Microsoft Office 365 and Hipaa Compliance

Microsoft office 365 and HIPAA compliance

I once had a patient who used a fake ID to get healthcare services; the hospital staff called the cops, who arrested the patient. Evidently, the patient was an illegal immigrant, an undocumented alien. If I remember correctly, the hospital got hammered in the press for reporting this illegal alien who was only trying to get healthcare; actually, steal healthcare by using someone else’s ID, but let’s not quibble.  Such incidents occur when we don’t have or we don’t follow the standards for the privacy and security of health information, i.e. HIPAA: The Health Insurance Portability and Accountability Act of 1996

If you work in the healthcare industry, there is no doubt that you have heard about HIPAA Compliance thousands of times. The importance of keeping electronic protected health information confidential is pounded into us on a daily basis and for good reason. But what is HIPAA Compliance? We all know that it is a Federal Regulation specific to two types of organizations:

  • Covered Entities (Health Plans and Healthcare Providers)
  • Business Associates (Any person or entity that performs activities involving the use or disclosure of protected health information on behalf of a covered entity)

Today, both Covered Entities and Business Associates must follow the same, exact requirements when it comes to complying with HIPAA. This is in big part to the final HIPAA Omnibus Rule back in 2013.

You want to be able to meet your compliance requirements your way. And you need a wide range of services to choose from to support your digital transformation. So you want a HIPAA BAA that enables flexibility and choice.

HIPAA is a two-sided coin — and for patients, both heads and tails are winners.

Its Patient Privacy part protects the rights of those receiving medical care, by compelling healthcare providers to keep their data confidential.

Its Data Security part adds a measure of safety, by requiring those who hold such data to restrict access to it.

Microsoft Office 365 and HIPAA Compliance

Establishing HIPAA compliance across a network can be a time-consuming task and need proper knowledge. Most Hospitals hire professional to make their health record according to HIPAA compliance which is costly.

But no need to worry ,Microsoft Office provide easy way to achieve HIPAA compliance ,while providing collaborative and cost saving benefits of the cloud.

Microsoft Office includes four different way to achieve HIPAA compliance for your organization

Data Storage:

According to HIPAA Omnibus Rule, all cloud storage providers should be HIPAA compliant as Business Associates. Under the agreement “Business Associates” is an entity or person that involved with the handling of Protected Health Information (PHI) in any way.

Microsoft Office 365 meets all the requirement of Business Associates agreement for handling health information .Not only that ,Microsoft Office 360 also meet the requirement for HITECH Breach Notification Final Rule, which requires giving notice to individuals and the government when a breach of unsecured PHI occurs.


Every HIPAA compliance hosting have to make sure that they have encryption capabilities to securely store and transmit the data. Microsoft Office 365 offers enterprise-level encryption for its data, including email encryption options through Outlook Online. A user can send an encrypted email (which contains sensitive EPHI) to another user with two access options. They can either send an encrypted email which the recipient can access by logging in via their Microsoft account. Or by using a one-time passcode to view the encrypted email if the recipient doesn’t have a Microsoft account.


Data loss Prevention are rule’s that pre-screen sensitive information .For example you might want to screen Credit Card number in your emails or any other sensitive information. Microsoft Office 365 notifies you if the email contains any sensitive information. Emails delivery can be blocked if they contain any sensitive information like health insurance number or social security etc. Thus Microsoft 365 ensure that health data is only transmitted through secure channels.

Mobile Data Wipe:

Now a days every can be access through mobile and tables so does the EPHI. It is necessary to secure mobile device which contain sensitive health information. Microsoft Office 365 has built in functionality to wipe data and restrict access to all the remote mobile device. So even if someones steals the device of physician, health specialist or they lose it themselves; Office 365 can easily restrict access to sensitive health information .

The HIPAA Privacy Rule has already evolved over the past few years. And we expect that the requirements and suggested practices to comply with HIPAA will continue to evolve in the future based upon the enforcement activity of the Office of Civil Rights.

Recommended Posts

Leave a Reply

Your email address will not be published. Required fields are marked *