Tuesday, 10 April 2018

Is Microsoft Teams HIPAA Compliant?

Is Microsoft Teams HIPAA Compliant? - Jerry Wu, Eddie Waits, Hoala Greevy

We sometimes get asked by customers and prospects about Microsoft Teams and their ability to use it in a HIPAA compliant manner.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud services in this sector.

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

Today, we will determine if Microsoft Teams offers HIPAA compliant service or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

Microsoft Teams

Microsoft Teams is a cloud platform that combines workplace chat, meetings, notes, and attachments. First launched in 2017, Microsoft Teams is Microsoft’s competitive rebuttal to Slack and Google Hangouts Chat.

Microsoft Teams and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked Microsoft’s site and found a page called:

On it, Microsoft states:

[Microsoft] Teams is Tier C-compliant at launch. This includes the following standards: ISO 27001, ISO 27018, SSAE16 SOC 1 and SOC 2, HIPAA, and EU Model Clauses (EUMC).

To get more information on what Tier C-compliance means, we tracked down a doc in the Microsoft Download Center called:

On page 2 of that doc, we can see that Tiers B and up include a Business Associate Agreement:


Is Microsoft Teams HIPAA Compliant? - Paubox

At the top of page 3, we can also see that Microsoft Teams comes enabled by default in Tiers C & D:


Is Microsoft Teams HIPAA Compliant? - Paubox

We can see then, that a BAA is included with a subscription to Microsoft Teams.

Does Microsoft Teams Offer HIPAA Compliant Service?

The Business Associate Agreement is a key component to HIPAA compliance between a covered entity and a business associate.

With some directed research, we were able determine that Microsoft is willing to sign a Business Associate Agreement that covers Microsoft Teams.

Conclusion: Microsoft Teams is HIPAA compliant.

The post Is Microsoft Teams HIPAA Compliant? appeared first on Paubox.

No comments:

Post a Comment