Today, we will determine if Microsoft Teams offers HIPAA compliant service or not. SEE ALSO: HIPAA Breaches and Cloud Providers
Microsoft Teams is a cloud platform that combines workplace chat, meetings, notes, and attachments. First launched in 2017, Microsoft Teams is Microsoft's competitive rebuttal to Slack and Google Hangouts Chat.
We’ve previously talked about how a Business Associate Agreement is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance. We checked Microsoft's site and found a page called:
On it, Microsoft states: [Microsoft] Teams is Tier C-compliant at launch. This includes the following standards: ISO 27001, ISO 27018, SSAE16 SOC 1 and SOC 2, HIPAA, and EU Model Clauses (EUMC).
To get more information on what Tier C-compliance means, we tracked down a doc in the Microsoft Download Center called:
On page 2 of that doc, we can see that Tiers B and up include a Business Associate Agreement:
At the top of page 3, we can also see that Microsoft Teams comes enabled by default in Tiers C & D:
We can see then, that a BAA is included with a subscription to Microsoft Teams.
The Business Associate Agreement is a key component to HIPAA compliance between a covered entity and a business associate. With some directed research, we were able determine that Microsoft is willing to sign a Business Associate Agreement that covers Microsoft Teams.
Conclusion: Microsoft Teams is HIPAA compliant.