Yes, Microsoft Azure can be configured to be HIPAA compliant.
In this post we highlight what to consider when storing PHI (Protected Health Information) on Microsoft’s enterprise-grade cloud computing platform.
When it comes to enabling HIPAA compliance on the Azure platform, Microsoft has spared no expense. In addition to providing standard cloud services like data storage or serving scalable applications, Azure includes a Security and Compliance Blueprint designed to guide users through securely transmitting, storing, analyzing, and interacting with health data while meeting HIPAA compliance requirements. There is even support for using Azure for HIPAA compliant health data processing with artificial intelligence.
Configuring Azure for HIPAA Compliance
Do not assume the configuration settings of Azure services are optimized for HIPAA compliance by default. It is important to understand that meeting HIPAA requirements combines the technical security control settings in Azure with administrative security controls you are responsible for carrying out.
This includes (1) the configuration and review of audit logs, (2) support for granting minimum required permissions using role based access, (3) robust data encryption features, (4) diagnostic logs for encryption key management and (5) the Azure Security Center dashboard that provides a centralized view of the security state of all Azure resources.
Microsoft suggests that your system should not be considered compliant until it is examined by an external auditor, although that is not a requirement of HIPAA.
Will Azure Sign a Business Associate Agreement?
Absolutely. Microsoft makes this easy for customers who are covered entities or business associates by establishing a Business Associate Agreement by default when a Microsoft services agreement is signed. The standard licensing terms and documentation that comprise the Business Associate Agreement (BAA) part of a Microsoft services agreement are available to download from Microsoft’s licensing website.
Takeaways
- Microsoft Azure can be HIPAA compliant with proper security configuration and administrative controls
- Microsoft will sign a Business Associate Agreement (BAA)
- Check out our blog for more guidance on Choosing HIPAA Compliant Software
Are you unsure if Azure is the right cloud computing platform to support your healthcare services?
Gazelle Consulting is here to help! Call us today at (503) 389-5666, email us at info@gazelleconsulting.org, or contact us here. We can answer all of your HIPAA compliance questions and help you feel as confident as a lion in a grassy savanna.