Back
Office 365

Leading Universities meet HIPAA requirements on Office 365

Many organizations seeking to consolidate resources and save money on their infrastructure and email storage need to balance the benefits of moving to the cloud with assurances on how data is secured and accessed from the cloud.  

Microsoft today announced new academic institutions that are adopting Microsoft Office 365, to improve communication and collaboration across campuses while meeting security, privacy and other regulatory requirements mandated by the U.S. Health Insurance Portability and Accountability Act (HIPAA). Office 365 is the first and only major cloud business productivity solution to address the rigorous HIPAA requirements.

Duke University, Emory University, Thomas Jefferson University, University of Iowa and the University of Washington, chose Office 365 for education after a consortium of academic institutions worked closely with Microsoft to inform a Business Associates Agreement (BAA) to ensure it met their organizations’ HIPAA requirements. As a result of their efforts, Microsoft now offers the most comprehensive agreement to all organizations managing personal health data.

In addition to offering the most comprehensive HIPAA Business Associate Agreement for all customers managing personal health data, Office 365 supports the most rigorous global and regional standards such as ISO 27001, SAS70 Type II, EU Safe Harbor, EU Model Clauses, the US Family Educational Rights and Privacy Act (FERPA), and the US Federal Information Security Management Act (FISMA).

These investments are important because they enable Microsoft to meet a broad range of customer requirements regardless of size or industry.  More importantly, the transparency Microsoft provides via the Office 365 Trust Center gives customers peace of mind and the assurance that their data is just that, theirs and theirs alone. 

To learn more about why Duke University, Thomas Jefferson University and others chose Office 365, view the press release.