![]() ![]() Microsoft uses 256-bit AES encryption and SSl/TLS connections are established using 2048-bit keys. Microsoft explains that all appropriate security controls are included in OneDrive, and while HIPAA compliance certification has not been obtained, all of the services and software covered by the BAA have been independently audited for the Microsoft ISO/IEC 27001 certification.Īppropriate security controls are included to satisfy the requirements of the HIPAA Security Rule, including the encryption of data at rest and in transit to HIPAA standards. ![]() Provided the BAA is signed prior to the use of OneDrive for creating, storing, or sharing PHI, the service can be used without violating HIPAA Rules. Microsoft will also ensure that if any subcontractors are used, they will comply with the same – or more stringent – restrictions and conditions with respect to PHI. ![]() Under the terms of its business associate agreement, Microsoft agrees to place limitations on use and disclosure of ePHI, implement safeguards to prevent inappropriate use, report to consumers and provide access to PHI, on request, per the HIPAA Privacy Rule. The BAA includes OneDrive for Business, as well as Azure, Azure Government, Cloud App Security, Dynamics 365, Office 365, Microsoft Flow, Intune Online Services, PowerApps, Power BI, and Visual Studio Team Services. Microsoft was one of the first cloud service providers to agree to sign a BAA with HIPAA-covered entities, and offers a BAA through the Online Services Terms.
0 Comments
Leave a Reply. |