Microsoft launches Copilot Health for personal medical records

Per Microsoft, Copilot Health moves into preview in the United States for Microsoft 365 Personal, Family, and Premium subscribers aged 18+, the company announced in a May 29 blog post on the Microsoft Copilot site. The product is a dedicated space inside Copilot where users can create a health profile, connect wearable and wellness apps starting with Apple Health, and link electronic health records from over 50,000 U.S. provider organizations via Microsoft's health integrations (per Microsoft and microsoft.ai).

Per Microsoft, Copilot Health aggregates items such as visit summaries, medication lists, and test results and uses those records together with wearable data to generate what Microsoft calls "intelligent health insights." The Microsoft Copilot blog lists three core capabilities: a health profile, connections to wearables and health records, and conversational, personalized insights. Microsoft says Copilot Health conversations are isolated from other Copilot interactions and that the data in this experience is not used to train Microsoft's AI models; Microsoft also describes encryption in transit and at rest and provides user controls for deleting data (per Microsoft blog). External coverage, including Digital Trends and product pages, reports Microsoft worked with an external panel of 250+ physicians from more than 24 countries during development and that the product holds ISO/IEC 42001 certification for AI governance practices (Digital Trends; PMC commentary).

Editorial analysis: Companies building consumer-facing health assistants increasingly combine wearable telemetry with electronic health record (EHR) access to provide unified views of health. Similar moves by other large vendors seek to reduce fragmentation between device data and clinical records while emphasizing governance controls and third-party medical review. For practitioners, these designs raise familiar integration challenges: normalized EHR schemas, identity and consent flows, record-matching accuracy, and secure short-lived tokens for third-party APIs.

Editorial analysis: Public materials emphasise segregation of Copilot Health data and nonuse for model training, which mirrors a now-common compliance pattern for sensitive domains. Observers should note the distinction between product claims and independent verification; certification like ISO/IEC 42001 and an external physician panel add governance signals, but they do not replace technical audits of deidentification, access control, and data lineage. For practitioners architecting integrations, the critical technical questions are how health records are normalized, what fields are persisted in user profiles, and whether downstream tooling preserves or expands access surfaces.

Editorial analysis: Observers should watch the breadth and depth of EHR integration (record types, bidirectional flows), the rollout of additional wearable partners beyond Apple Health, and the product's documented developer or enterprise APIs if any are published. Monitor independent security and privacy reviews, real-world examples of lab-result interpretation, and how Microsoft documents limitations; Microsoft explicitly notes Copilot Health is not intended to diagnose or replace professional medical advice (per Microsoft blog). Adoption metrics and any regulatory scrutiny will also determine how quickly similar features appear across consumer platforms.

Editorial analysis: Teams building health ML features can treat this launch as further evidence that consumer health tooling will increasingly demand robust EHR connectors, fine-grained consent frameworks, and explainable medical reasoning chains. Implementation priorities in comparable projects typically include strict role-based access, auditable data transformations, and clinician-in-the-loop validation for any automated interpretation.

Per Microsoft and multiple reporting outlets, Copilot Health is a consumer preview that centralizes wearable and EHR data, presents personalized conversational insights, and asserts technical and governance safeguards. Industry observers and practitioners will evaluate its technical integration patterns and independent privacy and safety assessments as the preview expands.