The Health Insurance Portability and Accountability Act (HIPAA) set forth industry standards for the handling of protected health information (PHI). PHI is any individually identifying health information such as name, date of birth, treatment information, Social Security number, etc. Under HIPAA, any organization working with PHI, in any capacity, must be HIPAA compliant. This includes covered entities (CEs) and the vendors that service them. Before a CE can share PHI with a vendor, they must secure a business associate agreement (BAA). What many organizations fail to understand is that a BAA is required with software companies as well, including Microsoft, making a Microsoft agreement necessary. Many large technology providers have pre-written BAAs that companies can easily access. This raises the question, how do you get your Microsoft Office 365 HIPAA BAA?

To get a Microsoft BAA for your organization follow these three easy steps:

 1. Navigate to the following URL: highly recommend Organizations take a few minutes to read this entire article. If you are just interested in obtaining the BAA, scroll to the bottom of the page for Frequently Asked Questions

2. The first question is: Can my Organization enter into a BAA with Microsoft? – Microsoft provides additional guidance to this as well as a direct-link for the BAA. Click on this URL to access the Service Trust Portal and retrieve your BAA:

3. Login with your Microsoft 365 Credentials and download the BAA. If necessary, additional resources can be found in Microsoft’s Service Trust Portal here:

See How It Works