Azure OpenAI Hipaa Compliance Status

Hi NE,

Thanks for reaching out to Microsoft Q&A.

1. Is Azure OpenAI HIPAA compliant for text inputs? Yes, Azure OpenAI is HIPAA compliant for text inputs when the appropriate safeguards are in place, such as a signed Business Associate Agreement (BAA) between the customer and Microsoft. This allows Azure OpenAI to be used in HIPAA-regulated environments for handling protected health information (PHI). Customers are responsible for ensuring that the inputs, including any text data that could contain PHI, meet the necessary security and privacy requirements.
2. Is Azure OpenAI HIPAA compliant for image inputs? Image inputs are more complex, and as of now, Azure OpenAI does not explicitly extend HIPAA compliance to image inputs by default. While Azure's broader services offer HIPAA compliance, including storage and processing under a signed BAA, OpenAI's models (including for images like DALL-E) are not covered by HIPAA within Microsoft's compliance documentation. Therefore, special care must be taken to ensure image data does not contain PHI or sensitive health information, as it may not be covered under Azure OpenAI’s HIPAA compliance scope.
3. Is Azure HIPAA compliant by default without a BAA, and does that include all OpenAI usage? Azure's services are not HIPAA compliant by default without a signed Business Associate Agreement (BAA). The BAA ensures that Microsoft adheres to HIPAA requirements when handling PHI. Therefore, Azure OpenAI usage requires a signed BAA to be HIPAA compliant. Merely using the service without the BAA in place does not guarantee compliance, and it does not automatically include all Azure OpenAI services, especially for image inputs.
4. Where can I find documentation specifically mentioning OpenAI image inputs being covered by default HIPAA compliance? Currently, there is no specific documentation that states that Azure OpenAI's image inputs (such as DALL-E) are covered by HIPAA compliance by default. In fact, OpenAI's own HIPAA BAA does not cover image data, and Microsoft's compliance documentation does not explicitly mention image input compliance within the Azure OpenAI offering. For authoritative guidance, reviewing Azure’s HIPAA compliance documentation and consulting with Microsoft support is recommended. You can find general HIPAA-related documentation for Azure services in Microsoft's Trust Center or the Azure Compliance Documentation. Here's a link to the Azure HIPAA compliance overview where you can explore services covered under Azure's BAA. However, specifics about image inputs are not directly covered, and legal consultation may be necessary to determine compliance for your specific use case.

Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.