Solved

hipaa email and other cloud services?  for 30 people.  what's best option

Posted on 2013-06-27
2
385 Views
Last Modified: 2013-11-17
i've got a client that has 30 people that need to communicate w/ HIPAA compliance.  i can tell HIPAA means so many things, but I want best practice.  They probably want a Business Associate Agreement, so we are looking at Microsoft Office 365.  I have never used it, but it seems to provide end-to-end compliance, all the way to the mobile device.  (I need to sign-up for trial!)  Has anyone actually used it?  What practical advice do you have if a group of folks need to communicate via HIPAA-compliant email, and also want to share forms and protocols on a shared site?  I'm guessing Office365 with cloud-based exchange/outlook and sharepoint is both compliant and easy enough to use.  and, it does not look like we'd need to supplement it with another layer of HIPAA-compliant plug-in, like we seem to need to do if we wanted to go with Google Apps, as that seems NOT HIPPA-compliant (or at least they will not sign a BAA!)  

Please advise!  

thanks.
0
Comment
Question by:MyOwnDevices
2 Comments
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 39283368
HIPAA means HTTPS on just about everything but especially on email.  Regular email clients are not compliant and one of the complaints I've heard is that doctors tend to ignore the restrictions and send email out on their phones thru non-secure methods and services.  And like many such things, to be truly compliant, you must document that you are.

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.html
0
 

Accepted Solution

by:
khoover1 earned 250 total points
ID: 39293666
We just made the transition from Google Apps to Office 365 for the exact same reason - (Omnibus rule requiring BAA).  Microsoft signed a BAA and we also purchased a separate encrypted email solution from filink http://www.filink.com/email-encryption.html, which encrypts using Zix ... works with Off365 and has a HIPAA compliance policy too.  We also use them for archiving (previously using Postini).  They are willing to sign a BAA.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now