The Healthcare Information Portability and Accountability Act passed by the Federal Government in 1996 and was created to protect the information of patients. In addition, the HITECH Act (Health Information Technology for Economic and Clinical Health Act) was signed into law in 2009 to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act was designed to strengthen the civil and criminal enforcement of the HIPAA rules.
HIPAA/HITECH applies to companies, businesses, and organizations who provide service functions using individually identifiable health information.
What do these regulations have to do with Office 365? Many organizations are moving to cloud services, such as Office 365, due to their managed cost and easy scalability. These regulations mandate that any transmission of patient information over a computer network must be done so in a secure and auditable manner.
Is Office 365 HIPAA compliant?
There has been some confusion regarding if Office 365 if HIPAA compliant since Microsoft Lync was renamed Skype for Business. The confusion is understandable given Microsoft’s consumer product also named Skype. Medicine Bow Technologies wants to help remove the confusion and provide guidance on staying HIPAA compliant. Skype for Business is HIPAA compliant as long as the covered organization signs a Business Associate Agreement (BAA) with Microsoft as specified in the HIPAA rules. This has been the case since Office 365 has been released.
To be very clear, Skype for Business is a completely different product than Skype. Skype is a consumer product and was never intended to be HIPAA compliant.
Here are the steps you need to take to be considered Office 365 HIPAA compliant in accordance to the regulations:
Sign a BAA
Use Office 365 correctly – While Microsoft guarantees that Office 365 can be used in a compliant manner, it is each customers responsibility to ensure the software is used correctly. Each organization will need to have their own policies and procedures in place that govern the use of patient data to become Microsoft 365 HIPAA compliant. This also includes any staff compliance measures, training, and auditing procedures.
How Medicine Bow Technologies can help: As a premier IT Services company in Wyoming, Medicine Bow Technologies can provide IT support to businesses and ensure compliance in a variety of ways:
- Developing policies and procedures tailored to an organization’s goals.
- Advise on and implement password and access control solutions.
- Provide and/or develop email encryption
- Assist in gathering audit information
In addition to these specific items, Medicine Bow Technologies can provide managed IT services and other IT support out of our Laramie, Wyoming office.
Working together with the WCA Regional Training Center in Casper WY, Medicine Bow Technologies can help your healthcare organization achieve get Office 365 HIPAA compliant by providing federally required services such as:
- Performing a federally mandated Security Risk Analysis.
- Developing an easy-to-follow Risk Management Plan in accordance with required HIPAA regulations.
- Providing the education and materials necessary to achieve Office 365 HIPAA compliance.
- Providing access to on-going training and support from people you can count on.
Using a managed service provider that is experienced in getting Office 365 HIPAA compliant makes the process easier and more efficient for you. At Med Bow Tech, we understand the intricacies of working through these regulations.