Solved

hipaa email and other cloud services?  for 30 people.  what's best option

Posted on 2013-06-27
2
392 Views
Last Modified: 2013-11-17
i've got a client that has 30 people that need to communicate w/ HIPAA compliance.  i can tell HIPAA means so many things, but I want best practice.  They probably want a Business Associate Agreement, so we are looking at Microsoft Office 365.  I have never used it, but it seems to provide end-to-end compliance, all the way to the mobile device.  (I need to sign-up for trial!)  Has anyone actually used it?  What practical advice do you have if a group of folks need to communicate via HIPAA-compliant email, and also want to share forms and protocols on a shared site?  I'm guessing Office365 with cloud-based exchange/outlook and sharepoint is both compliant and easy enough to use.  and, it does not look like we'd need to supplement it with another layer of HIPAA-compliant plug-in, like we seem to need to do if we wanted to go with Google Apps, as that seems NOT HIPPA-compliant (or at least they will not sign a BAA!)  

Please advise!  

thanks.
0
Comment
Question by:MyOwnDevices
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 39283368
HIPAA means HTTPS on just about everything but especially on email.  Regular email clients are not compliant and one of the complaints I've heard is that doctors tend to ignore the restrictions and send email out on their phones thru non-secure methods and services.  And like many such things, to be truly compliant, you must document that you are.

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.html
0
 

Accepted Solution

by:
khoover1 earned 250 total points
ID: 39293666
We just made the transition from Google Apps to Office 365 for the exact same reason - (Omnibus rule requiring BAA).  Microsoft signed a BAA and we also purchased a separate encrypted email solution from filink http://www.filink.com/email-encryption.html, which encrypts using Zix ... works with Off365 and has a HIPAA compliance policy too.  We also use them for archiving (previously using Postini).  They are willing to sign a BAA.
0

Featured Post

Increase your protection from Zero Day threats!

Running two Antivirus' is never a good idea.
Taking advantage of Multiple Security layers on the other hand can often save your hide.
See which top notch security software brands have been proven to happily coexist together.
Reduce your chances of becoming a statistic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include tâ€Ĥ

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question