Customers with health data compliance concerns gain cloud confidence with Office 365

29 August 2013 | Leslie Sistla, Director, Technology Strategy, Worldwide Health Industry

As Neil Jordan discussed in his blog a few weeks ago, the efficiency, collaboration, and cost-savings benefits of the cloud are well proven by now. But for many organizations, data privacy, security, and compliance in the cloud are still a concern. So today I’d like to share some examples of how customers that had significant compliance needs around personal health data have been able to boost their cloud confidence with Microsoft Office 365 communication and collaboration cloud services.

  • Kindred Healthcare, Inc., one of the largest diversified providers of post-acute care services in the United States, needed a solution that would meet the security and privacy requirements mandated by the Health Insurance Portability and Accountability Act (HIPAA) after merging with RehabCare. After researching solutions from Google and Microsoft, it became clear that Office 365 was the best fit. Kindred chose to deploy Office 365 across both organizations to improve employee collaboration because it addresses HIPAA regulations and offers HIPAA business associate agreements (BAAs).
  • Mihills Webb Medical, a five-physician family practice, needed to improve the efficiency of communication between office staff, medical assistants, and physicians in a way that was HIPAA compliant. With Office 365, Mihills Webb Medical was able to unify its communications across the office and maintain HIPAA compliance with a BAA—which was critical for the practice.

In addition to health organizations, governments and universities are two other examples of entities that often house personal health data and consequently must comply with data privacy regulations.

  • Compliance was an important factor in the Texas Department of Information Resources selection of Office 365 to help it modernize its IT department. Several other Texas agencies, including the Department of Criminal Justice, the Alcoholic Beverage Commission, the Department of Insurance, and the Health and Human Services System, require access to data that is subject to complex security and privacy regulations. Texas Department of Information Resources and Microsoft worked together to support the state’s requirements under HIPAA and Criminal Justice Information Systems (CJIS), in order to maintain the state’s compliance posture and high standards for security and privacy. As a result of this partnership, jurisdictions at all levels within the state of Texas, including cities and counties, will be able to take advantage of Office 365.
  • Education institutions must adhere to HIPAA regulations if school data systems store student records that include protected health information. Medical schools, university hospitals, research departments, school counseling centers, and athletic departments are just a few examples of places on campus that store information about students’ physical and mental health. Human resources and benefits departments may also be governed by HIPAA. As such, compliance was a critical consideration when Duke University, Emory University, Thomas Jefferson University, the University of Iowa, and the University of Washington chose Office 365 to improve communication and collaboration across campuses and to meet security, privacy, and other regulatory requirements mandated by HIPAA.

In addition to offering the most comprehensive HIPAA BAA for all customers managing personal health data, Office 365 supports rigorous global and regional standards. To learn more about the many ways Microsoft is leading the industry in protecting data in the cloud, visit the Office 365 Trust Center. And keep checking back here as we continue to share more examples of how to gain cloud confidence.

Leslie Sistla
Director, Technology Strategy, Worldwide Health Industry