SOLVED

M365 Copilot and HIPPA Scope of covered services?

Brass Contributor

I have had a client ask if M365 Copilot will be specifically called out as covered by the BAA referenced in the Microsoft DPA. For reference this Microsoft document, referenced in the BAA, calls out the scope of covered services.

 

Thanks

Mark 

6 Replies

Hi @MBenton 

 

  1. I know it's a bit tedious, however, in order to best assist & since there are multiple definitions for BAA throughout Microsoft, and many products & services, would you please define your acronyms, specifically what you're referring to when you say "BAA" please?
  2. Would you mind clarifying what you're asking please?
  3. Also, since your question is not related to the CSP program at all, I'll need to move your post into an applicable community.

 

 

HI @MBenton 

 

Do you still require assistance?

Yes, I am still looking for help. What I am referring to is the HIPAA Business Associate Agreement (BAA) which is referenced in the current Data Protection Addendum (DPA) located at https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addend... . The BAA document then links to this acritical, https://learn.microsoft.com/en-us/compliance/regulatory/offering-hipaa-hitech , which lists the in-scope cloud services. Copilot is notably missing unless Microsoft is including that as part of Office 365". Thanks for the help. MArk
best response confirmed by MBenton (Brass Contributor)
Solution

Hi @MBenton 

 

Are you asking if Microsoft Copilot is HIPPA compliant? 

 

If so, Microsoft Copilot Studio is covered under the Health Insurance Portability and Accountability Act (HIPAA) Business Associate Agreement (BAA) - Review ISO, SOC, and HIPAA compliance - Microsoft Copilot Studio | Microsoft Learn

 

If you're a Partner/Indirect Provider, the MS Learn Doc in the link above is one of your resources available in Partner Center.

 

 

If this reply answers your question, please Accept as the solution to help the other members find it more quickly. Otherwise, please let me know if you need further assistance on this topic.


Regards,

Microsoft CSP Licensing Concierge

@LicensingConcierge1 you mentioned copilot studio but not copilot within Office365, can you confirm copilot within O365 is in scope as well?

@Consultant91125 

 

In addition to my response regarding Copilot Studio, please review the following link to learn about the security of M365 CopilotData, Privacy, and Security for Microsoft Copilot for Microsoft 365 | Microsoft Learn

 

To ask specific security questions, such as HIPAA compliance, the Copilot Community has a pinned post with a link to ask questions (even after the date of the call :smile:) - Copilot for Microsoft 365 Security and Governance AMA on Wednesday, June 12th, at 9:00 AM PT - Micro...

 

 

 

 

If this reply answers your question, please Accept as the solution to help the other members find it more quickly. Otherwise, if after reviewing the information you have additional questions, please let me know.


Regards,

Microsoft CSP Licensing Concierge

1 best response

Accepted Solutions
best response confirmed by MBenton (Brass Contributor)
Solution

Hi @MBenton 

 

Are you asking if Microsoft Copilot is HIPPA compliant? 

 

If so, Microsoft Copilot Studio is covered under the Health Insurance Portability and Accountability Act (HIPAA) Business Associate Agreement (BAA) - Review ISO, SOC, and HIPAA compliance - Microsoft Copilot Studio | Microsoft Learn

 

If you're a Partner/Indirect Provider, the MS Learn Doc in the link above is one of your resources available in Partner Center.

 

 

If this reply answers your question, please Accept as the solution to help the other members find it more quickly. Otherwise, please let me know if you need further assistance on this topic.


Regards,

Microsoft CSP Licensing Concierge

View solution in original post