Bitlocker has stated that it enables HIPAA compliance for data at rest. Full compliance requires integrating with a cloud service (such as Azure).
Bitlocker enables HIPAA compliance for data at rest by using the XTS-AES algorithm for data encryption on Windows systems, offering customers both AES 128-bit and 256-bit key lengths. The highest level of protection is available when this encryption is paired with a Trusted Platform Module (TPM) version 1.2 or later.
Since Bitlocker integrates with the Microsoft Windows operating system, covered entities should use additional security precautions if cloud storage is involved. Another benefit of using Bitlocker for HIPAA compliance is the data protection feature that addresses data theft risks, including exposure from computers that are stolen, lost, or inappropriately decommissioned.
Compliance depends on several criteria, such as integrating Azure cloud service and having volume licensing.
