Share via

Is Qwen3-VL-235B deployed as serverless API in Foundry covered under our HIPAA BAA for image inputs?

Gonzalo Razuc 20 Reputation points
2026-04-01T16:28:25.3233333+00:00

Hello,

I'm evaluating the use of Qwen3-VL-235B-A22B (from the Foundry model catalog, listed as a partner/community model) for a clinical computer vision use case. The model would receive image inputs that may contain protected health information (PHI).

We understand that Azure Direct Models (e.g. Azure OpenAI) have explicit HIPAA BAA coverage, and that the Foundry documentation states that serverless API deployments are "subject to Azure data, privacy, and security commitments" and that Microsoft acts as data processor without sharing prompts or outputs with the model provider.

However, we need clarification on the following:

  1. Are models from partners and community (such as Qwen3-VL) deployed as serverless API in Foundry explicitly covered under the Microsoft HIPAA BAA, the same way Azure Direct Models are?
  2. Does that BAA coverage extend to IMAGE inputs specifically, not just text? This is important because our use case sends image frames to the model for analysis.
  3. Is there any distinction in HIPAA coverage between serverless API (pay-per-token) vs. managed compute deployments for partner models? Would one be preferred for HIPAA workloads?
  4. Are there any additional configurations required (e.g. VNet, private endpoints, disabling content filtering logs, abuse monitoring opt-out) to ensure HIPAA compliance when using a partner model with image inputs?
  5. Where can we find official documentation that explicitly confirms (or denies) HIPAA BAA coverage for partner/community models processing image data in Foundry?

We have reviewed the following docs but could not find a definitive answer for this specific scenario:

Thank you for your help!

Azure Computer Vision
Azure Computer Vision

An Azure artificial intelligence service that analyzes content in images and video.

Answer accepted by question author
  1. Karnam Venkata Rajeswari 1,395 Reputation points Microsoft External Staff Moderator
    2026-04-01T16:35:52.5233333+00:00

    Hello Gonzalo Razuc,

    Welcome to Microsoft Q&A .Thank you for reaching out.

    Currently there is no official documentation that explicitly confirms HIPAA BAA coverage at the individual partner or community model level, including for image‑based scenarios. HIPAA assurances remain tied to Azure services listed as in scope, with compliance depending on service configuration and usage. Healthcare workloads typically rely on service‑level scope confirmation along with internal compliance assessments aligned to documented Azure safeguards.

    HIPAA Business Associate Agreement (BAA) coverage is determined at the Azure service level, rather than at the individual model level. Azure services that are listed as in scope under the HIPAA audit scope are covered when used to process protected health information. Azure Direct Models and first‑party Azure AI services are explicitly included within this scope. Partner or community models accessed through Azure AI Foundry, such as Qwen3‑VL‑235B, are not individually listed or certified under the HIPAA audit scope. In these scenarios, HIPAA commitments apply to the underlying Azure service that hosts and processes the data, rather than to the model artifact itself.

    Use of image inputs that contain PHI - The HIPAA BAA does not differentiate between text and image data when processing electronic protected health information. When image inputs are processed through an in‑scope Azure service, the same HIPAA safeguards apply as they would for text inputs. Azure AI Foundry documentation describes prompt and output handling without limiting coverage to a specific data format. Image‑based requests sent to supported multimodal models are handled under the same privacy and security controls.

    Serverless API and managed compute deployments - From a HIPAA standpoint, there is no documented compliance distinction between serverless API deployments and managed compute deployments. Both deployment models operate on Azure infrastructure that may fall within the HIPAA audit scope when configured appropriately. Serverless deployments are fully hosted and managed by Azure, while managed compute provides dedicated resources under the same security boundary. HIPAA applicability depends on whether the underlying Azure service is in scope, rather than on the deployment approach itself. Both options can support regulated workloads when required safeguards are applied.

    Please ensure the following configurations for HIPAA‑aligned workloads

    1. Use private endpoints or network isolation to control network access
    2. Review diagnostic and logging configurations to avoid unnecessary retention of PHI
    3. Understand documented data processing and retention behaviors for the selected Azure service
    4. Apply Azure Policy HIPAA or HITRUST initiatives to help assess compliance posture

    The following references might be helpful , please check them out

    Thank you

     

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-04-01T16:28:44.5633333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The provided documentation and Q&A content do not state anything about HIPAA, BAAs, or compliance scope for partner/community models such as Qwen3‑VL‑235B in Microsoft Foundry, nor do they distinguish HIPAA coverage between image vs. text inputs, or between serverless vs. managed compute for such models.

    They only state, at a high level, that:

    • Azure Direct Models (including Azure OpenAI) are Azure services where Microsoft is the data processor, prompts/outputs are not shared with model providers, and customer data is not used to train models without explicit instruction.
    • For Foundry model catalog deployments:
      • Serverless deployments are hosted and managed by Microsoft, billed per input/output, and are subject to Azure data, privacy, and security commitments.
      • Managed compute deployments run model weights on dedicated VMs in the customer subscription, with the customer responsible for how data is processed.
      • Fine‑tuned models and their training data are not used to train or improve Microsoft or non‑Microsoft models except as directed, and fine‑tuned models are available exclusively to the customer.

    The context does not provide any explicit statement that:

    • Partner/community models are covered under the Microsoft HIPAA BAA.
    • HIPAA coverage extends specifically to image inputs for these models.
    • One deployment option (serverless vs. managed compute) is preferred or required for HIPAA workloads.
    • Specific network or logging configurations are required for HIPAA when using partner models.
    • There is official documentation that confirms or denies HIPAA BAA coverage for partner/community models processing image data.

    Because the necessary compliance and BAA‑scoping details are not present in the supplied material, none of the five sub‑questions can be definitively answered from this context alone.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.