Microsoft Adds HIPAA, EU Data Privacy Protection to Office 365
Microsoft says its Office 365 cloud office-productivity platform now has added compliance to the U.S. Health Insurance Portability and Accountability Act(HIPAA) and European Union data privacy regulations.
Under the HIPAA provisions in the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, companies must report data breaches within 30 days, and the cloud version of Office 365 now features incident-reporting capabilities.
As required by HIPAA, Office 365 also allows "business associates" to sign contracts specifying how they will use health information and safeguard the data.
In addition to the U.S. privacy guidelines, Microsoft says Office 365 now also complies with the European Commission's Data Protection Directive, in which companies must establish "model clause provisions" to demonstrate that they will protect patient information.
Microsoft has drafted data processing agreements for EU health care customers that include a more detailed data processing agreement than the EU requires.
The Dec. 14 Office 365 news comes nearly a week after Microsoft announced that it will transfer a large part of its health care IT business into a joint venture with GE.
Meanwhile, Microsoft has also launched an Office 365 Trust Center site that includes details on privacy and security measures. The Trust Center provides "transparency" on how Microsoft tracks health information and specifies who has administrative access to the data.
Physician practices use Office 365 applications such as instant messaging, document-sharing and video conferencing to collaborate with colleagues and patients in real time.