Is Microsoft Copilot HIPAA Compliant? BAA Coverage, Supported Versions, and Safeguards Explained

Short answer: Microsoft Copilot can be used in a HIPAA-aligned manner when it runs within HIPAA-eligible cloud services covered by your executed Business Associate Agreement (BAA) and you implement required safeguards. This guide explains BAA scope, supported versions, and the administrative, technical, and physical controls you should put in place to protect Protected Health Information (PHI).

Business Associate Agreement Coverage

What a BAA must cover

A BAA is mandatory whenever a service provider can create, receive, maintain, or transmit PHI on your behalf. For Copilot, coverage hinges on whether the underlying Microsoft cloud services it uses in your tenant are designated as HIPAA-eligible and tied to your executed BAA. Without that, you should not allow PHI in prompts, context, or outputs.

In-scope vs. out-of-scope experiences

• In scope: Enterprise/commercial Copilot experiences that operate inside your organization’s Microsoft 365 boundary and use your tenant identity, permissions, and data governance controls.
• Out of scope: Consumer-facing or personal-use Copilot experiences (for example, those accessed with personal accounts) that are not attached to your tenant and are not covered by your BAA. Treat these as not approved for PHI.

Key takeaways for BAAs

• Execute the BAA and confirm which services are explicitly included before enabling PHI scenarios.
• Limit Copilot’s data sources to covered repositories; disable or block connections to non-covered systems and third-party plugins that lack their own BAAs.
• Remember: A BAA enables compliant use—it does not by itself make your deployment compliant. Your configuration and safeguards complete the picture.

Supported Microsoft Copilot Versions

Copilot for Microsoft 365 (enterprise/commercial)

When licensed and used in your tenant with organization accounts, Copilot for Microsoft 365 can be included under your BAA if the underlying services (Exchange, SharePoint, OneDrive, Teams, and related compliance features) are HIPAA-eligible. For advanced controls, Microsoft 365 E5 (or equivalent security/compliance capabilities) is recommended.

Copilot for Dynamics 365 (e.g., Sales, Customer Service)

These experiences inherit coverage from the Dynamics 365 and Microsoft 365 services they use. Treat them as in scope only when deployed in your tenant, mapped to HIPAA-eligible data stores, and governed by your BAA and data protection policies.

Copilot Studio

Copilot Studio can be used to build copilots that handle PHI when you restrict them to HIPAA-eligible components, store PHI only in covered platforms (such as approved enterprise data stores), and enforce strict Data Loss Prevention (DLP) and connector governance. Disable consumer or non-covered connectors for PHI workflows.

GitHub Copilot

GitHub Copilot is a developer productivity tool and is generally not intended to process PHI or operate under a HIPAA BAA. Do not enter PHI into prompts or training examples.

Copilot in Windows, Edge, and other consumer experiences

Consumer or personal-account Copilot features are typically outside your enterprise compliance boundary and should not be used with PHI. Where necessary, block or restrict these on clinical and back-office devices.

Extensions and Azure-based integrations

Custom Copilot extensions or Azure-based AI services can be part of a HIPAA-aligned design only when the Azure subscriptions and services involved are covered by your BAA and configured for PHI (including data residency, logging, and network isolation). Ensure end-to-end data paths remain in covered services.

Compliance Configuration Requirements

Identity, licensing, and scope

• Use only organization accounts; block personal sign-ins for work devices that handle PHI.
• Assign the correct Copilot licenses and ensure required security/compliance capabilities (Microsoft 365 E5 or equivalent) are enabled.
• Document PHI data flows so prompts, context, and outputs remain within covered systems.

Data protection and governance

• Implement sensitivity labels and automatic labeling to mark PHI and apply encryption and access restrictions to Copilot inputs and outputs.
• Create DLP policies that cover Copilot prompts, retrieved context, and generated content across Exchange, SharePoint, OneDrive, and Teams.
• Define retention and records rules so generated content is preserved or disposed of appropriately.

Access enforcement

• Enable strong MFA and Conditional Access; restrict access by role, device compliance, network, and risk.
• Use least-privilege permissions for Copilot-relevant roles and enable just-in-time elevation for administrators.
• Segment teams and departments with information barriers if needed to prevent improper PHI disclosure.

Monitoring and response

• Turn on unified auditing and alerting for Copilot usage, data access, labeling, and DLP events.
• Establish incident response runbooks for PHI exposure, including prompt/content review and rapid containment steps.
• Periodically test controls and maintain evidence for a HIPAA Compliance Audit.

Administrative Safeguards for PHI

Risk management and policies

• Perform a documented risk analysis focused on Copilot prompts, retrieval sources, connectors, and outputs.
• Publish acceptable-use and prompting guidelines; prohibit entry of PHI into any out-of-scope Copilot experiences.
• Formalize change control for Copilot features, connectors, and data sources that could affect PHI.

Workforce management

• Train users on PHI handling, data labeling, and recognizing unsafe prompts or outputs.
• Limit Copilot access to workforce members with a treatment, payment, or operations need-to-know.
• Require acknowledgment of policies for developers building Copilot extensions or Copilot Studio solutions.

Third-party and plugin governance

• Approve only extensions and connectors that are covered by your BAA or have their own BAAs.
• Enforce allowlists and blocklists; review data flow diagrams before enabling new integrations.
• Capture vendor due diligence evidence for audit readiness.

Technical Safeguards and Access Controls

Authentication and authorization

• Enforce MFA, device compliance checks, and Conditional Access risk policies.
• Apply role-based access control and just-in-time privilege elevation for admins.
• Use session controls to prevent downloads or copying of PHI to unmanaged locations.

Data security and exfiltration prevention

• Ensure encryption in transit and at rest for all covered repositories used by Copilot.
• Apply DLP and egress controls to block PHI sharing to external tenants, personal accounts, or non-covered apps.
• Use information barriers and restricted access to prevent cross-segment PHI exposure.

Model and prompt safety considerations

• Constrain Copilot’s data grounding to covered sources; disable or scrutinize any external connectors.
• Mitigate prompt injection and data exfiltration by scanning prompts/outputs and limiting tool permissions.
• Log prompts and responses where appropriate to support investigations and quality review.

Physical Security Measures

Data center and device protections

• Rely on data center controls such as access monitoring, environmental protections, and secure media handling provided by covered cloud services.
• Harden endpoints that access PHI with disk encryption, screen-lock policies, and secure boot; restrict physical access to clinical and back-office areas.
• Manage device lifecycle and secure disposal to prevent PHI recovery from decommissioned hardware.

Compliance Certifications and Standards

Many enterprise Microsoft cloud services maintain independent attestations (for example, SOC 2 Type II) and certifications (such as ISO/IEC 27001 and ISO/IEC 27018). Some services may also align to frameworks like HITRUST CSF. These attestations support due diligence but do not, by themselves, make your Copilot deployment HIPAA compliant. You remain responsible for implementing appropriate Administrative Safeguards, Technical Safeguards, and Physical Safeguards and for maintaining evidence for a HIPAA Compliance Audit.

Bottom line: Treat Copilot as part of your regulated information system. Confirm BAA coverage for the specific services you enable, keep PHI within covered data paths, use robust Microsoft 365 E5 (or equivalent) controls, and continuously monitor and improve your safeguards.

FAQs

Which Microsoft Copilot services are covered under a HIPAA BAA?

Only Copilot services that operate within your enterprise tenant and are explicitly designated as HIPAA-eligible under your executed BAA should handle PHI. Commonly, this includes Copilot for Microsoft 365 when used with covered workloads and organization accounts. Consumer Copilot experiences and GitHub Copilot are generally out of scope, while Copilot Studio or Azure-based extensions can be in scope only when all underlying components and data paths are covered and configured appropriately.

How can organizations configure Copilot for HIPAA compliance?

Start by executing the BAA and confirming service eligibility. Use enterprise accounts, assign the right licenses (ideally Microsoft 365 E5 or equivalent), and implement labeling, DLP, retention, and access controls. Restrict connectors to covered systems, block consumer features on PHI-handling devices, enable auditing and alerting, train your workforce on safe prompting, and keep evidence for a HIPAA Compliance Audit.

What safeguards does Microsoft implement for PHI protection?

Within covered services, Microsoft provides enterprise-grade physical security, encryption in transit and at rest, tenant isolation, robust identity and access controls, and extensive logging. Your configuration determines how these capabilities apply to Copilot prompts, grounding data, and outputs—so enforce least privilege, DLP, and monitoring to prevent unauthorized PHI access or exfiltration.

Is Copilot Studio certified to meet HIPAA standards?

There is no single “HIPAA certification.” Copilot Studio solutions can support HIPAA-aligned use when they rely solely on HIPAA-eligible platform components covered by your BAA, store PHI only in approved data stores, and enforce strict connector governance and DLP. Always validate the specific services and regions you use and maintain documentation for auditors.