Back

Your Guide to Office 365 HIPAA Compliance & HITECH Standards

Microsoft cant meet all HIPAA compliance HITECH standards without your own work and configuration Becauseadhering to Office 365 HIPAA compliance...

3 min read
Published on Feb 28, 2017
Exploring the Office 365 HIPAA Compliance Guide

Microsoft can’t meet all HIPAA compliance & HITECH standards without your own work and configuration. Because adhering to Office 365 HIPAA compliance & HITECH standards is your organization’s responsibility, even Microsoft has strict rules on what it will suggest and configure.

Luckily, Microsoft set up a program to assist companies that sign a Business Associate Agreement (BAA). The BAA doesn’t guarantee your organization follows HIPAA and HITECH standards. By offering a BAA, Microsoft only supports the implementation based on the parameters your company provides — and nothing more.

Do You Need to Sign a BAA for Office 365 HIPAA Compliance?

Because Office 365 HIPAA compliance falls on your company, you don’t have to sign a BAA and could still be compliant with a custom configuration.

Both the HIPAA & HITECH act outline standards and not absolutes. Many companies don’t sign a BAA and instead do the work in-house or hire an Office 365 compliance partner.

So what does that mean for your organization? Your legal team must be looped into any potential change in how your organization handles information. Office 365 provides information on compliance standards and tutorials to configure them.

Your legal team should provide the framework for what must be configured. If your team doesn’t have the expertise to accomplish this, you should reconsider your team. Even small HIPAA & HITECH Act violations can lead to big lawsuits.

Configure Security Policies in Office 365

Office 365 was built with security in mind. Your data is likely far safer in Office 365 than your own datacenters. Microsoft and its partners have heavily invested in making Office 365 as safe as possible.

Data Loss Prevention (DLP) is one helpful, optional license to consider. DLP arms end users with real-time tips to recognize and prevent sensitive information leaks. Your policy will flag items like credit card and social security numbers and block users from sending them. DLP helps your organization prevent data loss (especially for those end users who don’t know you even have a policy).

Office 365 dlp policy

In fact, your DLP policy can protect all data across your Office 365 tenant. DLP policies cover sensitive information in Exchange Online, SharePoint Online and OneDrive for Business. You can set which services you want to protect with a new DLP policy.

create new dlp policy office 365

Depending on how your DLP policy is configured, managers can override certain restrictions or be alerted when someone attempts to send sensitive data. To make implementing DLP policies easier in Office 365, Microsoft provides some out-of-the-box templates to save you time. If you’re subject to HIPAA & HITECH standards, I’d highly recommend this license.

Do You Need an Office 365 HIPAA Compliance Partner?

Many companies claim to be experts in HIPAA & HITECH Act requirements and will shell out plenty of suggestions to stay compliant. Beware of trusting an overly confident company with your Office 365 HIPAA compliance and HITECH standards. Somewhere in the fine print, there’s an out clause that points the finger back at you.

Working with an experienced partner will ease the process of becoming HIPAA and HITECH compliant, but no partner can achieve compliance for you on its own. You’ll have to work closely with your partner to clearly communicate and implement your requirements.

The Microsoft Security and Trust Centers area a great place to start. These resources help you (or your partner team) identify what must be configured to meet most security and compliance standards, including the HIPAA & HITECH Acts. Microsoft ranks its partners by achieved competencies, so I’d suggest choosing a partner with proven experience in your realm of compliance.

If you’re looking for a trusted advisor to talk honestly about Office 365 HIPAA compliance, reach out to Agile IT today. Our Office 365 consultants will help you identify the technical requirements and outline a plan to achieve HIPAA and HITECH compliance or configure other security options like DLP.

Tyjon Hunter MIS, MCSA

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Why Hire an MSP to Manage CUI Compliance

Why Hire an MSP to Manage CUI Compliance?

Discover how hiring an MSP to manage CUI compliance streamlines security, meets DFARS and NIST 800-171 requirements, and reduces internal IT burden.

Aug 23, 2025
9 min read
What is FAR CUI and How Does It Affect Contractors?

The FAR CUI: What It Means for Contractors and How to Stay Compliant

Learn about the FAR CUI, its security requirements, and how it impacts federal contractors. Understand the key compliance measures and steps to align with Federal Acquisition Regulation (FAR) guidelines.

Aug 22, 2025
8 min read
What Is Cloud Backup for Microsoft 365 and Azure?

What Is Cloud Backup for Microsoft 365 and Azure?

Learn what cloud backup means for Microsoft 365 and Azure, why native retention isn't enough, and how secure backups protect your critical data.

Aug 21, 2025
6 min read
What Are the Requirements for FAR CUI Compliance?

Understanding the Requirements for FAR CUI Compliance

Learn the best security practices for Azure migration. Protect data, ensure compliance, and minimize risks with Azure security tools and strategies.

Aug 20, 2025
6 min read
GCC High Migration Project Timeline & Phases

Timeline and Phases of a GCC High Migration Project

Discover the timeline and core phases of a successful GCC High migration project—from planning and validation to execution and post-migration governance.

Aug 15, 2025
7 min read
Ensuring Security During Azure Migration

Ensuring Security During Azure Migration

Learn the best security practices for Azure migration. Protect data, ensure compliance, and minimize risks with Azure security tools and strategies.

Aug 14, 2025
6 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation