by Cindy Harper, Reclaim The Net:
Microsoft wants your medical records. The company launched Copilot Health this week, an AI feature that pulls together personal health history from wearable devices, lab results, and hospital systems, then lets users ask questions about all of it in a single interface.
That’s a significant amount of sensitive data landing in the hands of a company that, notably, isn’t legally required to treat it the way your doctor is.
The feature sits inside Microsoft’s broader Copilot product and connects to medical records from over 50,000 US hospitals and healthcare organizations through a platform called HealthEx.
TRUTH LIVES on at https://sgtreport.tv/
Lab results come in through Function, a health tech company. Wearables from Apple, Oura, Fitbit, and more than 50 other manufacturers can link directly to the dashboard.
The homepage aggregates step counts, appointment reminders, and other health signals depending on what users opt to share. It also offers access to provider directories, letting users search for doctors by specialty, location, language, and accepted insurance.
Microsoft frames this as understanding your health, not replacing your doctor. What it’s actually building is a centralized health surveillance layer that sits above the fragmented ecosystem of hospitals, labs, and wearable companies and aggregates everything into one place.
That may be genuinely useful. It also concentrates a significant amount of sensitive personal data in a product that is not HIPAA compliant.
That last point matters more than Microsoft’s press release suggests. The Health Insurance Portability and Accountability Act exists to set security requirements for electronic health data and restrict how it can be used and disclosed.
Hospitals and doctors who violate HIPAA face fines and potential criminal liability. Microsoft faces neither, because it doesn’t have to be HIPAA compliant to run Copilot Health.
Dr. Dominic King, VP of health at Microsoft AI, addressed this directly ahead of the launch: “HIPAA is not required for a direct-consumer experience like this when you’re using your own data.”
He went on to say: “However, at Copilot, we think it’s incredibly important that we’re meeting all the best standards out there. So, we will be announcing some updates here on our standing in terms of what are called ‘HIPAA controls.’” What those updates actually entail, King didn’t say.
