Share via

How to make Azure OpenAI HIPAA compliant? How to get signed BAA?

Ross Palmer 35 Reputation points
2023-08-25T12:43:36.2633333+00:00

Hello, I want to use Azure OpenAI to develop an application that processes medical data. I have heard that Microsoft will sign a BAA to facilitate this. I've been all over the website and I've not been able to find any way to do this, nor have I been successful in my attempts to contact a live support agent at Azure. I do have a Developer support contract, which is supposed to include access to support agents.

I also need to disable the Azure OpenAI content filtering and monitoring. I found a form to fill out for this, but I was rejected due to being "Unmanaged". What does this mean, and how do I fix it?

Are there any step by step guides showing how to make Azure OpenAI HIPAA compliant?

Thank you!

Azure OpenAI Service
Azure OpenAI Service
An Azure service that provides access to OpenAI’s GPT-3 models with enterprise capabilities.
4,081 questions
0 comments
Accepted answer
  1. VasaviLankipalle-MSFT 18,676 Reputation points Moderator
    2023-08-25T22:08:02.88+00:00

    Hello @Ross Palmer , Thanks for using Microsoft Q&A Platform.

    Regarding your question related to Azure OpenAI content filtering and monitoring, since you are an unmanaged customer, you cannot have content filtering disabled. If the customer is not a managed Microsoft account, they cannot have content filtering removed. Please go through this to know more about unmanaged/managed customer status here: Limited Access features for Cognitive Services - Azure Cognitive Services | Microsoft Learn.

    Unfortunately, we are not taking applications at this time to become a managed customer.

    Coming to second question, yes, Azure OpenAI Services can be used in a HIPAA-compliant manner. Azure has a HIPAA and HITECH implementation guidance document that outlines how to use Azure services in a HIPAA-compliant manner.

    Please refer to this documentation for more information: https://azure.microsoft.com/resources/microsoft-azure-compliance-offerings/User's image

    Regarding you question related to BAA: Here is the documentation:
    https://learn.microsoft.com/en-us/microsoft-365/compliance/offering-hipaa-hitech?view=o365-worldwide#use-microsoft-compliance-score-to-assess-your-risk

    Can my organization enter into a BAA with Microsoft?

    Yes. Microsoft offers its covered entity and business associate customers a Business Associate Agreement that covers in-scope Microsoft services.

    The Microsoft HIPAA Business Associate Agreement is available through the Microsoft Online Services Data Protection Addendum by default to all customers who are covered entities or business associates under HIPAA. See 'Microsoft in-scope cloud services' on this webpage for the list of cloud services covered by this BAA.
    The HIPAA Business Associate Agreement is also available for in-scope Microsoft Professional Services upon. Contact your Microsoft services representative for more information.

    I would suggest speaking to your sales/account representative for next steps helps.

    I hope this helps.

    Regards,
    Vasavi

    -Please kindly accept the answer and vote 'yes' if you feel helpful to support the community, thanks.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.