Microsoft is pushing its Copilot assistant into one of its most sensitive use cases yet, introducing Copilot Health, a dedicated space for users to interact with their medical data, track health metrics, and ask health-related questions.
The feature, announced Thursday, allows users to upload medical records, review lab results, connect wearable device data, and search for healthcare providers, all within a separate environment designed for health-related interactions. The rollout will be phased, with access initially limited to users on the waitlist.
At a high level, Copilot Health signals a shift in how tech companies are positioning AI, not just as a productivity tool, but as a personal interface for managing everyday aspects of life, including health.
Microsoft says the tool is not intended to replace medical professionals or provide diagnoses. Instead, it is designed to help users interpret health information and organise data that is often fragmented across hospitals, labs, and devices.
To support that, Copilot Health integrates with tens of thousands of healthcare providers in the US, allows users to import lab results, and connects with more than 50 wearable devices, including those from Apple, Oura, and Fitbit. It can surface metrics like step count alongside appointment reminders, depending on what users choose to share.
The company also emphasises content quality, saying responses draw from credible health organisations and include citations, along with expert-written summaries from sources such as Harvard Health.
Expanding into health without full regulatory coverage
The move places Microsoft in direct competition with other AI players entering the healthcare space, including OpenAI, Amazon, and Anthropic, all of which are developing tools designed to handle sensitive health-related queries.
But it also highlights a key tension: how far AI can go into healthcare without being subject to the same regulatory standards as traditional providers.
Microsoft says Copilot Health operates in a separate, secured environment, with user chats isolated from the broader Copilot system and excluded from AI model training.
Users can also delete their data or disconnect sources like wearable devices at any time.
However, the product is not currently positioned as HIPAA-compliant, a standard that governs how healthcare data is handled in the United States. According to Microsoft, that level of compliance is not required for direct-to-consumer tools that allow users to upload their own data.
The distinction matters. While hospitals and healthcare providers face strict legal consequences for mishandling patient data, consumer AI platforms operate under a different set of obligations, even as they handle increasingly sensitive information.
Microsoft says it plans to align with broader “HIPAA controls” over time and notes that Copilot Health meets ISO 42001 standards, an international framework for responsible AI deployment. Still, questions remain about data privacy, reliability, and long-term governance.
Those concerns are not theoretical. AI systems have a documented history of producing inaccurate or misleading health information, and experts continue to warn about the risks of relying too heavily on automated guidance, particularly in areas like mental health.
For Microsoft, the strategy is clear. As AI competition intensifies, health is emerging as a new frontier, one where the stakes are higher, and the margin for error is smaller.
For users, the trade-off is becoming harder to ignore. The same systems that promise convenience and clarity are also asking for deeper access to some of the most personal data they have.
