We sometimes get asked by customers and prospects about Microsoft Teams and their ability to use it in a HIPAA compliant manner.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud services in this sector.
In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:
- Amazon CloudFront
- Apple iCloud
- Apple iMessage
- Citrix ShareFile
- Constant Contact
- Google Calendar
- Google Docs
- Google Drive
- Google Forms
- Google Hangouts
- Google Hangouts Chat
- Google Slides
- Google Voice
- Office 365
- Return Path
- Uber Health
Today, we will determine if Microsoft Teams offers HIPAA compliant service or not.
SEE ALSO: HIPAA Breaches and Cloud Providers
Microsoft Teams is a cloud platform that combines workplace chat, meetings, notes, and attachments. First launched in 2017, Microsoft Teams is Microsoft’s competitive rebuttal to Slack and Google Hangouts Chat.
Microsoft Teams and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.
We checked Microsoft’s site and found a page called:
On it, Microsoft states:
[Microsoft] Teams is Tier C-compliant at launch. This includes the following standards: ISO 27001, ISO 27018, SSAE16 SOC 1 and SOC 2, HIPAA, and EU Model Clauses (EUMC).
To get more information on what Tier C-compliance means, we tracked down a doc in the Microsoft Download Center called:
- Compliance Framework for Industry Standards and Regulations for Office 365 and related Microsoft services
On page 2 of that doc, we can see that Tiers B and up include a Business Associate Agreement:
At the top of page 3, we can also see that Microsoft Teams comes enabled by default in Tiers C & D:
We can see then, that a BAA is included with a subscription to Microsoft Teams.
Does Microsoft Teams Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a covered entity and a business associate.
With some directed research, we were able determine that Microsoft is willing to sign a Business Associate Agreement that covers Microsoft Teams.
Conclusion: Microsoft Teams is HIPAA compliant.