Last month, I had a call with a digital health startup in Toronto. During our call, we discussed their use of Microsoft Azure services in their solution set.
We’ve already covered how vast the HIPAA industry is so we can empathize with just how many people need to use cloud services in this healthcare sector.
In previous posts, we’ve covered email service providers like Gmail, Hotmail, Yahoo, Outlook, and AOL and their capabilities for HIPAA compliance. The purpose of this post is to determine if Google Cloud, one of the more popular cloud platforms, offers HIPAA compliance or not.
About Microsoft Azure
Microsoft Azure is a growing collection of integrated cloud services that developers and IT professionals can use to build, deploy, and manage applications. Azure is widely regarding as the #2 cloud service provider on the market, with Amazon Web Services being #1.
Microsoft Azure and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance to ensure security and privacy.
We checked the Microsoft Azure Trust Center and found a page called HIPAA and the HITECH Act. In it, Microsoft wisely points out:
“Currently there is no official certification for HIPAA or HITECH Act compliance. However, those Microsoft services covered under the BAA have undergone audits conducted by accredited independent auditors for the Microsoft ISO/IEC 27001 certification.”
Does Microsoft Azure Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a covered entity and a business associate. Since Microsoft Azure offers one, we conclude they are in fact a HIPAA compliant cloud vendor.
What’s Covered Under a BAA with Microsoft Azure?
Now that we’ve determined Microsoft Azure will sign a BAA, the question is determining what cloud services Azure provides that are actually covered by their BAA.
We found the answer to that on a Microsoft Trust Center page.
For Azure customers, the Microsoft Azure BAA currently covers:
- API Management
- App Service (API Apps, Mobile Apps, and Web Apps)
- Application Gateway
- Azure Active Directory
- Azure IoT Hub
- Azure Resource Manager
- BizTalk Services
- Cloud Services
- Data Catalog
- Data Factory
- Azure Cosmos DB
- Event Hubs
- Express Route
- Key Vault
- Load Balancer
- Log Analytics (formerly Operational Insights)
- Machine Learning
- Media Services
- Multi-Factor Authentication
- Notification Hub
- Operational Insights
- Redis Cache,
- Rights Management Service
- Service Bus
- Service Fabric
- Site Recovery
- SQL Database
- SQL Data Warehouse
- Storage Premium
- Stream Analytics
- Traffic Manager
- Virtual Machines
- Virtual Network
- VPN Gateway
Conclusion: Many parts of Microsoft Azure are HIPAA Compliant and adhere to regulatory compliance for healthcare providers and healthcare organizations.
READ MORE: Is Google Cloud HIPAA Compliant?