HIPAA and the HITECH Act are U.S. federal laws that apply to most physicians’ offices and healthcare facilities. They set forth the requirements for the safeguarding of identifiable health information, also called Protected Health Information or PHI.
HIPAA and the HITECH Act also require these entities to sign agreements (called business associate agreements BAAs) with vendors who provide certain services using individually identifiable health information. By virtue of the BAA, these vendors inherit certain privacy and security obligations.
Indeed, customers can use Office 365 and be compliant with HIPAA and the HITECH Act. In fact, HIPAA support is built in and Microsoft will sign a BAA. Be remember, organizations are HIPAA compliant, not software packages or cloud services. In other words, you are not HIPAA compliant as a result of using Office 365. Rather, your organization needs to ensure it has taken the proper steps to meet HIPAA’s and the HITECH Act’s requirements, which include configuring and using Office 365 properly and training your employees correctly.
As with everything, the devil is in the details. There are some very specific actions that need to be taken in order to maintain HIPAA and HITECH compliance with Office 365. If you are not a very technical person, be sure to reach out to an Office 365 specialist, preferably, one with experience in the healthcare arena.