What is HIPAA? HIPAA is the Healthcare Information Portability and Accountability Act passed by the Federal Government in 1996 and was created to protect the information of patients. In addition to HIPAA, the HITECH Act (Health Information Technology for Economic and Clinical Health Act) was signed into law in 2009 to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act was designed to strengthen the civil and criminal enforcement of the HIPAA rules.
HIPAA/HITECH applies to companies, businesses, and organizations who provide service functions using individually identifiable health information.
What does HIPAA have to do with Office 365? Many organizations are moving to cloud services, such as Office 365, due to their managed cost and easy scalability. HIPAA/HITECH mandates that any transmission of patient information over a computer network must be done so in a secure and auditable manner.
There has been some confusion regarding HIPAA compliance of Office 365 since Microsoft Lync was renamed Skype for Business. The confusion is understandable given Microsoft’s consumer product also named Skype. Medicine Bow Technologies wants to help remove the confusion and provide guidance on staying HIPAA compliant. Skype for Business is HIPAA compliant as long as the covered organization signs a Business Associate Agreement (BAA) with Microsoft as specified in the HIPAA rules. This has been the case since Office 365 has been released.
To be very clear, Skype for Business is a completely different product than Skype. Skype is a consumer product and was never intended to be HIPAA compliant.
Here are the steps you need to take to use Office 365 in accordance with HIPAA rules:
Sign a BAA
Use Office 365 correctly – While Microsoft guarantees that Office 365 can be used in a HIPAA compliant manner, it is each customers responsibility to ensure the software is used correctly. Each organization will need to have their own policies and procedures in place that govern the use of patient data. This also includes any staff compliance measures, training, and auditing procedures.
How Medicine Bow Technologies can help: As a premier IT Services company in Wyoming, Medicine Bow Technologies can provide IT support to businesses and ensure HIPAA compliance in a variety of ways:
- Developing policies and procedures tailored to an organization’s goals.
- Advise on and implement password and access control solutions.
- Provide and/or develop email encryption
- Assist in gathering audit information
In addition to these specific items, Medicine Bow Technologies can provide managed IT services and other IT support out of our Laramie, Wyoming office.
Working together with the WCA Regional Training Center in Casper WY, Medicine Bow Technologies can help your organization achieve comprehensive HIPAA compliance by providing federally required services such as:
- Performing a federally mandated Security Risk Analysis.
- Developing an easy-to-follow Risk Management Plan in accordance with required HIPAA regulations.
- Providing the education and materials necessary to achieve HIPAA compliance.
- Providing access to on-going training and support from people you can count on.