Microsoft Office 365 HIPAA: What Covered Entities Need to Know
Microsoft Office 365 is the most recent incarnation of Microsoft’s long-running Office series. SharePoint Online, a relatively new addition to the usual Microsoft Office line-up of word processing and business management tools, gives users access to a secure cloud-based storage system.
The HIPAA Omnibus Rule requires that all cloud storage providers be HIPAA compliant as business associates (BAs). Under federal regulation, a BA is considered any organization that is paid to handle protected health information (PHI) in any way.
Sharepoint HIPAA Compliance
SharePoint is currently one of the most widely available HIPAA compliant cloud-services on the market. For covered entities (CEs), SharePoint being HIPAA compliant means that protected health information (PHI) can be stored in the cloud without worry that the information is going to be improperly accessed or disclosed.
The fact that SharePoint is HIPAA compliant means that it was built with sufficient privacy and security protocols to act as a safe source for data storage. However, CEs looking to use SharePoint for their cloud storage do need to execute a business associate agreement (BAA) with Microsoft in order to satisfy HIPAA regulatory requirements.
Microsoft has a reputation for willingness to sign a BAA with their clients, so CEs shouldn’t encounter issues when it comes to satisfying their requirements under HIPAA. SharePoint and the rest of the Microsoft Office 365 suite of products are powerful HIPAA compliance tools that CEs can take advantage of for managing their practice and safely storing sensitive PHI.