HIPAA Compliance for Microsoft Office 365

Note: This information has been updated. Please visit our M365 page.

Organizations in every industry are upgrading to Microsoft Office 365 to improve security. A common concern among healthcare professionals is that using Office 365 and Microsoft Teams exposes an organization to HIPAA violations. If Office 365 is implemented without the correct security configurations, that is likely true. However, Office 365 and Teams can easily be configured to support HIPAA security and privacy requirements. Intraprise Health and Microsoft have collaborated on a groundbreaking whitepaper in an effort to outline HIPAA-compliant configurations as applicable in an over-arching security architecture.

A key component of HIPAA compliance is the demonstration of appropriate IT-related internal controls. These controls are designed to mitigate fraud and risk and create safeguards for legally protected health information (PHI) stored and transmitted in electronic form. In addition to internal controls, any user that accesses PHI is required to meet specific IT compliance standards.

With the proliferation of information security threats, the complexity of meeting HIPAA regulatory mandates, healthcare organizations need as many built-in compliance and security features as possible. Fortunately, the Microsoft Office 365 Information Protection Suite provides organizations integrated, turn-key security controls not previously available. Never before has it been easier to meet the technical and administrative safeguards required by today’s HIPAA Security mandates while also enabling modern cyber-security controls.

Previously, data loss prevention, security incident event management, data classification and encryption for data-at-rest were only achievable by leveraging expensive, off-the shelf vendors. Now, these tools are centrally built-in when using Microsoft’s Cloud services.

The Intraprise Health and Microsoft whitepaper provides healthcare executives, management and administrative teams the necessary information to satisfy HIPAA compliance and cybersecurity diligence using Microsoft Office 365 and Microsoft Teams. By implementing the controls found in the whitepaper, healthcare organizations may significantly reduce the likelihood of breaches while working towards meeting US and Global regulatory standards such as HIPAA, GDPR, and new consumer privacy laws.

To learn more, please read the full whitepaper, HIPAA Compliance: Microsoft Office 365 and Microsoft Teams.