OneDrive is a cloud storage solution provided by Microsoft. As cloud storage is often used to store and transmit electronic patient health information, covered entities should rely on cloud storage solutions that can be used in a HIPAA-compliant manner. OneDrive can enable HIPAA compliance if the organization takes the proper steps.
A business associate agreement is an essential part of making any software solution compatible with HIPAA. This agreement states how the parties handling the electronic patient health information (ePHI) will adhere to HIPAA. Without a signed BAA agreement, no technology solution can be considered HIPAA friendly, but Microsoft does provide a BAA. In addition, Exchange Administrator Access Tracking can be turned on so the user can know which administrators have accessed which data.
As a result, OneDrive seems to fulfill the access control obligation quite well.
