3 Tips to Ensure HIPAA Compliance with Microsoft Office 365
1) HIPAA Evaluation
– Research Office 365 security and privacy practices to ensure they meet your organization's requirements. You should read the Service-Specific Privacy & Security link & Security documentation. Office 365 also has a privacy white paper available.
2) HIPAA Sign-Up Process
Ensure you sign the Business Associate Agreement (BAA) once the sign-up process is complete. This can be accomplished by going to the Office 365 HIPAA/HITECH FAQ FAQ. If you have an Enterprise Agreement version of the BAA, you will also need to email MSO-HIPAA@microsoft.com and designate a HIPAA Admin Contact as well.
3) HIPAA Training
All employees should receive training on how to properly handle ePHI based on their respective roles. Administrators should keep ePHI out of any sort of address book or directory and should never allow access to ePHI during support or troubleshooting with Microsoft. Users should be trained not to email ePHI to individuals who do not have the right to view that ePHI.
Microsoft-Office-365-HIPAA-Security PDF
*HIPAA support is only offered under the following plans and services: Office 365 plans A1, A2, A3, A4, E1, E2, E3, E4, P1, K1, K2; Exchange Online Plan 1, Plan 2, and Kiosk; Exchange Online Archiving; SharePoint Online Plans 1 and 2; Office Web Apps Plans 1 and 2.