To be HIPAA compliant a healthcare organization needs to ensure that all parties that have access to their data need to sign a Business Associate Agreement (BAA). The BAA helps to protect data security by requiring all parties involved to only share and use data within the HIPAA guidelines. As a healthcare organization or a health insurance company, if you have a third party email services provider you will need the provider to sign a BAA.
There are several other guidelines in place that are required for an email provider to be HIPAA compliant; companies that use these services need to ensure that the guidelines are followed. Any company that doesn’t keep track of its service providers risks being in violation of HIPAA.
Is Microsoft Outlook Online safe to use for HIPAA?
We first have to look at which version of Microsoft Outlook is being used. Outlook.com is not HIPAA compliant. The free service is not recommended for healthcare organizations and health insurance providers as it does not meet the HIPAA guidelines.
Read the rest of this post »