Microsoft’s push to make Copilot a kind of AI medical middleman—especially through the newly announced Copilot Health—raises a real tension: the company is loudly promoting a Secure by Design philosophy, but the sensitivity of health data means the bar is far higher than a general security promise. The short version is that Secure by Design is necessary, but nowhere near sufficient for something that sits between you, your clinicians, your medical records, and your wearables.
Security by design is only one aspect of what would be required. Even if it keeps my data secure, if it is going to recommend putting pva glue on cuts and butter on burns, it’s a no from me. Altough i would be curious what it has to say about vaccinations…
Microsoft’s push to make Copilot a kind of AI medical middleman—especially through the newly announced Copilot Health—raises a real tension: the company is loudly promoting a Secure by Design philosophy, but the sensitivity of health data means the bar is far higher than a general security promise. The short version is that Secure by Design is necessary, but nowhere near sufficient for something that sits between you, your clinicians, your medical records, and your wearables.
Security by design is only one aspect of what would be required. Even if it keeps my data secure, if it is going to recommend putting pva glue on cuts and butter on burns, it’s a no from me. Altough i would be curious what it has to say about vaccinations…
Self-certified Secure By Design isn’t worth squat.