The Health Insurance Portability and Accountability Act (HIPAA) set forth industry standards for the handling of protected health information (PHI). PHI is any individually identifying health information such as name, date of birth, treatment information, Social Security number, etc. Under HIPAA, any organization working with PHI, in any capacity, must be HIPAA compliant. This includes covered entities (CEs) and the vendors that service them. Before a CE can share PHI with a vendor, they must secure a business associate agreement (BAA). What many organizations fail to understand is that a BAA is required with software companies as well, including Microsoft. Many large technology providers have pre-written BAAs that companies can easily access. This raises the question, how do you get your Microsoft BAA? 

To get a Microsoft BAA for your organization follow these three easy steps:

 1. Login to office 365 admin center > billing > subscriptions > optional privacy and security contractual supplements.

  1. The last option reads “Office 365 and CRM Online HIPAA/HITECH Business Associate Agreement.” Check the box for that agreement, provide your electronic signature, and click “accept.”

  1. Once you click accept, you have successfully completed your Microsoft BAA. HIPAA law mandates that organizations keep copies of all of their business associate agreements. Print out or save a copy of your Microsoft BAA for your HIPAA Security Officer to keep on file.

You can also click this link to get to optional privacy and security contractual supplements directly.

Need Help with HIPAA?

Let our complete HIPAA solution handle it.