I work for a nonprofit that primarily utilizes M365 Business Basic licenses for services like Exchange and Teams. My management has asked me to enable Copilot on our workstations, but I need to ensure that we remain HIPAA compliant. While our M365 tenant is compliant, I'm concerned about using Copilot Chat because the web queries don't adhere to the same data protections as our tenant, which makes them potentially non-compliant. I don't want our staff inadvertently uploading documents containing PHI that could compromise our data.
I heard that it's possible to disable web queries for specific users and groups, but even after 24 hours of implementing the policy, I could still make web queries. During a meeting with a Microsoft salesperson, I saw a toggle for 'work' and 'web' questions in their Copilot Chat, which I believe is only available with the Copilot Add-on. However, management is not keen on spending $30 per user per month for that. I'm reaching out to see if anyone has found solutions or been able to keep M365 Copilot Chat HIPAA compliant. Any advice would be appreciated!
2 Answers
You're likely going to need that paid option to ensure compliance. Trust me, Microsoft has designed it this way on purpose.
Honestly, this scenario is exactly the reason for the $30 license. It sounds like the safest route for your organization.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures