top of page

Microsoft CoPilot HIPAA Readiness

Many healthcare organizations are struggling to understand how to maintain HIPAA compliance and mitigate common HIPAA violations with the introduction of artificial intelligence powered features like CoPilot into their organization.

This is a feature and not an additional add-on or purchase for most M365 subscription users. Based on Microsoft's current early access program to select customers we anticipate that users will have general availability for M365 CoPilot in early 2024.

We have developed a comprehensive 2 week engagement to assess your related M365 cybersecurity practices, identifying key strengths and vulnerabilities, and deliver actionable recommendations that will prepare and enhance your overall security posture.


  • Education on Cybersecurity and Artificial Intelligence in the Healthcare Industry and the impact it has to governance, compliance, security and privacy.

  • Our experts will provide you with a list of factors that influence risk such as technology advancements, regulatory requirements, and emerging challenges in the space.

  • Identification of your strengths and vulnerabilities of M365, CoPilot, and related Microsoft cloud based technology by analyzing your measures, controls and protocols to determine their effectiveness in meeting HIPAA compliance requirements.

  • Summary and actionable recommendations to improve your current security posture that is tailored to your organization to ensure practical and relevant guidance.

M365 CoPilot and HIPAA Compliance


Prior to the workshop or any sessions, we will send your organization a survey to collect essential, non-proprietary data. This data will help us conduct a basic analysis and customize the workshop to your specific circumstances. We will then plan and prepare for our workshop sessions.

Using the survey results and engaging in discussions with your team, we will lead an exercise aimed at clarifying your organization's strengths and vulnerabilities. We will consider your existing investments and practices to develop a high-level understanding of your current state baseline, identify compliance gaps, and an ideal future state.

Our team will facilitate compliance-based cybersecurity discussions on lessons learned from building robust programs, best practices for right-sized cybersecurity investments aligned with compliance and regulatory requirements. These sessions will provide guidance on where to start, how to measure success, and how to ensure effective orchestration among different security elements within your program.

We will help build a common understanding to illustrate how various factors influence risk within the healthcare environment and discuss the specific factors present in your organization. These sessions aim to build a high-level consensus on your plan and foster a common understanding of the cybersecurity challenges you face.

Where to Start

These engagements typically require a fixed cost investment of $10k-$20k dependent on the complexity of your organization and number of people that we will need to meet with to acquire and present the information needed to ensure it is successful.

We can provide you with more detailed information and proposal after a brief 30-minute conversation with one of our team members.


bottom of page