Welcome!

Microsoft Cloud Authors: Kevin Benedict, Pat Romanski, Liz McMillan, Lori MacVittie, Elizabeth White

Related Topics: Microsoft Cloud

Microsoft Cloud: Blog Post

Office 365 and HIPAA

Microsoft made an announcement back in December about HIPAA and Office 365

Lately I have been doing a lot of Demo's of Office 365. I am always amazed at how many questions I get on Office 365. Usually one of those questions is about HIPAA. Well this announcement came out right before the holidays and I think most people missed it.

http://www.microsoft.com/Presspass/press/2011/dec11/12-14O365CloudPR.mspx?rss_fdn=Press%20Releases

REDMOND, Wash. - Dec. 14, 2011 - Microsoft Corp. today announced that Microsoft Office 365, the company's next-generation cloud productivity service, is the first and only major cloud-based platform to offer leading information privacy and security standards for customers operating in the European Union and United States. As part of its contractual commitment to customers, Microsoft will now sign the EU's model clauses, which will help customers certify compliance with the European Commission's stringent Data Protection Directive, and the U.S.-mandated Health Insurance Portability and Accountability Act (HIPAA).

Microsoft also announced the availability of the Office 365 Trust Center. The site provides in-depth information about the privacy and security practices for Office 365 and was recently redesigned to be more accessible and easy to understand. The new site can be accessed at http://trust.office365.com.

Compliance Updates

In February 2010, the EU released these standard contractual clauses (commonly referred to as "model clauses") to legitimize the transfer of personal data via international networks to locations outside the European Economic Area (EEA). When included in service agreements with data processors, the model clauses assure customers that appropriate steps have been taken to help safeguard personal data, even if data is stored in a cloud-based service center located outside the EEA. European regulators have the option to request that customers halt the use of a service that hasn't taken appropriate steps to safeguard personal data until they have evaluated the service and deemed it compliant with EU data protection and security standards.

Along with furnishing the model clause provisions, Microsoft has gone a step further than other cloud providers to include a data-processing agreement for EU customers. Some of the 27 member states have more exacting requirements than those of the EU-wide Data Protection Directive. To streamline the use of cloud-based services for customers operating under additional compliance requirements, Microsoft has included with the model clause provisions a robust data-processing agreement that was developed in view of the specifics of member-state regulations.

"Developing cloud-based productivity tools that meet the needs of European businesses means more than simply building apps in a browser," said Jean-Philippe Courtois, president, Microsoft International. "Microsoft has a more complete approach to European data protection and security laws than any other company, and we're proud of the work we've done to ensure the widest range of organizations can move to the cloud with confidence - or choose an equally functional on-premises option."

As the first major cloud-based productivity service to obtain certification under ISO/IEC 27001, a rigorous information security management benchmark, Microsoft submits to a yearly audit of its information security policy by an independent expert and shares the results with its customers. Additionally, Microsoft has developed its online services to provide physical, administrative and technical safeguards that facilitate full compliance with HIPAA requirements.

"Until recently, concerns about the security and privacy of patient data have been the most common barrier to healthcare organizations realizing the full potential of cloud-based technologies," said Michael Robinson, general manager for U.S. Health & Life Sciences at Microsoft. "Microsoft is helping remove that barrier by embedding privacy and security capabilities in Office 365 that enable health organizations to address their HIPAA compliance requirements. Today, Office 365 can help hospitals, insurers and clinics confidently empower their staff to be efficient and productive virtually anytime and almost anywhere while substantially reducing their IT operating costs."

About Office 365

Office 365 brings together Microsoft Office, Microsoft SharePoint Online, Microsoft Exchange Online and Microsoft Lync Online in an always-up-to-date cloud service. With Office 365, moving to the cloud does not require people to change the way they work because it's based on the familiar, industry-leading productivity tools people know and trust. Employees get new ways to work together with ease, on virtually any device or mobile phone,* using familiar applications such as Office that they already know and love. Business owners get the reliability, security features and IT controls they need in the cloud.

More information about Office 365 and regulatory compliance are available at Office 365 FAQs.

More Stories By John Weston

John Weston is a Cloud IT Pro Evangelist for Microsoft.http://aka.ms/syscntr During the last ten years he has spoken to thousands of IT Professionals across the country. Before joining Microsoft full time, he spent six years as an MCT, training people at a local college and getting new Microsoft hires up to speed. He holds more certifications than he can remember, but the list definitely includes MCITP, MCSE, MCDBA, MCT, and CCNA. Before becoming and MCT, Weston co-owned a software development and consulting firm that was a Microsoft Partner based in Dallas. His primary blog includes http://blogs.technet.com/b/jweston.

IoT & Smart Cities Stories
DXWorldEXPO LLC announced today that Telecom Reseller has been named "Media Sponsor" of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to great conferences, helping you discover new conferences and increase your return on investment.
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Published in Silicon Valley, Silicon India magazine is the premiere platform for CIOs to discuss their innovative enterprise solutions and allows IT vendors to learn about new solutions that can help grow their business.
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...