be configured against an approved subset of services with specific architectural patterns. On OpenMetal, the BAA scope is the hardware; what runs on it is the customer’s design choice.

Security diagram showing three concentric compliance layers: facility certifications outer ring, OpenMetal organizational HIPAA BAA middle ring, and Intel TDX hardware trust boundary inner ring around the workload.

For Large v5 TDX deployments, the BAA covers OpenMetal’s obligations on the underlying infrastructure — physical security, facility access controls, hardware-level isolation, and operational handling of the dedicated server. The Intel TDX trust boundary itself is enforced in silicon, which means the customer also gains a cryptographic separation between the workload’s in-memory state and OpenMetal’s operational layer. From a HIPAA architecture perspective, this combines administrative safeguards (the BAA) with technical safeguards (TDX hardware isolation) on a single platform.

Facility-level certifications are held by the facility operator, not OpenMetal, and vary by location: Ashburn (SOC1/2 Type II, ISO 27001, PCI DSS, NIST 800-53 HIGH, HIPAA at the facility level), Los Angeles (SOC1/2, ISO 27001, PCI-DSS, HIPAA at the facility level), Amsterdam (SOC Type 1/2, PCI-DSS, ISO 27001, ISO 50001, ISO 22301), and Singapore (BCA Green Mark Platinum, with additional certifications pending). Large v5 TDX servers deployed in Ashburn or Los Angeles inherit the facility’s HIPAA-compliant operating environment on top of OpenMetal’s organizational BAA.

Some Recommended Configurations from our Catalog

Baremetal – Medium v5

CPU: 2x Intel Xeon 6505P
RAM: 256 GB DDR5-6400
Storage: 6.4 TB NVMe SSD
Bandwidth: 6 Gbps
Monthly Price: Contact for pricing

View Pricing

Baremetal – Large v4

CPU: 2x Intel Xeon Gold 6526Y
RAM: 512 GB DDR5
Storage: 12.8 TB NVMe SSD
Bandwidth: 4 Gbps
Monthly Price: Contact for pricing

View Pricing

Interested in OpenMetal Products?

Contact Us

We’re available to answer questions and provide information.

Reach Out

Schedule a Consultation

Get a deeper assessment and discuss your unique requirements.

Schedule Consultation

Try It Out

Take a peek under the hood of our cloud platform or launch a trial.

Trial Options