Microsoft Adds HIPAA, EU Data Privacy Protection to Office 365

Microsoft says its cloud-based Office 365 platform now conforms to HIPAA and European Union privacy regulations.

Microsoft says its Office 365 cloud office-productivity platform now has added compliance to the U.S. Health Insurance Portability and Accountability Act(HIPAA) and European Union data privacy regulations.

Under the HIPAA provisions in the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, companies must report data breaches within 30 days, and the cloud version of Office 365 now features incident-reporting capabilities.

As required by HIPAA, Office 365 also allows "business associates" to sign contracts specifying how they will use health information and safeguard the data.

In addition to the U.S. privacy guidelines, Microsoft says Office 365 now also complies with the European Commission's Data Protection Directive, in which companies must establish "model clause provisions" to demonstrate that they will protect patient information.

Microsoft has drafted data processing agreements for EU health care customers that include a more detailed data processing agreement than the EU requires.

The Dec. 14 Office 365 news comes nearly a week after Microsoft announced that it will transfer a large part of its health care IT business into a joint venture with GE.

Meanwhile, Microsoft has also launched an Office 365 Trust Center site that includes details on privacy and security measures. The Trust Center provides "transparency" on how Microsoft tracks health information and specifies who has administrative access to the data.

Physician practices use Office 365 applications such as instant messaging, document-sharing and video conferencing to collaborate with colleagues and patients in real time.

This article was originally published on 12-16-2011
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.

Click for a full list of Newsletterssubmit