HIPAA One and Microsoft ensure security and accountability against the use of cloud and hosted service providers that store patient information. Like Microsoft, HIPAA One provides our customers with vendor management software (VMS) to help them manage their agreements and business documents. VMS allows for the complete adaptation and management of BAA contracts for all suppliers, including the requirement for proof of compliance on the part of suppliers. The VMS software is included in the cost of the basic HIPAA One license at no extra charge. HIPAA requires covered companies and their business partners, defined as each organization working with PHI, to enter into contracts with each other. These contracts ensure that business partners have technical and management systems in place to protect PIs. If you work with Office 365, it means the conclusion of a Business Associate Agreement (BAA) with Microsoft. “For Microsoft cloud services: the HIPAA Business Association Agreement is available by default using online terms of service for all customers who are companies or business partners covered by HIPAA. The list of cloud services covered by this BAA can be accessed at “Microsoft Cloud Services in the Application Area.” The Health Insurance Portability and Accountability Act (HIPAA) sets industry standards for the treatment of protected health information (PHI).
PHI is any health information that identifies individually, such as name, date of birth, treatment information, social security number, etc. Under HIPAA, any organization working with PHI must be HIPAA compliant in any capacity. These include covered entities (CEs) and borrowers who use them. Before a creditor can be shared, a CEPHI must secure a Trade Association Agreement (BAA). What many companies don`t understand is that a BAA is also needed with software companies, including Microsoft. Many large technology providers have prefabricated BAAs that businesses can easily access. This raises the question of how to get your Microsoft BAA? The Compliance Centre is a robust resource. It is available to all Microsoft business customers, but some features, such as extended threat management, data classification sensitivity labels, some DLP features, may not be available unless you have a high-level license.