April 25, 2013
/PRNewswire/ -- Microsoft Corp. today announced the release of a new, revised version of its HIPAA Business Associate Agreement (BAA) for the company's next-generation cloud services. This enables customers in the healthcare industry to leverage cloud solutions to coordinate care, improve patient health outcomes, and maintain compliance with privacy and security regulations issued under the U.S. Health Insurance Portability and Accountability Act (HIPAA) of 1996. Addressing HIPAA is embedded in the DNA of Microsoft's cloud solutions, and Microsoft updated its BAA to help healthcare organizations address compliance for the final omnibus HIPAA rule, which went into effect
. Microsoft's updated BAA covers Office 365, Microsoft Dynamics CRM Online and Windows Azure Core Services.
"Team communication and collaboration is the lifeblood of the health industry, and more and more healthcare organizations are realizing the productivity, care team communications and cost-savings benefits of cloud computing," said
, chief health strategy officer, U.S. Health & Life Sciences, Microsoft. "Microsoft Office 365 is the only major cloud business productivity solution to programmatically offer a BAA built with the industry, and for the industry, to HIPAA-regulated customers, allowing healthcare organizations to be confident in the security and privacy of their patient data while empowering their staff to communicate and collaborate virtually anytime and almost anywhere."
Microsoft collaborated with some of the leading U.S. medical schools
and their HIPAA privacy counsel, as well as other public- and private-sector HIPAA-covered entities, in creating a BAA for its cloud services.
The refreshed BAA aligns with new regulatory language included in the final omnibus HIPAA rule, such as the new definition of a Business Associate, which includes any entity that maintains protected health information on behalf of a HIPAA-covered entity and has access to such data, even if it does not view the data. It also covers important data protections, such as Microsoft's reporting requirements in accordance with the HIPAA Breach Notification Rule, and Microsoft's obligation to require its subcontractors who create, receive, maintain or transmit protected health information to agree to the same restrictions and conditions imposed on Microsoft pursuant to the applicable requirements of the HIPAA Security Rule. Allscripts is among the first organizations to leverage Microsoft's updated BAA.