Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

Is HIPAA compliant?

Is HIPAA compliant?

We have been getting quite a bit of questions from prospective customers about and whether or not it’s a HIPAA compliant email platform. In previous posts, we’ve covered email providers like Gmail, Yahoo, GoDaddy, IPOWER and HostGator and their capabilities for HIPAA compliant email. The purpose of this post is to determine if is HIPAA compliant or not.


What is the Difference between and Hotmail?

Hotmail was founded in 1996 as one of the world's first free webmail services. It was acquired by Microsoft in 1997 and was soon rebranded as MSN Hotmail. It was later relaunched to Windows Live Hotmail as part of the Windows Live suite of products. In 2013, Hotmail was replaced with, which features Microsoft's Metro design language, and closely mimicked the interface of Microsoft Outlook. is not the same product as Office 365.


Is HIPAA Compliant?

As you're aware by now if you've been reading our blog, a Business Associate Agreement is a written contract between a covered entity and a Business Associate and is required for HIPAA compliance. Since every HIPAA compliant vendor must sign a Business Associate Agreement with the Covered Entities they serve, we can google to see if Microsoft offers a BAA for their service. If you've ever tried to find information about a product on Microsoft's websites however, you know how frustrating finding relevant information can be. First, we found a 2013 press release by Microsoft about their updated Business Associate Agreement provisions. In it, they mention, "Microsoft’s updated BAA covers Office 365, Microsoft Dynamics CRM Online and Windows Azure Core Services." We see then, that some of Microsoft's services are covered by a Business Associate Agreement and therefore meet HIPAA compliance standards.

What was not mentioned in that press release however, was any mention of and HIPAA compliance. Second, we found a page on Microsoft's site entitled "Office 365 & Microsoft Dynamics CRM Online HIPAA/HITECH frequently asked questions." Here again we see a reference that some, but not all, Microsoft products are built for HIPAA compliance: "Office 365 and Microsoft Dynamics CRM Online help their customers stay compliant with HIPAA and the HITECH Act." Office 365 and Microsoft Dynamics CRM are mentioned as being HIPAA compliant, but not Third, we found a reference to and HIPAA compliance on a Microsoft Community forum. In it, someone in 2013 asks the question, "Is HIPAA Compliant?" Seven months later, a Microsoft Forum Moderator replies to the question with: We understand that you would like to verify if complies with HIPAA. Since is a consumer service, it is not a HIPAA complaint. If you wish to use it with HIPAA compliance requirements, please consider Microsoft Office 365.

Is Hotmail HIPAA Compliant? - Paubox



Although Microsoft puts a lot of marketing spin on their website, don't be confused- is not a HIPAA compliant service. Microsoft does not mention being HIPAA compliant in their press releases, their HIPAA FAQ section, nor in their support forums.


Try Paubox Email Suite for FREE today.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.