This page has not been updated recently.
We have kept it, within the OnWindows Archive, for your reference.
HIPAA agreement update for Microsoft
3 May 2013
Microsoft has updated its Health Insurance Portability and Accountability Act (HIPAA) Business Associate Agreement (BAA) for its next-generation cloud services, including Office 365, Microsoft Dynamics CRM Online and Windows Azure Core Services.
The update to Microsoft’s agreement will enable US healthcare providers to use cloud solutions to aid the coordination of care, improve patient health outcomes and maintain compliance with HIPAA privacy and security regulations. HIPAA, which was passed by US congress in 1996, gives the right to privacy to individuals aged 12-18 years.
In order to create the updated BAA, Microsoft partnered with numerous US medical schools, as well as a range of public and private sector HIPAA-covered bodies.
“Team communication and collaboration is the lifeblood of the health industry, and more and more healthcare organisations are realising the productivity, care team communications and cost-savings benefits of cloud computing,” said Dennis Schmuland, chief health strategy officer of US Health and Life Sciences at Microsoft. “Microsoft Office 365 is the only major cloud business productivity solution to programmatically offer a BAA built with the industry, and for the industry, to HIPAA-regulated customers, allowing healthcare organisations to be confident in the security and privacy of their patient data while empowering their staff to communicate and collaborate virtually anytime and almost anywhere.”
The updated BAA is in accordance with new regulatory language, which was part of the final omnibus HIPAA rule, and covers data protections such as Microsoft’s reporting requirements in accordance with the HIPAA Breach notification rule.
“We have programmatically offered a BAA for our healthcare customers since the launch of Office 365 nearly two years ago and have subsequently included our other cloud offerings such as Microsoft Dynamics CRM Online and Windows Azure Core Services under the BAA,” said Hemant Pathak, assistant general counsel, Microsoft. “Addressing the clarifications and changes incorporated in the final omnibus HIPAA rule reaffirms Microsoft’s commitment to comply with security and privacy requirements and maintain its status as a transparent and trusted data steward for healthcare organisations leveraging the cloud.”