Welcome!

Microsoft Cloud Authors: Nick Basinger, Kevin Benedict, Pat Romanski, Liz McMillan, Lori MacVittie

Related Topics: Microsoft Cloud

Microsoft Cloud: Blog Post

Office 365 and HIPAA

Microsoft made an announcement back in December about HIPAA and Office 365

Lately I have been doing a lot of Demo's of Office 365. I am always amazed at how many questions I get on Office 365. Usually one of those questions is about HIPAA. Well this announcement came out right before the holidays and I think most people missed it.

http://www.microsoft.com/Presspass/press/2011/dec11/12-14O365CloudPR.mspx?rss_fdn=Press%20Releases

REDMOND, Wash. - Dec. 14, 2011 - Microsoft Corp. today announced that Microsoft Office 365, the company's next-generation cloud productivity service, is the first and only major cloud-based platform to offer leading information privacy and security standards for customers operating in the European Union and United States. As part of its contractual commitment to customers, Microsoft will now sign the EU's model clauses, which will help customers certify compliance with the European Commission's stringent Data Protection Directive, and the U.S.-mandated Health Insurance Portability and Accountability Act (HIPAA).

Microsoft also announced the availability of the Office 365 Trust Center. The site provides in-depth information about the privacy and security practices for Office 365 and was recently redesigned to be more accessible and easy to understand. The new site can be accessed at http://trust.office365.com.

Compliance Updates

In February 2010, the EU released these standard contractual clauses (commonly referred to as "model clauses") to legitimize the transfer of personal data via international networks to locations outside the European Economic Area (EEA). When included in service agreements with data processors, the model clauses assure customers that appropriate steps have been taken to help safeguard personal data, even if data is stored in a cloud-based service center located outside the EEA. European regulators have the option to request that customers halt the use of a service that hasn't taken appropriate steps to safeguard personal data until they have evaluated the service and deemed it compliant with EU data protection and security standards.

Along with furnishing the model clause provisions, Microsoft has gone a step further than other cloud providers to include a data-processing agreement for EU customers. Some of the 27 member states have more exacting requirements than those of the EU-wide Data Protection Directive. To streamline the use of cloud-based services for customers operating under additional compliance requirements, Microsoft has included with the model clause provisions a robust data-processing agreement that was developed in view of the specifics of member-state regulations.

"Developing cloud-based productivity tools that meet the needs of European businesses means more than simply building apps in a browser," said Jean-Philippe Courtois, president, Microsoft International. "Microsoft has a more complete approach to European data protection and security laws than any other company, and we're proud of the work we've done to ensure the widest range of organizations can move to the cloud with confidence - or choose an equally functional on-premises option."

As the first major cloud-based productivity service to obtain certification under ISO/IEC 27001, a rigorous information security management benchmark, Microsoft submits to a yearly audit of its information security policy by an independent expert and shares the results with its customers. Additionally, Microsoft has developed its online services to provide physical, administrative and technical safeguards that facilitate full compliance with HIPAA requirements.

"Until recently, concerns about the security and privacy of patient data have been the most common barrier to healthcare organizations realizing the full potential of cloud-based technologies," said Michael Robinson, general manager for U.S. Health & Life Sciences at Microsoft. "Microsoft is helping remove that barrier by embedding privacy and security capabilities in Office 365 that enable health organizations to address their HIPAA compliance requirements. Today, Office 365 can help hospitals, insurers and clinics confidently empower their staff to be efficient and productive virtually anytime and almost anywhere while substantially reducing their IT operating costs."

About Office 365

Office 365 brings together Microsoft Office, Microsoft SharePoint Online, Microsoft Exchange Online and Microsoft Lync Online in an always-up-to-date cloud service. With Office 365, moving to the cloud does not require people to change the way they work because it's based on the familiar, industry-leading productivity tools people know and trust. Employees get new ways to work together with ease, on virtually any device or mobile phone,* using familiar applications such as Office that they already know and love. Business owners get the reliability, security features and IT controls they need in the cloud.

More information about Office 365 and regulatory compliance are available at Office 365 FAQs.

More Stories By John Weston

John Weston is a Cloud IT Pro Evangelist for Microsoft.http://aka.ms/syscntr During the last ten years he has spoken to thousands of IT Professionals across the country. Before joining Microsoft full time, he spent six years as an MCT, training people at a local college and getting new Microsoft hires up to speed. He holds more certifications than he can remember, but the list definitely includes MCITP, MCSE, MCDBA, MCT, and CCNA. Before becoming and MCT, Weston co-owned a software development and consulting firm that was a Microsoft Partner based in Dallas. His primary blog includes http://blogs.technet.com/b/jweston.

IoT & Smart Cities Stories
Early Bird Registration Discount Expires on August 31, 2018 Conference Registration Link ▸ HERE. Pick from all 200 sessions in all 10 tracks, plus 22 Keynotes & General Sessions! Lunch is served two days. EXPIRES AUGUST 31, 2018. Ticket prices: ($1,295-Aug 31) ($1,495-Oct 31) ($1,995-Nov 12) ($2,500-Walk-in)
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by ...
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed...