Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

hipaa email and other cloud services?  for 30 people.  what's best option

Posted on 2013-06-27
2
Medium Priority
?
396 Views
Last Modified: 2013-11-17
i've got a client that has 30 people that need to communicate w/ HIPAA compliance.  i can tell HIPAA means so many things, but I want best practice.  They probably want a Business Associate Agreement, so we are looking at Microsoft Office 365.  I have never used it, but it seems to provide end-to-end compliance, all the way to the mobile device.  (I need to sign-up for trial!)  Has anyone actually used it?  What practical advice do you have if a group of folks need to communicate via HIPAA-compliant email, and also want to share forms and protocols on a shared site?  I'm guessing Office365 with cloud-based exchange/outlook and sharepoint is both compliant and easy enough to use.  and, it does not look like we'd need to supplement it with another layer of HIPAA-compliant plug-in, like we seem to need to do if we wanted to go with Google Apps, as that seems NOT HIPPA-compliant (or at least they will not sign a BAA!)  

Please advise!  

thanks.
0
Comment
Question by:MyOwnDevices
2 Comments
 
LVL 84

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 750 total points
ID: 39283368
HIPAA means HTTPS on just about everything but especially on email.  Regular email clients are not compliant and one of the complaints I've heard is that doctors tend to ignore the restrictions and send email out on their phones thru non-secure methods and services.  And like many such things, to be truly compliant, you must document that you are.

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.html
0
 

Accepted Solution

by:
khoover1 earned 750 total points
ID: 39293666
We just made the transition from Google Apps to Office 365 for the exact same reason - (Omnibus rule requiring BAA).  Microsoft signed a BAA and we also purchased a separate encrypted email solution from filink http://www.filink.com/email-encryption.html, which encrypts using Zix ... works with Off365 and has a HIPAA compliance policy too.  We also use them for archiving (previously using Postini).  They are willing to sign a BAA.
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question