Is Copilot HIPAA Compliant? Complete Guide for 2026

In July 2025, Weill Cornell Medicine announced a significant change to their Microsoft 365 Copilot deployment. They were disabling web search functionality across the organization. The reason: web search queries aren't covered by Microsoft's Business Associate Agreement.

For a major academic medical center, this meant any Copilot query that might reference patient information could potentially trigger web search, sending protected health information through Bing's servers. The feature that makes Copilot more helpful also creates HIPAA exposure that the institution's compliance team couldn't accept.

Weill Cornell isn't alone in discovering this gap. Many healthcare organizations deployed Copilot assuming Microsoft's enterprise licensing and HIPAA certifications provided complete protection. They didn't realize that specific features within Copilot operate outside the BAA's coverage.

The short version: If you need to redact sensitive documents before they reach AI systems, PaperVeil handles that layer. The rest of this article explains where it fits in the broader governance architecture.

The Direct Answer: Is Copilot HIPAA Compliant?

It depends on which Copilot and how you configure it.

Microsoft 365 Copilot for Enterprise: Covered under Microsoft's Business Associate Agreement as of early 2024, with specific exclusions. Web search queries are NOT covered by the BAA and should not be used with protected health information.

Copilot in Dynamics 365: Can support HIPAA-compliant workflows for healthcare operations when Dynamics is configured within Microsoft's healthcare cloud.

Copilot Studio: Covered under Microsoft's HIPAA BAA. Organizations can build custom agents that handle protected health information when properly configured.

Consumer Copilot (Bing, free tier): Not HIPAA compliant. No Business Associate Agreement available. Should never be used with protected health information.

The nuance matters enormously. "We use Microsoft Copilot" tells you nothing about HIPAA compliance. The specific product, configuration, and features in use determine whether protected health information can safely flow through the system.

What HIPAA Actually Requires for AI Tools

HIPAA's requirements for covered entities and business associates create specific obligations when using AI tools like Copilot.

The Business Associate Agreement Requirement

When a covered entity shares protected health information with a third party for services, that third party must sign a Business Associate Agreement. The BAA creates legal obligations for the business associate to protect PHI according to HIPAA standards.

Microsoft offers BAAs for enterprise customers. But a BAA only covers the specific services identified in the agreement. If a feature operates outside the BAA's scope (like Copilot's web search), using that feature with PHI violates HIPAA regardless of whether you have a BAA for other Microsoft services.

The Minimum Necessary Standard

HIPAA requires covered entities to limit PHI disclosure to the minimum necessary to accomplish the intended purpose. When you paste an entire patient record into Copilot to generate a summary, you're disclosing more information than necessary if the AI could work with de-identified or limited data.

AI tools encourage broad data input to generate better outputs. HIPAA requires the opposite. This tension creates compliance risk in everyday Copilot usage.

The Security Rule Requirements

HIPAA's Security Rule requires administrative, physical, and technical safeguards for electronic PHI. For AI tools, relevant requirements include:

  • Access controls limiting who can input PHI
  • Audit controls tracking PHI usage
  • Transmission security when PHI travels to Microsoft's servers
  • Integrity controls ensuring PHI isn't improperly altered

In January 2025, HHS Office for Civil Rights proposed the first major update to the HIPAA Security Rule in 20 years, specifically addressing AI. The proposed rule requires covered entities to reassess security controls before integrating AI systems that process PHI.

The 18 PHI Identifiers

HIPAA defines 18 types of identifiers that make health information "protected":

  1. Names
  2. Geographic subdivisions smaller than a state
  3. Dates (except year) related to an individual
  4. Phone numbers
  5. Fax numbers
  6. Email addresses
  7. Social Security numbers
  8. Medical record numbers
  9. Health plan beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers and serial numbers
  13. Device identifiers and serial numbers
  14. Web URLs
  15. IP addresses
  16. Biometric identifiers
  17. Full-face photographs
  18. Any other unique identifying number or code

When any of these identifiers accompany health information and flow through Copilot, you're processing PHI and HIPAA obligations apply.

Where Copilot Falls Short

Even with Microsoft's enterprise offerings and BAA coverage, significant gaps exist for healthcare use.

The Web Search Exclusion

This is the gap that caught Weill Cornell and many others by surprise. Microsoft's documentation clearly states: "HIPAA compliance doesn't apply to web search queries as they aren't covered by the DPA and Business Associate Agreement."

Copilot can optionally enhance responses by searching the web through Bing. When web search is enabled and a query triggers it, data flows to Bing's servers. Bing operates outside the BAA. If that query contains PHI, you've disclosed protected health information to a service that isn't a business associate.

The user doesn't always control when web search activates. A query that seems internal might trigger web search if Copilot determines external information would improve the response.

The Subprocessor Complexity

Starting January 2026, Anthropic became a subprocessor for certain Microsoft 365 Copilot features. This adds another vendor to HIPAA compliance tracking.

Your BAA with Microsoft covers Microsoft. But HIPAA requires covered entities to have assurance that business associates' subcontractors also protect PHI appropriately. Microsoft's subprocessor list changes. Each change potentially affects your compliance posture.

The Feature Creep Problem

Microsoft continually adds Copilot features. New capabilities may have different data handling characteristics than features covered in your initial compliance assessment.

The Copilot you assessed for HIPAA compliance in 2024 is not the same Copilot running in 2026. Features, data flows, and subprocessors have all changed. Healthcare organizations need ongoing compliance monitoring, not one-time assessment.

Data Access Breadth

Microsoft 365 Copilot accesses data across your entire Microsoft 365 environment: emails, documents, Teams messages, SharePoint sites. It can surface information from anywhere the user has access.

In healthcare settings, this creates minimum necessary problems. A query about a specific patient might pull context from clinical notes, billing records, correspondence with specialists, and administrative communications. Copilot doesn't know that some of that context exceeds what's necessary for the immediate purpose.

Audit Trail Granularity

HIPAA requires documentation of PHI access and disclosure. Microsoft provides audit capabilities, but the granularity for Copilot interactions may not satisfy compliance officer expectations.

Can you demonstrate exactly what PHI was included in a Copilot query, what response was generated, and that the disclosure was limited to appropriate purposes? The audit trail requirements for HIPAA-covered AI usage exceed what many organizations have implemented.

The Workaround: How to Use Copilot While Maintaining Compliance

Healthcare organizations can use Copilot with PHI through careful configuration and data handling.

Option 1: Disable Web Search

The simplest mitigation for the web search exclusion is to disable it entirely. This is what Weill Cornell did.

In Microsoft 365 Admin Center, administrators can disable web search for Copilot at the tenant level. With web search disabled, Copilot only accesses data within your Microsoft 365 environment. All of that data flows through services covered by your BAA.

The tradeoff: Copilot responses will lack current information from the web. For healthcare use cases focused on internal data processing, this is often acceptable.

Option 2: De-identify Before Processing

The most HIPAA-aligned approach removes PHI before data reaches Copilot.

The pattern:

  1. Clinical staff needs to summarize a patient record
  2. Before Copilot processing, strip all 18 PHI identifiers
  3. Replace names, MRNs, dates, and other identifiers with placeholders
  4. Submit de-identified content to Copilot
  5. Copilot generates response using placeholders
  6. Staff re-associates identifiers internally if needed for documentation

De-identified data falls outside HIPAA's scope. If Copilot never sees PHI, HIPAA's requirements for business associate data handling don't apply to that specific processing.

Option 3: Role-Based Access Restrictions

Limit which users can process PHI through Copilot and for what purposes.

Create policies that define:

  • Which roles are authorized to use Copilot with clinical data
  • What types of clinical queries are appropriate
  • What workflows require de-identification versus direct processing
  • How to document Copilot use for audit purposes

Technical controls should enforce policy where possible. Administrative controls cover gaps.

Implementation Steps for Healthcare Organizations

Step 1: Assess Current Usage

Before implementing controls, understand your Copilot exposure:

  • Who has Copilot access?
  • Are they using consumer Copilot or enterprise Copilot?
  • Is web search enabled?
  • What types of PHI are being processed?

Many healthcare organizations discover shadow AI usage. Staff use personal AI accounts or consumer Copilot because enterprise access isn't available or isn't convenient.

Step 2: Verify BAA Coverage

Confirm you have a current Business Associate Agreement with Microsoft that covers:

  • Microsoft 365 Copilot
  • Copilot Studio (if applicable)
  • Any other Copilot products you're using

Document which features are covered and which are excluded. The web search exclusion should be explicitly noted in your compliance documentation.

Step 3: Configure for Compliance

For healthcare Copilot deployments:

  • Disable web search at the tenant level
  • Enable audit logging for Copilot interactions
  • Configure retention policies appropriate for healthcare records
  • Review subprocessor list and update compliance documentation
  • Implement access controls based on role and need

Step 4: Deploy Redaction Workflows

For workflows that involve PHI:

  • Implement redaction tools that strip PHI identifiers before Copilot processing
  • Create templates for common clinical use cases
  • Train staff on redaction procedures
  • Audit redacted content to verify complete de-identification

Step 5: Train Clinical Staff

Healthcare workers need to understand:

  • Why consumer Copilot creates HIPAA exposure
  • How web search affects compliance even in enterprise Copilot
  • When to use de-identification workflows
  • What to do if they accidentally expose PHI
  • How to document Copilot usage for compliance purposes

Step 6: Monitor and Update

HIPAA compliance requires ongoing attention:

  • Monitor Microsoft's subprocessor changes
  • Track feature updates that might affect data handling
  • Audit Copilot usage for compliance
  • Update training as products and regulations evolve
  • Reassess annually or when significant changes occur

Alternatives to Consider

If Copilot's compliance posture doesn't meet your needs, alternatives exist:

Microsoft Azure OpenAI Service with HIPAA BAA: Provides AI capabilities within Azure's healthcare-compliant infrastructure. Requires building applications but offers more control over data handling.

Google Vertex AI in Healthcare and Life Sciences: Google Cloud's healthcare-specific AI offering with HIPAA BAA coverage and healthcare data protections.

On-premise AI deployments: Some healthcare organizations run AI models within their own infrastructure. Higher cost but maximum data control.

Healthcare-specific AI vendors: Nuance (Microsoft), Epic, and other healthcare IT vendors offer AI capabilities designed specifically for clinical workflows with HIPAA compliance built in.

The Bottom Line

Microsoft 365 Copilot can support HIPAA-compliant workflows when properly configured, but it is not automatically HIPAA compliant.

Critical requirements for healthcare use:

  • Business Associate Agreement in place with Microsoft
  • Web search disabled at the tenant level
  • Users trained on compliant usage patterns
  • De-identification workflows for sensitive clinical data
  • Ongoing monitoring of subprocessors and feature changes
  • Audit trails documenting PHI processing

Consumer Copilot (Bing, free tier) should never be used with protected health information under any circumstances.

The practical path forward:

  1. Verify BAA coverage and identify exclusions
  2. Disable web search for healthcare users
  3. Implement de-identification for clinical workflows
  4. Train staff on compliant usage
  5. Monitor continuously as Microsoft evolves Copilot

Healthcare organizations that do this well get AI productivity benefits while maintaining HIPAA compliance. Those that assume enterprise licensing equals HIPAA coverage are creating exposure that OCR enforcement is increasingly targeting.

The January 2025 proposed HIPAA Security Rule update signals that regulators are paying attention to AI in healthcare. The time to get Copilot compliance right is before an OCR investigation, not after.

PaperVeil lets you redact sensitive information from documents before they touch any AI system. Detect and remove all 18 HIPAA identifiers automatically, handle clinical documents and PDFs, and generate audit trails that demonstrate compliance. The redaction layer that makes AI document processing actually safe for healthcare.