Microsoft has announced that they have updated their Business Associate Agreement (BAA) for Microsoft Office 365. The new BAA addresses the requirements in the HIPAA Omnibus Rule that went into effect on March 26, 2013.
Addressing HIPAA is embedded in the DNA of Microsoft’s cloud solutions, and Microsoft updated its BAA to help healthcare organizations address compliance for the final omnibus HIPAA rule, which went into effect March 26. Microsoft’s updated BAA covers Office 365, Microsoft Dynamics CRM Online and Windows Azure Core Services.
The new BAA focuses in on the changes to Business Associates.
The refreshed BAA aligns with new regulatory language included in the final omnibus HIPAA rule, such as the new definition of a Business Associate, which includes any entity that maintains protected health information on behalf of a HIPAA-covered entity and has access to such data, even if it does not view the data. It also covers important data protections, such as Microsoft’s reporting requirements in accordance with the HIPAA Breach Notification Rule, and Microsoft’s obligation to require its subcontractors who create, receive, maintain or transmit protected health information to agree to the same restrictions and conditions imposed on Microsoft pursuant to the applicable requirements of the HIPAA Security Rule.
Microsoft Office 365 is one of the products in our HIPAA Technology Suite. Click here to find out more about our cost effective HIPAA compliant suite of products to help you comply with HIPAA and protect patient information.