Microsoft Office 365 and Hipaa Compliance

By Farwah Aslam | Collaboration

Jun 01

I once had a patient who used a fake ID to get healthcare services; the hospital staff called the cops, who arrested the patient. Evidently, the patient was an illegal immigrant, an undocumented alien. If I remember correctly, the hospital got hammered in the press for reporting this illegal alien who was only trying to get healthcare; actually, steal healthcare by using someone else's ID, but let's not quibble.  Such incidents occur when we don’t have or we don’t follow the standards for the privacy and security of health information, i.e. HIPAA: Health Insurance Portability and Accountability Act of 1996.

What is HIPAA Compliance?

If you work in the healthcare industry, there is no doubt that you have heard about HIPAA (Health Insurance Portability and Accountability Act) Compliance thousands of times. The importance of keeping electronic protected health information confidential is pounded into us on a daily basis and for good reason. But what is HIPAA Compliance? We all know that it is a Federal Regulation specific to two types of organizations:

HIPAA is a two-sided coin — and for patients, both heads and tails are winners.

HIPAA Patient Privacy part protects the rights of those receiving medical care, by compelling healthcare providers to keep their data confidential.
HIPAA Data Security part adds a measure of safety, by requiring those who hold such data to restrict access to it.

Who Needs to be HIPAA Compliant?

Covered Entities

Including Health Plans and Healthcare Providers.

Business Associates

For any person or entity that performs activities involving the use or disclosure of protected health information on behalf of a covered entity.

Today, both Covered Entities and Business Associates must follow the same, exact requirements when it comes to complying with HIPAA. This is in big part to the final HIPAA Omnibus Rule back in 2013.

HIPAA BAA (Business Associate Agreement)

You want to be able to meet your compliance requirements your way and you need a wide range of services to choose from to support your digital transformation. So you want a HIPAA BAA (Business Associate Agreement) that enables flexibility and choice. Communication Square provides you digital flexibility with Microsoft Office 365 and HIPAA Compliance assurance. We can provide you with a Business Associate Agreement which would take all the worries off of your shoulder. Start exploring our Healthcare Solution to start transforming your business with the digital flexibility of Microsoft Office 365 and HIPAA Compliance.

Microsoft Office 365 and HIPAA Compliance

Establishing HIPAA compliance across a network can be a time-consuming task and needs proper knowledge. Most Hospitals hire professionals to make their health records compliant according to HIPAA requirements, which is costly. But no need to worry, Microsoft Office 365 provides an easy way to achieve HIPAA compliance, while providing collaborative and cost saving benefits of the cloud.

Is Microsoft Office 365 HIPAA Compliant?

The answer is Yes! Microsoft Office 365 is HIPAA Compliant. Office 365 includes four different ways to achieve HIPAA compliance for your organization.

Data Storage

According to HIPAA Omnibus Rule, all cloud storage providers should be HIPAA compliant as Business Associates. Under the agreement “Business Associates” is an entity or person that involves with the handling of Protected Health Information (PHI) in any way. Microsoft Office 365 provides HIPAA certified cloud storage. You can securely record all your sensitive data on Microsoft Cloud.

Microsoft Office 365 meets all the requirement of Business Associates agreement for handling health information. Not only that, Microsoft Office 365 also meets the requirements for HITECH Breach Notification Final Rule through Security and Compliance Center, which requires giving notice to individuals and the government when a breach of unsecured PHI occurs.


Every HIPAA compliance hosting has to make sure that they have encryption capabilities to securely store and transmit the data. Microsoft Office 365 offers enterprise-level encryption for its data utilizing Azure Information Protection, including email encryption options through Outlook Online. A user can send an encrypted email (which contains sensitive EPHI) to another user with two access options. They can either send an encrypted email which the recipient can access by logging in via their Microsoft account. Or by using a one-time passcode to view the encrypted email if the recipient doesn’t have a Microsoft account.

Data Loss Prevention

Data Loss Prevention is a rule that pre-screens sensitive information. For example, you might want to screen Credit Card number in your emails or any other sensitive information. Microsoft Office 365 notifies you if the email contains any sensitive information. Emails delivery can be blocked if they contain any sensitive information like health insurance number or social security etc. Thus Microsoft 365 ensure that health data is only transmitted through secure channels.

Mobile Data Wipe

Nowadays everything can be accessed through mobile and tablets so does the Electronic Protected Health Information. It is necessary to secure mobile device which contains sensitive health information. Microsoft Office 365 has built-in functionality to wipe data and restrict access to all the remote mobile device. So even if someones steals the device of a physician, health specialist or they lose it themselves; Office 365 can easily restrict access to sensitive health information.

The HIPAA Privacy Rule has already evolved over the past few years. And we expect that the requirements and suggested practices to comply with HIPAA will continue to evolve in the future based upon the enforcement activity of the Office of Civil Rights. It is time now for you to take action and start your journey towards HIPAA compliance with Microsoft Office 365 and Microsoft Azure Cloud. You can trust Communication Square with managed Cloud Solutions to increase the productivity of your teams and get secure and compliant at the same time.

Communication Square provides industry-leading Cloud Healthcare Solutions to meet all your customized needs and to get you HIPAA Compliant. Get started to explore more.

Get Started

About the Author