Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

hipaa email and other cloud services?  for 30 people.  what's best option

Posted on 2013-06-27
2
Medium Priority
?
395 Views
Last Modified: 2013-11-17
i've got a client that has 30 people that need to communicate w/ HIPAA compliance.  i can tell HIPAA means so many things, but I want best practice.  They probably want a Business Associate Agreement, so we are looking at Microsoft Office 365.  I have never used it, but it seems to provide end-to-end compliance, all the way to the mobile device.  (I need to sign-up for trial!)  Has anyone actually used it?  What practical advice do you have if a group of folks need to communicate via HIPAA-compliant email, and also want to share forms and protocols on a shared site?  I'm guessing Office365 with cloud-based exchange/outlook and sharepoint is both compliant and easy enough to use.  and, it does not look like we'd need to supplement it with another layer of HIPAA-compliant plug-in, like we seem to need to do if we wanted to go with Google Apps, as that seems NOT HIPPA-compliant (or at least they will not sign a BAA!)  

Please advise!  

thanks.
0
Comment
Question by:MyOwnDevices
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 84

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 750 total points
ID: 39283368
HIPAA means HTTPS on just about everything but especially on email.  Regular email clients are not compliant and one of the complaints I've heard is that doctors tend to ignore the restrictions and send email out on their phones thru non-secure methods and services.  And like many such things, to be truly compliant, you must document that you are.

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.html
0
 

Accepted Solution

by:
khoover1 earned 750 total points
ID: 39293666
We just made the transition from Google Apps to Office 365 for the exact same reason - (Omnibus rule requiring BAA).  Microsoft signed a BAA and we also purchased a separate encrypted email solution from filink http://www.filink.com/email-encryption.html, which encrypts using Zix ... works with Off365 and has a HIPAA compliance policy too.  We also use them for archiving (previously using Postini).  They are willing to sign a BAA.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question