Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

hipaa email and other cloud services?  for 30 people.  what's best option

Posted on 2013-06-27
2
388 Views
Last Modified: 2013-11-17
i've got a client that has 30 people that need to communicate w/ HIPAA compliance.  i can tell HIPAA means so many things, but I want best practice.  They probably want a Business Associate Agreement, so we are looking at Microsoft Office 365.  I have never used it, but it seems to provide end-to-end compliance, all the way to the mobile device.  (I need to sign-up for trial!)  Has anyone actually used it?  What practical advice do you have if a group of folks need to communicate via HIPAA-compliant email, and also want to share forms and protocols on a shared site?  I'm guessing Office365 with cloud-based exchange/outlook and sharepoint is both compliant and easy enough to use.  and, it does not look like we'd need to supplement it with another layer of HIPAA-compliant plug-in, like we seem to need to do if we wanted to go with Google Apps, as that seems NOT HIPPA-compliant (or at least they will not sign a BAA!)  

Please advise!  

thanks.
0
Comment
Question by:MyOwnDevices
2 Comments
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 39283368
HIPAA means HTTPS on just about everything but especially on email.  Regular email clients are not compliant and one of the complaints I've heard is that doctors tend to ignore the restrictions and send email out on their phones thru non-secure methods and services.  And like many such things, to be truly compliant, you must document that you are.

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.html
0
 

Accepted Solution

by:
khoover1 earned 250 total points
ID: 39293666
We just made the transition from Google Apps to Office 365 for the exact same reason - (Omnibus rule requiring BAA).  Microsoft signed a BAA and we also purchased a separate encrypted email solution from filink http://www.filink.com/email-encryption.html, which encrypts using Zix ... works with Off365 and has a HIPAA compliance policy too.  We also use them for archiving (previously using Postini).  They are willing to sign a BAA.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question