The Health Insurance Portability and Accountability Act (HIPAA) sets industry standards for the treatment of protected health information (PHI). PHI is any health information that identifies individually, such as name, date of birth, treatment information, social security number, etc. Under HIPAA, any organization working with PHI must be HIPAA compliant in any capacity. These include covered entities (CEs) and borrowers who use them. Before a creditor can be shared, a CEPHI must secure a Trade Association Agreement (BAA). What many companies don`t understand is that a BAA is also needed with software companies, including Microsoft. Many large technology providers have prefabricated BAAs that businesses can easily access. This raises the question of how to get your Microsoft BAA? Microsoft will sign a HIPAA business association agreement. You can`t find the form online — you have to work with a seller to make a deal. Unlike HIPAA compliance, obtaining PCI compliance in Azure does not require you to enter into an agreement with Microsoft. However, you need to take steps to protect your Azure system from hackers.
Here`s how to do it. As of April 2, 2020, the following services will be included in the scope of the agreement: “Office 365 Services, Microsoft Azure Core Services, Microsoft Dynamics 365 Core Services, Microsoft Intune Online Services, Microsoft Power Platform Core Services and/or Microsoft Cloud App Security, which are defined in the “Privacy Conditions” section of the online terms of service included in the agreement; Microsoft Healthcare Bot; and all additional azure online services and U.S. government online services, which are mentioned as an area of application for this BAA in the www.microsoft.com/en-us/trustcenter/Compliance/HIPAA Management Center (or tracking website) in the Microsoft Center; unnoticed. For organizations using Microsoft Office 365, a business associate agreement (BAA) will automatically run with Microsoft for your organization after the license agreement is activated and includes all covered services. HIPAA One and Microsoft ensure security and accountability against the use of cloud and hosted service providers that store patient information. Like Microsoft, HIPAA One provides our customers with vendor management software (VMS) to help them manage their agreements and business documents. VMS allows for the complete adaptation and management of BAA contracts for all suppliers, including the requirement for proof of compliance on the part of suppliers. The VMS software is included in the cost of the basic HIPAA One license at no extra charge. Years ago, we published a tip on how to get your Business Associate Agreement (BAA) from Microsoft if you used its Office 365 services. The process has now changed a bit, which is why we decide to re-examine this topic in a new article: you get your BAA for microsoft online services.
What is critical is that the definition of “Business Associate” also applies to your cloud service provider. This means that you must enter into an agreement with Microsoft in collaboration with Azure to ensure hipAA`s compliance. There is no signature or other steps to be taken to ensure that the BAA can be implemented. It is available and available to all organizations that qualify. Please note that Microsoft Office 365 customers are unable to revise or modify the agreement provided. Organizations that use Microsoft Professional Services should contact their customer service staff for more information. But there is a lot of complexity. In our experience, there is even more complexity than AWS or Google Cloud Platform.