As telehealth and videoconferencing increase in popularity, it is important to understand if the tool you are choosing to use is HIPAA compliant. Microsoft Teams is a platform that many businesses opt to use for virtual meetings. But is Microsoft Teams HIPAA compliant?
HIPAA Compliant Software Usage
Under HIPAA, software companies that “touch” (create, receive, maintain, or transmit) PHI are considered business associates. For HIPAA compliant use, software must have technical and administrative safeguards securing the protected health information (PHI) that is transmitted, stored, received, maintained, or created through them. Additionally, there must be a signed business associate agreement between a covered entity and the business associate before the platform can be utilized in conjunction with PHI.
However, no software can be fully HIPAA compliant; it is up to the end user to ensure that they are using the platform in a HIPAA compliant manner.
Is Microsoft Teams HIPAA Compliant: Safeguards
Microsoft Teams has the following safeguards in place securing PHI:
- Access controls. Provides users with unique login credentials, ensuring that PHI is only accessible to authorized users.
- Single sign-on (SSO). Enables users to access to related systems with one set of login credentials (i.e. Microsoft Teams, Office 365, etc.).
- Multi-Factor Authentication (MFA). Requires users to utilize multiple credentials to access data (i.e. username and password, biometrics, security questions, etc.). This ensures that the user is who they appear to be.
- Audit logs. Track access to PHI to ensure adherence to the minimum necessary standard.
- Encryption. Converts PHI into a format that can only be read with a decryption key, preventing unauthorized access to data at rest and data in transit.
Is Microsoft Teams HIPAA Compliant: Business Associate Agreement
Microsoft states on their website that they are willing to sign a business associate agreement. They do however, provide a disclaimer that it is the responsibility of the end user to ensure that Microsoft Teams is configured for HIPAA compliance.
Is Microsoft Teams HIPAA Compliant?
When used properly, is Microsoft Teams HIPAA compliant? Yes, Microsoft Teams is HIPAA compliant.