An HR analyst at a 3,000-person hospital system used Microsoft Copilot to look up employee benefits. Routine query, nothing unusual. The response came back with patient treatment notes pulled from a SharePoint folder that had been sitting there for four years with broad permissions that nobody had ever cleaned up.
One query. Forty-seven patient records exposed. And it happened because of a single permission gap that nobody knew existed.
That’s a documented case from a real deployment, and it’s the kind of thing that’s going to keep happening as healthcare moves faster on AI.
Boards are asking ownership groups about their AI strategy. Vendors are building AI features into everything they sell. The efficiency gains and clinical benefits are real, and nobody is saying stop. But there’s a question that keeps getting skipped: when your staff uses these tools, where is the patient data going?
The tool is not the problem
Microsoft’s infrastructure can be made HIPAA-compliant. So can most major AI platforms being deployed in healthcare right now. The compliance capability exists. The issue is configuration.
Getting an AI tool to HIPAA compliance means permission audits, Data Loss Prevention policies, access controls, sensitivity labels, governance documentation, and staff training on what can and cannot go into an AI prompt. None of that happens automatically. The vendor gives you the infrastructure. Your organization is responsible for what sits on top of it.
Most practices haven’t done this work, and it’s not a negligence problem. Nobody told them they needed to, and the AI tools were already in use before anyone had the governance conversation. That gap is wider than most leadership teams realize.
Compliance is a shared responsibility, and the split isn’t obvious
The way we think about it, AI HIPAA compliance breaks into two halves. One half is the technology controls: is your Microsoft environment configured correctly, are the right security settings in place, do you have the licensing you need for the compliance features to even work? The other half is the policies and procedures: does your practice have written rules about AI use, has your staff been trained, is someone accountable for keeping it current?
Microsoft will sign a Business Associate Agreement (BAA). They’ll encrypt your data in transit and at rest. They’ll give you the admin tools to configure access controls, sensitivity labels, and Data Loss Prevention policies. That’s their side of the line.
Your side is everything else. Who at your practice has access to what data. Whether someone set those permissions on purpose or they’ve just been sitting there since the last office manager left.
Whether your staff knows the difference between the enterprise version of Copilot (covered under a BAA) and the consumer version (not covered at all). Whether anyone has even asked the basic questions: do you have any policies at all about AI? What tools are your people using? Are they staying inside your EHR, or are they going outside of it?
A tool can scan your Microsoft environment and tell you where the gaps are in your technology stack and security controls. That gets you halfway, maybe more than halfway, to understanding your AI HIPAA compliance posture. But the other half, the policies, the training, the documented processes, that’s work your organization has to do. And most haven’t started.
Here’s what trips most people up. Leadership sees “HIPAA-compliant” on the vendor’s marketing page and assumes the work is done. It isn’t. The BAA covers the platform. It doesn’t cover what your people do inside it, how your data is organized, or whether your permissions are giving AI access to things it was never meant to see.
That 47-record incident didn’t happen because Microsoft failed. It happened because nobody on the practice side had reviewed SharePoint permissions in four years, and Copilot simply accessed what it was allowed to access.
What your practice needs before AI touches patient data
When a staff member runs a query in an AI tool, that tool reaches into whatever data the user has access to. In most practice environments, that’s a lot: clinical notes, billing records, patient communications, scheduling history, and financial data.
The AI doesn’t distinguish between a cafeteria menu and a treatment note. It retrieves whatever it can touch. If your permissions were set up quickly, or set up years ago and never revisited, the AI has access to things you probably didn’t realize anyone could reach, let alone a tool that can search all of it in seconds.
Getting your practice AI-ready isn’t about choosing the right tool. It’s about what sits underneath: your data governance, your access controls, your security architecture, and your policies about what staff can and cannot do inside these systems. That’s the infrastructure that separates practices using AI as a real asset from practices that are one permission gap away from a breach notification.
The question boards are asking
Ownership groups and PE sponsors are pushing practice leadership to have an AI strategy. That pressure makes sense. AI is going to reshape the way ambulatory practices operate, and the organizations that aren’t thinking about it now will be behind.
But most practices, when asked about their AI strategy, respond with a list of tools they’re evaluating or a feature their EHR vendor is rolling out. That’s a feature list, not a strategy.
A real AI strategy starts with data governance. Where does your PHI live? Who has access to it? How does it flow between systems? What controls prevent it from ending up somewhere you didn’t authorize? Without that foundation, the tools you layer on top are a liability.
What the practices getting this right are doing
They’re not necessarily deploying more AI than anyone else. In many cases, they’re deploying less and moving more deliberately, building governance structures before they expand.
What they have in place are approved AI solutions, written policies, and staff training that spell out what people can and can’t do. They have controls to prevent unauthorized AI tools from accessing patient data, and someone is monitoring and alerting when something doesn’t look right. And they have a technology partner that’s asking the right questions instead of just installing the tools and moving on.
Here’s what that looks like in practice. A 20-provider group decides they want to roll out Copilot across their admin team. Before anyone touches the tool, their IT partner runs a permissions audit across SharePoint, OneDrive, and Teams. They find that three shared folders from a previous office manager still have org-wide access, including one with patient intake forms. They find that sensitivity labels were never configured, so the system has no way to flag clinical data differently from a lunch menu. They find that six former employees still have active accounts.
All of that gets cleaned up before Copilot goes live. DLP policies get configured to prevent PHI from being pulled into AI responses. Staff get trained on what they can and can’t put into a prompt. A governance policy gets documented so there’s a clear standard going forward, not just a one-time fix.
The whole process takes weeks, not months. And the practice ends up with an AI deployment they can defend in an audit, not one they’re hoping nobody looks too closely at.
That’s the combination that makes AI safe to use in a clinical environment. Not the tool itself, but the infrastructure you build around it.
What happens when the gap catches up to you
It doesn’t matter how the breach happened, whether it was a hacker or an AI tool pulling up records it shouldn’t have reached. If protected health information (PHI) got exposed, you’re reporting it. The HHS Office for Civil Rights (OCR) treats it the same either way.
For a mid-market practice, that means notifying every affected patient, reporting to HHS, and, depending on the size, possibly notifying local media. The investigation that follows is going to ask three questions: did you have a risk analysis that included your AI tools, were your access controls set up properly, and did your staff know the rules? If the answer to any of those is no, that’s where it gets expensive.
That’s just the federal side. Most states have their own breach notification laws on top of HIPAA, and some of them are stricter. Shorter timelines to notify, broader definitions of what counts as a reportable breach, and in some cases, separate reporting to the state attorney general’s office. If your practice operates across multiple states, you could be dealing with different requirements in each one.
OCR settlements in recent years have ranged from the low six figures to the millions. But for a 30-provider orthopedic group, the settlement isn’t the part that hurts the most. It’s the months you spend responding to the investigation instead of running the practice. It’s the conversations you have to have with patients about what happened to their data. That’s what sticks.
This is happening right now. AI tools are reaching into patient data inside healthcare environments through permissions that were never set up for this kind of access. The practices that close this gap now won’t be the ones scrambling later.
Where Focus comes in
We work with ambulatory practices across surgical and procedural specialties, as well as PE-backed multi-site groups. The conversation we’re having with leadership teams right now isn’t which AI tool to pick. It’s whether the foundation is ready.
The first step we take with practices is a Copilot and Microsoft 365 readiness assessment: a look at your Azure configuration and Office 365 environment against what Copilot requires to run securely. You get a clear report showing where your gaps are and what needs to be addressed before AI tools touch your patient data.
From there, we help you build the governance structure: the right policies, the right access controls, the right training for your staff, and ongoing monitoring through our Managed Security practice. Our vCISO function exists because most of our clients aren’t big enough to spend $200,000-plus on a full-time Chief Information Security Officer (CISO), but they still need someone to reach out to, someone who can ask the right questions and provide strategic guidance on security, HIPAA, and AI.
That’s what this function does: it’s a mix of people and tools, delivered as a bucket of hours each month. Some of that work is C-level strategic. A lot of it is the next layer down, the blocking and tackling that keeps your compliance posture where it needs to be.
As your Unified Partner, we bring your IT, security, and data under one roof so your practice can move forward on AI with confidence.
This space is going to change monthly, weekly, and daily. The tools will keep evolving. The regulations will keep tightening. But as long as you have the right policies in place, the right processes, a technology framework you can trust, and the right contracts and BAAs behind it, you’re in a defensible position. Our job is to help you get there and stay in front of whatever comes next.
If you have a technology partner, or you’re looking for one, make sure they’re asking the right questions.
Frequently asked questions
What are the HIPAA requirements for AI tools in healthcare?
Any vendor that handles your patient data needs a Business Associate Agreement. That includes AI tools. But a BAA on its own doesn’t make your deployment compliant. You’re also responsible for configuring access controls, implementing Data Loss Prevention policies, maintaining audit logs, and training staff on what they can and can’t do with PHI inside an AI tool.
Can staff use tools like Microsoft Copilot with patient data?
The consumer version of Copilot isn’t covered under any healthcare BAA. It should not be used with patient data, period. The enterprise version can be made HIPAA-compliant, but only with proper configuration, executed BAAs, permission audits, and governance controls in place. Using the enterprise version without that configuration doesn’t make it compliant.
What is the first step toward making a practice AI-ready?
Start with a readiness assessment of your Microsoft and AI environment. You need to understand where your PHI lives, how your permissions are structured, which AI features are already enabled in your systems, and what governance policies you have in place. That picture needs to come before any conversation about which AI tools to expand or add.
What certifications does Focus hold?
Focus holds HITRUST certification, the gold standard for healthcare information security. HITRUST is sufficient for the vast majority of healthcare practices evaluating a technology partner’s security credentials. It’s what our clients and the practices evaluating us should look for.