Is Microsoft OneDrive HIPAA Compliant?

Yes, Microsoft OneDrive can be used as part of a secure HIPAA compliance program. Several variations of service plans available from Microsoft include access to their OneDrive software,  which provides an ideal solution for healthcare providers who need HIPAA compliant file storage software. 

There are several OneDrive plans available on Microsoft’s website.

But how can you be sure you have chosen the right one? In this post, we explore differences between available OneDrive plans and features that help position you for HIPAA success.

Microsoft OneDrive Plans that Support HIPAA Compliance

When you are on Microsoft’s website comparing OneDrive plans, look for the words “security and compliance”. When Microsoft specifically uses the word “compliance” in the product description, it’s a good sign that security features needed for HIPAA compliance are included.

There are several OneDrive plans to choose from on Microsoft’s website, but the only plan that includes, “advanced security and compliance capabilities” is called OneDrive for Business Plan 2.

If you only need file sharing and storage software, without the other offerings in Microsoft 365 Business and Office 365 plans, then OneDrive for Business is the way to go. The main security features available from the OneDrive for Business Plan 2 option fall under the umbrella of what Microsoft calls “advanced data loss prevention”.

With the data loss prevention policy in place, you can identify, monitor, and automatically protect sensitive information stored on OneDrive. The data loss prevention policy allows you to:

Will Microsoft Sign a Business Associate Agreement?

A copy of the Microsoft business associate agreement is available for download from Microsoft’s licensing website and specifies that “Office 365 Services” are included in the scope of the agreement, which includes OneDrive.

As long as you are using either OneDrive For Business Plan 2, or OneDrive as part of a Microsoft 365 Business Plan, you are covered. Setting up your business associate with Microsoft is as simple as agreeing to their terms of service. You can rest easy knowing that one more HIPAA compliance task is checked off your list. 


  • Microsoft OneDrive has a HIPAA compliant plan called OneDrive for Business Plan 2
  • Microsoft has a Business Associate Agreement available when you purchase this product

Do you need help configuring Microsoft OneDrive or other software for your business?

Give us a ring at (503) 389-5666! Gazelle Consulting can help compliance feel like less of a (gazelle’s) horn in your side. Assisting healthcare providers with their software decisions is our specialty, and we are happy to serve your needs.

Nav close