At least a quarter million businesses use the cloudbased Microsoft SharePoint Online platform to help manage workflows and share information But is SharePoint Online HIPAA compliant Visit httpscompliancygroupcom ID: 963203
Download Pdf The PPT/PDF document "Is Microsoft SharePoint HIPAA Compliant" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Is Microsoft SharePoint HIPAA Compliant? Launched officially in 2001, Microsoft SharePoint was one of the first applications to allow users to collaborate with team members through document storing, sharing, and access contro l. It later added social networking capabilities and the ability to build intranet web pages and wikis to enhance the user experience. At least a quarter million businesses use the cloud - based SharePoint Online platform to help manage workflows and share i nformation. But is SharePoint Online HIPAA compliant? What Makes a Software Tool HIPAA Compliant? When it comes to software, there are specific indications of the tool’s HIPAA compliance. Software HIPAA compliance really boils down to two things. Does the software have safeguards to keep patient data private and secure? Does the software provider sign business associate agreements? When the answer to both of these questions is “yes,” the tool is likely HIPAA compliant. If the answer to either is “no,” the s oftware tool is not HIPAA compliant. What Are HIPAA Safeguards? HIPAA safeguards are measures that a healthcare organization puts into place to protect the confidentiality, integrity, and availability of protected health information (PHI). HIPAA categorize s safeguards into three groups – administrative, physical, and technical. Administrative safeguards are written policies and procedures that dictate PHI’s proper uses and disclosu res. Physical safeguards , such as locks and alarm systems, protect an organization’s physical location. Technical safeguards are measures that protect electronic PHI (ePHI). While administrative and physical safeguards are essential, technical safeguards a re generally the determining factor of a software provider’s HIPAA compliance . Technical safeguards should include encryption, user authentication, access controls, and audit controls. Make Sure You’re HIPAA Compliant Become HIPAA Compliant Why is a Business Associate Agreement Important? Business associate agreements are a crucial determinant of HIPAA compliance. Even the most secure software platform is NOT HIPAA compliant if it will not sign a business associate agreement (BAA). Why? A BAA is a legal agreement that requires each signing party to be HIPAA - compliant and be responsible for maintaining compliance. As such, a BAA limits the liability for both signing parties in case of a breach or OCR audit, as only the negligent party would be held culpable. Is Microsoft SharePoint HIPAA Compliant? According to Microsoft, SharePoint’s technical safety standards meet the requirements of the HIPAA Security Rule. The application also provides the tools necessary to address administrative requirements such as access control, encryption, user authentication, and logs. Microsoft will sign Business Associate Agreements, but their website states tha t SharePoint Online is HIPAA compliant if paired with Office 365 Enterprise. The end - user must ensure that the platform is installed and configured correctly, including all appropriate security add - ons. Based on this information, and assuming the platform is configured correctly, Microsoft SharePoint Online appears to be HIPAA compliant.