HIPAA Compliance Inquiry: Image Processing via Azure OpenAI Service

We are currently evaluating Azure OpenAI for a healthcare-related initiative and need to confirm details about HIPAA compliance—specifically for image processing (e.g., using GPT‑4 Models) involving protected health information (PHI). From our preliminary research: Azure OpenAI does support HIPAA compliance for text inputs under a signed Business Associate Agreement (BAA) However, the documentation indicates that image inputs are not currently explicitly covered under HIPAA within the OpenAI BAA and may require additional safeguards. Refer - https://learn.microsoft.com/en-us/answers/questions/2106637/azure-openai-hipaa-compliance-status

While Azure provides enterprise-level isolation, data protection, and BAA coverage, the compliance scope for vision-based AI remains unclear . To proceed responsibly, we kindly request your assistance with the following: Does Azure OpenAI’s BAA explicitly include image-based PHI inputs when operating under a signed BAA? If image processing is not covered by default, what additional steps or agreements (e.g., limited-access configuration, separate attestation) are required to bring it into scope? Could you provide official documentation or specific guidance that references HIPAA compliance status for vision models on Azure? Are there recommended best practices for securely processing image-based PHI (e.g., network isolation, data segmentation, specific Azure region requirements)? Understanding the compliance and small-print details here is critical for our solution design. We appreciate your guidance and any relevant documentation links you can share. Thank you for your prompt support.