Is Qwen3-VL-235B deployed as serverless API in Foundry covered under our HIPAA BAA for image inputs?

Question

Is Qwen3-VL-235B deployed as serverless API in Foundry covered under our HIPAA BAA for image inputs?

Gonzalo Razuc 0

Hello,

I'm evaluating the use of Qwen3-VL-235B-A22B (from the Foundry model catalog, listed as a partner/community model) for a clinical computer vision use case. The model would receive image inputs that may contain protected health information (PHI).

We understand that Azure Direct Models (e.g. Azure OpenAI) have explicit HIPAA BAA coverage, and that the Foundry documentation states that serverless API deployments are "subject to Azure data, privacy, and security commitments" and that Microsoft acts as data processor without sharing prompts or outputs with the model provider.

However, we need clarification on the following:

Are models from partners and community (such as Qwen3-VL) deployed as serverless API in Foundry explicitly covered under the Microsoft HIPAA BAA, the same way Azure Direct Models are?
Does that BAA coverage extend to IMAGE inputs specifically, not just text? This is important because our use case sends image frames to the model for analysis.
Is there any distinction in HIPAA coverage between serverless API (pay-per-token) vs. managed compute deployments for partner models? Would one be preferred for HIPAA workloads?
Are there any additional configurations required (e.g. VNet, private endpoints, disabling content filtering logs, abuse monitoring opt-out) to ensure HIPAA compliance when using a partner model with image inputs?
Where can we find official documentation that explicitly confirms (or denies) HIPAA BAA coverage for partner/community models processing image data in Foundry?

We have reviewed the following docs but could not find a definitive answer for this specific scenario:

Thank you for your help!

Karnam Venkata Rajeswari 1,145 Reputation points Microsoft External Staff Moderator

2026-04-01T16:35:52.5233333+00:00
Hello Gonzalo Razuc,

Welcome to Microsoft Q&A .Thank you for reaching out.

Currently there is no official documentation that explicitly confirms HIPAA BAA coverage at the individual partner or community model level, including for image‑based scenarios. HIPAA assurances remain tied to Azure services listed as in scope, with compliance depending on service configuration and usage. Healthcare workloads typically rely on service‑level scope confirmation along with internal compliance assessments aligned to documented Azure safeguards.

HIPAA Business Associate Agreement (BAA) coverage is determined at the Azure service level, rather than at the individual model level. Azure services that are listed as in scope under the HIPAA audit scope are covered when used to process protected health information. Azure Direct Models and first‑party Azure AI services are explicitly included within this scope. Partner or community models accessed through Azure AI Foundry, such as Qwen3‑VL‑235B, are not individually listed or certified under the HIPAA audit scope. In these scenarios, HIPAA commitments apply to the underlying Azure service that hosts and processes the data, rather than to the model artifact itself.

Use of image inputs that contain PHI - The HIPAA BAA does not differentiate between text and image data when processing electronic protected health information. When image inputs are processed through an in‑scope Azure service, the same HIPAA safeguards apply as they would for text inputs. Azure AI Foundry documentation describes prompt and output handling without limiting coverage to a specific data format. Image‑based requests sent to supported multimodal models are handled under the same privacy and security controls.

Serverless API and managed compute deployments - From a HIPAA standpoint, there is no documented compliance distinction between serverless API deployments and managed compute deployments. Both deployment models operate on Azure infrastructure that may fall within the HIPAA audit scope when configured appropriately. Serverless deployments are fully hosted and managed by Azure, while managed compute provides dedicated resources under the same security boundary. HIPAA applicability depends on whether the underlying Azure service is in scope, rather than on the deployment approach itself. Both options can support regulated workloads when required safeguards are applied.

Please ensure the following configurations for HIPAA‑aligned workloads

Use private endpoints or network isolation to control network access

Review diagnostic and logging configurations to avoid unnecessary retention of PHI

Understand documented data processing and retention behaviors for the selected Azure service

Apply Azure Policy HIPAA or HITRUST initiatives to help assess compliance posture

The following references might be helpful , please check them out

Foundry Models from partners and community - Microsoft Foundry | Microsoft Learn

How to configure network isolation for Microsoft Foundry - Microsoft Foundry | Microsoft Learn

Configure managed virtual network for Microsoft Foundry projects (preview) - Microsoft Foundry | Microsoft Learn

Data, privacy, and security for Azure Direct Models in Microsoft Foundry - Microsoft Foundry | Microsoft Learn

Regulatory Compliance in initiative definitions - Azure Policy | Microsoft Learn

Thank you
Gonzalo Razuc 0 Reputation points

2026-04-01T18:38:28.2466667+00:00

Thanks for that detailed response, Karnam.

Just to confirm my understanding: if I use gpt-5.3-chat (or other model) deployed as an Azure Direct Model through Foundry, and send image inputs that may contain PHI, would that fall within the scope of the Microsoft HIPAA BAA? Assuming I apply the recommended safeguards you mentioned (private endpoints, log/diagnostic review, etc.)?

Just want to make sure I'm understanding this correctly before discussing it with my team.

Thank you!
Karnam Venkata Rajeswari 1,145 Reputation points Microsoft External Staff Moderator

2026-04-07T17:58:59.3833333+00:00
Hello Gonzalo Razuc,

Thank you for your patience.Azure Direct Models used through Azure AI Foundry can support HIPAA‑regulated scenarios, including image‑based workloads containing PHI, when in‑scope Azure services are used and appropriate safeguards are applied. Image data is treated as ePHI under the same protections as text, and no HIPAA distinction exists between serverless and managed compute deployment models. Partner and community models are not individually certified under the HIPAA audit scope, which makes Azure Direct Models the more clearly aligned choice for clinical use cases.

Azure Direct Models (e.g., GPT-5.3-chat) accessed through Azure AI Foundry are part of first-party Azure AI services. HIPAA Business Associate Agreement (BAA) coverage is determined at the Azure service level—not the model artifact or interface. When in-scope Azure services process ePHI, the Microsoft HIPAA BAA applies.

Using Azure AI Foundry as the access layer does not change this boundary; the same contractual assurances, safeguards, and audit scope apply to the underlying service.

HIPAA applies to ePHI regardless of format, with no distinction between text and image data. Image inputs containing PHI are treated as ePHI and handled under the same security and compliance safeguards as text when processed by an in-scope Azure service.

There is no documented HIPAA distinction between serverless API (pay-per-token) and managed compute deployments. Both can fall within HIPAA scope when properly configured. The choice depends on operational factors (cost, isolation, control), while compliance remains tied to the service boundary.

Partner and community models in Azure AI Foundry are not individually listed under the HIPAA audit scope. HIPAA assurances apply to the underlying Azure service, not the model itself. Therefore, Azure Direct Models remain the clearer, explicitly in-scope option for HIPAA-regulated workloads requiring BAA coverage.

The following references might be helpful , please check them out

Data, privacy, and security for use of models through the model catalog in Microsoft Foundry portal (classic) - Microsoft Foundry (classic) portal | Microsoft Learn

HIPAA - Azure Compliance | Microsoft Learn

Thank you

1 answer

Your answer

Gonzalo Razuc 0 Reputation points

2026-04-01T18:38:28.2466667+00:00

Thanks for that detailed response, Karnam.

Just to confirm my understanding: if I use gpt-5.3-chat (or other model) deployed as an Azure Direct Model through Foundry, and send image inputs that may contain PHI, would that fall within the scope of the Microsoft HIPAA BAA? Assuming I apply the recommended safeguards you mentioned (private endpoints, log/diagnostic review, etc.)?

Just want to make sure I'm understanding this correctly before discussing it with my team.

Thank you!

Answer 1

The provided documentation and Q&A content do not state anything about HIPAA, BAAs, or compliance scope for partner/community models such as Qwen3‑VL‑235B in Microsoft Foundry, nor do they distinguish HIPAA coverage between image vs. text inputs, or between serverless vs. managed compute for such models.

They only state, at a high level, that:

Azure Direct Models (including Azure OpenAI) are Azure services where Microsoft is the data processor, prompts/outputs are not shared with model providers, and customer data is not used to train models without explicit instruction.
For Foundry model catalog deployments:
- Serverless deployments are hosted and managed by Microsoft, billed per input/output, and are subject to Azure data, privacy, and security commitments.
- Managed compute deployments run model weights on dedicated VMs in the customer subscription, with the customer responsible for how data is processed.
- Fine‑tuned models and their training data are not used to train or improve Microsoft or non‑Microsoft models except as directed, and fine‑tuned models are available exclusively to the customer.

The context does not provide any explicit statement that:

Partner/community models are covered under the Microsoft HIPAA BAA.
HIPAA coverage extends specifically to image inputs for these models.
One deployment option (serverless vs. managed compute) is preferred or required for HIPAA workloads.
Specific network or logging configurations are required for HIPAA when using partner models.
There is official documentation that confirms or denies HIPAA BAA coverage for partner/community models processing image data.

Because the necessary compliance and BAA‑scoping details are not present in the supplied material, none of the five sub‑questions can be definitively answered from this context alone.

References:

Share via

Is Qwen3-VL-235B deployed as serverless API in Foundry covered under our HIPAA BAA for image inputs?

1 answer

Your answer