Health Bot Overview

What is the Microsoft Health Bot Service?

The Health Bot Service is a cloud platform that empowers developers in Healthcare organizations to build and deploy their compliant, AI-powered virtual health assistants and health bots, that help them improve processes and reduce costs. It allows you to offer your users intelligent and personalized access to health-related information and interactions through a natural conversation experience.

The Health Bot Service is ideal for developers in IT departments of healthcare organizations such as providers, pharmaceutical companies, tele-medecine providers, and health insurers. Using the service, healthcare organizations can build a "health bot instance" and integrate it with their systems that patients, nurses, doctors, and other representatives interact with. Building an instance allows you to:

  • Improve processes
  • Improve services
  • Improve outcomes
  • Reduces cost

The Health Bot Service contains a built-in medical database, including triage protocols. You can also extend a health bot instance to include your own scenarios and integrate with other IT systems and data sources.

Some of the Health Bot Service functionalities are only available in select geographies.

Why use the Microsoft Health Bot Service?

The Health Bot Service simplifies the process of creating a bot that addresses the compliance and regulatory requirements of the healthcare industry. It does so by providing:

  • An extensible management portal
  • Healthcare-specific configuration options
  • Built in triage and symptom checker
  • Integration with Language Understanding Intelligent Service (LUIS) and other cognitive services.

Users interact with the chat bot via text or voice in a self-service manner. The Health Bot Service implements natural language understanding (NLP) and artificial intelligence (AI) technologies to understand the users' intent and provide accurate information.

Use cases

Our partners are using the Microsoft Health Bot Service to build health bot instances that address a wide range of healthcare-specific use cases. For example:

  • Insurers have built health bot instances that give their customers an easy way to look up the status of a claim and ask questions about benefits and services.
  • Providers have built health bot instances that triage patient issues with a symptom checker, help patients find appropriate care, and look up nearby doctors.

Out-of-the-box AI and world knowledge capabilities

An interactive symptom checker and medical database are built in to the Health Bot Service. Together, they enable meaningful conversations with patients using both common language and medical terms. Conversational intelligence also adapts dynamically as the health bot instance learns from previous interactions.

The service intelligence is powered by Azure Cognitive Services and credible world knowledge.

Configurable and extensible

The Health Bot Service provides endless flexibility of use to Microsoft partners:

  • Unique scenarios can be authored by partners for their health bot instances to extend the baseline scenarios and support their own flows.

  • The health bot instance's behavior can be configured to match the partner's use cases, processes, and scenarios.

  • The health bot instance can easily be connected to partners' information systems---for example, systems that manage EMR, health information, and customer information.

  • The health bot instance can be easily integrated into other systems such as web sites, chat channels, and digital personal assistants.

Security and privacy

The information handled by each instance of the Health Bot Service is privacy protected to HIPAA standards and secured to the highest standards for privacy and security by Microsoft. Built on top of the industry-leading Microsoft Azure technology, the Azure architecture powers the Health Bot Service's ability to scale with resilience, while maintaining the highest standards of privacy and security.

Easy to manage

Each health bot instance is easily managed and monitored by Microsoft partners via the Health Bot Service's management portal and management API. The management portal provides the ability to define the health bot instance's behavior in fine detail and to monitor usage with built-in reports. Management API allows the partner to embed the health bot instance and to securely exchange data and information.

Common scenarios

The Health Bot Service contains built-in scenarios. Additional scenarios may be authored through the Scenario Editor.

The built-in scenarios include the following:

  • Triage/symptom checker, powered by built-in medical protocols: The end user describes a symptom to the health bot instance and the bot helps the user to understand it and suggests how to react; for example, "I have a headache."

  • General information about conditions, symptoms, causes, complications, and more: Loaded with medical content, the health bot instance can provide information about medical conditions, symptoms, causes, and complications; for example, "information about diabetes," "what are the causes of malaria," "tell me about the complications of arthritis."

  • Find doctor type: The health bot instance can recommend the appropriate type of doctor to treat an illness; for example, "What type of doctor treats diabetes?"

Examples of scenarios that are typically built by our customers as extensions using the scenario authoring elements include the following:

  • Health plan inquiries: Your health bot instance can be customized to access information about health plan details, such as pricing and benefits.

  • Finding providers: Your health bot instance can allow customers to search for doctors by specialty, in-network status, and other specifications.

  • Scheduling appointments: Your health bot instance can be designed to allow your customers to schedule appointments easily and securely.


The Health Bot Service is a cloud platform for developers, built on top of Microsoft Azure. This multi-tenant service provides unique health bot instances for Microsoft partners. The management portal gives each partner detailed control over configuration and extensibility. Authored scenarios are unique to the partner's health bot instance. The health bot instance can be embedded within the partner's digital experience.

Health Bot uses Bot Framework under the hood as a messaging and routing platform to deliver messages to and from the end user. The conversational intelligence and medical knowledge is provided by the Health Bot service in two ways:

  1. Integrated third-party content - Microsoft partners with trusted content providers to deliver extensive and credible sources of medical knowledge.
  2. Custom conversational scenarios developed with our visual designer tool to accommodate his most complex and intricate needs. The author can call backend resources using secure and standard authorization and authentication methods. For example he can invoke the HL7 protocol to access patient records.

Partners can integrate the open source Web-Chat client into their native or web applications.


There are many controls in place to protect customer data transmitted and stored within the Health Bot service. Encryption is an important component in a multi-layered defense-in-depth data protection strategy to safeguard customer data in the Azure Health Bot and ensure the service meets your organization’s security and compliance needs.

Customer data stored by the Health Bot service uses Azure storage and Azure Cosmos DB's under the hood. Health Bot only uses persistent storage services that are always encrypted at rest. Encryption keys are managed by Microsoft and rotated periodically to prevent exposure. More over the Health Bot service only allows incoming and outgoing data connections over HTTPS ensuring the data in transit is also always encrypted.

Medical Device Disclaimer

Azure Health Bot Service (1) is not intended or made available as a medical device(s), (2) is not designed or intended to be used in the diagnosis, cure, mitigation, monitoring, treatment or prevention of a disease, condition or illness, and no license or right is granted by Microsoft to use the healthcare add-on or online services for such purposes, and (3) are not designed or intended to be a substitute for professional medical advice, diagnosis, treatment, or judgment and should not be used to replace or as a substitute for professional medical advice, diagnosis, treatment, or judgment. Customer should not use Azure Health Bot Service as a medical device. To the extent customer makes Azure Health Bot Service available as a medical device, or puts it into service for such a use, customer is solely responsible for such use and acknowledges that it would be the legal manufacturer in respect of any such use. Customer is solely responsible for displaying and/or obtaining appropriate consents, warnings, disclaimers, and acknowledgements to end users of customer’s implementation of Microsoft Azure Health Bot Service. Customer is solely responsible for any use of Azure Health Bot Service to collate, store, transmit, process or present any data or information from any third-party products (including medical devices).

Trust and Compliance

  • The Health Bot service is HIPAA-ready and has also the following list of certification (alphabetic order):

    • 23 NYCRR 500
    • AFM and DNB (Netherlands)
    • AMF and ACPR (France)
    • APRA(Australia)
    • Argentina PDPA
    • CDSA
    • CFTC 1.31
    • CSA STAR Attestation
    • CSA STAR Certification
    • CSA STAR Self-Assessment
    • Canadian Privacy Laws
    • DPP(UK)
    • EU Model Clauses
    • European Banking Authority
    • FCA and PRA (UK)
    • FERPA (US)
    • FFIEC(US)
    • FINMA (Switzerland)
    • FSA (Denmark)
    • GDPR Compliant
    • GLBA (US)
    • Germany C5
    • GxP (FDA 21 CFR Part 11)
    • ISO 20000-1:2011
    • ISO 22301:2012
    • ISO 27001:2013
    • ISO 27017:2015
    • ISO 27018:2014
    • ISO 9001:2015
    • Japan My Number Act
    • KNF(Poland)
    • MAS and ABS (Singapore)
    • MPAA(US)
    • NBB and FSMA (Belgium)
    • NEN 7510:2011 (Netherlands)
    • NHS IG Toolkit (UK)
    • Netherlands BIR 2012
    • OSFI(Canada)
    • RBI and IRDAI (India)
    • SOC 1 Type 2
    • SOC 2 Type 2
    • SOC 3
    • SOX (US)
    • Spain DPA
    • TISAX
    • TruSight
    • WCAG 2.0
  • The Health Bot service is built on top of Azure. Learn more about Azure compliance offerings.

  • Microsoft is committed to security, privacy and compliance. Learn more at the Microsoft Trust Center.