Lately we’ve been discussing in the office whether certain cloud-based solutions are HIPAA compliant or not. Yammer, which was bought by Microsoft in 2012, is a popular enterprise social networking service used for private communication within organizations.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.
In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:
- Amazon CloudFront
- Apple iCloud
- Apple iMessage
- Citrix ShareFile
- Google Calendar
- Google Docs
- Google Drive
- Google Forms
- Google Hangouts
- Google Slides
- Google Voice
- Office 365
- Return Path
The purpose of this post is to determine if Yammer offers HIPAA compliance or not.
SEE ALSO: HIPAA Breaches and Cloud Providers
Yammer is a freemium enterprise social networking service used for private communication within organizations.
A user’s domain name determines access to a Yammer network so that only individuals with approved email addresses may join their respective networks.
The service began as an internal communication system for the genealogy website Geni.com and was launched as an independent product in 2008.
Microsoft later acquired Yammer in 2012 for a whopping $1.2 billion.
Yammer and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. HIPAA compliance requires this by law.
Since Yammer is now part of Microsoft Office 365, we checked Microsoft’s site and found a blog post titled “Yammer bolsters security and compliance with new auditing and reporting capabilities”.
Written on 13 October 2016, Microsoft’s blog post points out:
“As part of the Office 365 Trust Center, Yammer complies with international and regional standards such as the Office 365 Data Processing Agreement with European Union Model Clauses (DPA with EUMC), Health Insurance Portability and Accountability Office 365 Business Associate Agreement (HIPAA BAA), ISO 27001, ISO 27018, Section 508 for web accessibility, and SSAE 16 SOC 2 report.”
Does Yammer Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.
Since Microsoft offers one for use with Yammer, we conclude it can be a HIPAA compliant service.
Conclusion: Yammer is covered within Microsoft’s Business Associate Agreement. Make sure you sign a BAA with Microsoft before using Yammer in a HIPAA environment.