- For a HIPAA-regulated org the real exposure isn't the locked-down system of record but staff pasting client names, diagnoses, or case notes into consumer chatbots to work faster.
- Standardizing on Microsoft 365 Copilot keeps data inside your tenant under your agreements and respects each user's existing permissions, so it only sees what they're allowed to see.
- Lockdown and enablement are one motion: stand up the governed tool while using Intune device policies and web filtering to block consumer chatbots on company hardware.
- Copilot respecting permissions is only as good as your permissions, so cleaning up oversharing is part of the project, and adoption work like pilots and training is the real effort.
This spring, the leadership team at a care nonprofit that handles protected health information named a worry we hear more and more: their staff have started pasting client details into public AI chatbots to save time, and a training memo won't reliably stop it. "We'd like a backstop so we don't have leaks of confidential data," one of them said. That instinct, a backstop rather than a ban, is exactly right.
The risk isn't your core system
For a HIPAA-regulated organization (HIPAA being the federal health-privacy law), the obvious worry is the system of record, the case-management or health-records platform. But that's usually already locked down. The real exposure is what happens outside it: a well-meaning employee pasting a client name, a diagnosis, or case notes into a consumer chatbot to draft a letter faster.
You cannot ban your way out of this. Tell people not to use AI and they'll use it quietly, because it helps them do their jobs. A memo is not a control.
Displace the shadow, don't just forbid it
The move that works is to give people a sanctioned tool they actually want, then close the side doors. Standardizing on Microsoft 365 Copilot does two things at once: it keeps the data inside your tenant under your agreements, and it respects the permissions your staff already have, so it only sees what each person is allowed to see.
Lockdown and enablement are one motion, not two. You stand up the governed tool people want, and at the same time you use device policies and web filtering to block the consumer chatbots on company hardware. Demand gets redirected to the safe option instead of going underground.
The layered version of that lockdown: remove local admin rights, push device policies through Intune, filter the web to block consumer AI sites, and encrypt the laptops so data on a lost device is safe.
Two things people underestimate
First, Copilot respecting permissions is only as good as your permissions. If your SharePoint is overshared, Copilot will faithfully surface things people shouldn't see. Cleaning up access is part of the project, not an afterthought.
Second, a Copilot license that just sits on the desktop delivers nothing. Adoption is the real work: start with a pilot group, build a few role-specific use cases, train the trainers, and show people what good looks like.
The takeaway
Shadow AI is not a discipline problem, it's a tooling gap. People reach for public chatbots because they're useful and available. Give them something equally useful that keeps the data where it belongs, block the risky alternatives, and fix your permissions so the safe tool stays safe. That's a backstop you can actually rely on.
If your team is already using AI in ways that make you nervous, you're not behind, you're normal, and there's a governed path. Let's talk it through.