Is Microsoft 365 HIPAA compliant?

Featured image

Share this article

Is Office 365 HIPAA Compliant? - Paubox

Lately we’ve been discussing in the office whether certain cloud-based solutions are HIPAA compliant or not. Microsoft 365 is the brand name its chosen as it moves its services such as email, storage, and chat into the cloud.

For the purposes of this post, we will focus on the email component of Microsoft 365.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

The goal of this post is to determine if Microsoft 365 offers HIPAA compliant email or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About Microsoft 365

Microsoft 365 is the brand name Microsoft uses for a group of software and services subscriptions, which together provide productivity software and related services to subscribers.

For business users, Microsoft 365 offers service plans providing e-mail, chat, cloud storage, as well as access to the Microsoft Office software.

Microsoft 365 and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance to ensure security and privacy.

We checked the Microsoft Azure Trust Center and found a page called HIPAA and the HITECH Act.

In it, Microsoft wisely points out:

“Currently there is no official certification for HIPAA or HITECH Act compliance. However, those Microsoft services covered under the BAA have undergone audits conducted by accredited independent auditors for the Microsoft ISO/IEC 27001 certification.”

We also found on that page that several versions of Microsoft 365 are covered by Microsoft’s BAA. Those versions are:

  • Microsoft 365
  • Microsoft 365 U.S. Government
  • Microsoft 365 U.S. Government Defense

Does Microsoft 365 Offer HIPAA Compliant Service?

The Business Associate Agreement is a key component to HIPAA compliance between a covered entity and a business associate. Since Microsoft 365 offers one, we conclude it can be a HIPAA compliant email solution.

Conclusion: Three versions of Microsoft 365 are HIPAA Compliant and are able to adhere to regulatory compliance for healthcare  organizations.

Make sure you sign a BAA with Microsoft before using Microsoft 365 to store or transmit any protected health information (PHI).

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022