Under the terms of its business associate agreement, Microsoft agrees to place limitations on use and disclosure of ePHI, implement safeguards to prevent inappropriate use, report to consumers and provide access to PHI, on request, per the HIPAA Privacy Rule. The BAA includes OneDrive for Business, as well as Azure, Azure Government, Cloud App Security, Dynamics 365, Office 365, Microsoft Flow, Intune Online Services, PowerApps, Power BI, and Visual Studio Team Services. Microsoft was one of the first cloud service providers to agree to sign a BAA with HIPAA-covered entities, and offers a BAA through the Online Services Terms. That said, before OneDrive – or any cloud service – can be used to create, store, or send files containing the electronic protected health information of patients, HIPAA-covered entities must obtain and sign a HIPAA-compliant business associate agreement (BAA). Microsoft supports HIPAA-compliance and many of its cloud services, including OneDrive, can be used without violating HIPAA Rules. There is certainly no problem with HIPAA-covered entities using OneDrive. Office 365 Business Essentials includes OneDrive Online, which is a convenient platform for storing and sharing files.
Many healthcare organizations are already using Microsoft Office 365 Business Essentials, including exchange online for email. Many covered entities want to take advantage of cloud storage services, but can Microsoft OneDrive be used? Is OneDrive HIPAA compliant?
0 kommentar(er)
