Article

Microsoft Azure for HIPAA and HITECH and the Business Associates Agreement: What You Should Know

by Rob Curls
Solutions Consultant, Concerto Cloud Services,
Doctor with tablet

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protecting Electronic Protected Health Information (EPHI).  Whether you view it as a positive or negative, the Federal Government has left the requirements of IT Security in HIPAA purposely vague.  The overarching guideline is to employ best practices based on the size of your organization.

For healthcare organizations looking to leverage Microsoft Azure for healthcare data in the cloud, Microsoft has published implementation guidance for adhering to HIPAA and HITECH on Azure (available here).  The guidance defines items in scope as: cloud services (both web and worker roll), Virtual Machines, Storage, Virtual Networks, Traffic Manager, Web Sites, BizTalk Services, Media Services, Mobile Services, Service Bus, Multi-Factor Authentication, Azure Active Directory, SQL Database and any other features identified on the Azure Trust Center.

However, there are some important details that every organization must understand regarding Microsoft's HIPAA guidelines for Azure.

Read and understand the Business Associates Agreement

The guidelines include requirements for Microsoft to agree to sign a Business Associates Agreement (BAA).  A BAA is a common contract between a Healthcare Organization and a service provider with access to EPHI that transfers the risk in case of a breach to the service provider. 

In Microsoft's case, the implementation guide is clear that Microsoft will only sign a BAA ...

FREE Membership Required to View Full Content:

Joining MSDynamicsWorld.com gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

Get full access
Business Central Cloud Dynamics 365 Dynamics AX Dynamics CRM Dynamics GP Dynamics NAV Healthcare Power Automate Regulatory Compliance SaaS
About Rob Curls

As a Solutions Consultant for Concerto Cloud Services, my primary focus is educating customers on technologies that are available and designing solutions that will achieve their strategic objectives. With a focus on cloud solutions, my responsibilities include architecting complex workloads utilizing best of bread technology and service providers, developing and presenting in person and online presentations and demonstrations with customers and industry experts, as well as working with our team to ensure we stay on the cutting edge as a cloud service provider.

With more than 14 years of technology experience, I have a diverse background which has enabled me to work in challenging industries such as Healthcare, Professional Services, and Defense. I've consulted organizations ranging in size from small start ups to large globally dispersed organizations, and I'd love the opportunity to sit down and discuss your needs.

More about Rob Curls