Does OneDrive enable HIPAA compliance?

As the world becomes more digital, organizations are moving away from traditional data storage methods and toward their digital counterparts. This leads to increased efficiency and easier information transfer, and it saves time. But moving from paper files to digital storage can be a huge hassle.

One of the biggest challenges is complying with the mountains of legal requirements for handling patient information. HIPAA requirements are strict in order to protect both your organization and your patients’ privacy. Let’s consider one popular digital storage solution: OneDrive. Does OneDrive enable HIPAA compliance?

OneDrive can be used in a HIPAA-friendly way if the organization takes the proper steps. Microsoft breaks down the process for HIPAA compliance into four main steps:

Evaluate the proposed solution.
Enter a business associate agreement.
Use access control for better security.
Establish procedures for HIPAA compliance.

Let’s review what each of these means and how they’ll help you use OneDrive and stay HIPAA-friendly.

Evaluate whether OneDrive is the right solution for you

Choosing the right technology solution is about more than just selecting a major player. It’s crucial to consider your organization’s technology needs. For example, does your organization need only a HIPAA cloud storage solution, or does it also need forms that can be used for data that is covered by HIPAA? The right solution will largely depend on the problem you’re trying to solve for your organization.

Other considerations include security and privacy practices as well as usability. Does OneDrive help you with compliance when used alongside your current technology? Do your employees know how to use it? You can resolve some concerns with additional training, while others may mean that the solution is incompatible with your systems.

If the software solution you’ve evaluated is compatible with your organization’s needs, you can move on to the next step, the business associate agreement (BAA).

Review the business associate agreement

A business associate agreement can be an essential part of achieving HIPAA compliance when using software solutions. This agreement states how the parties handling the electronic protected health information (ePHI) will adhere to HIPAA.

How does this protect your organization? The BAA legally obligates both parties to handle ePHI in a compliant manner. This avoids mishaps that could open you up to patient complaints or worse, a lawsuit.

Use access control to keep information from falling into the wrong hands

When there’s a physical risk in your workplace, like a trip hazard, would you prefer to put up a warning sign or simply eliminate the hazard? Completely eliminating the hazard will provide the highest degree of safety. Similarly, when ensuring your team wants to act in a HIPAA-friendly manner, the simplest solution is to eliminate unnecessary risk. This can be partially achieved with access control.

You can control access by instituting physical or digital constraints on the information people can access. Does a nurse need access to patients in every department? Restricting access by dep artment, provider, or another factor eliminates risk. Setting up access control on your software can help.

Microsoft’s HIPAA-implementation guidance instructions list the following requirements:

Turn on Exchange Administrator Access Tracking so you’ll know when your administrators have accessed user accounts.
Turn off Microsoft Dynamics CRM Online for supported devices.
Periodically request and review access control reports for data repositories where you store ePHI training.
- Administrator training: Train your administrators not to put ePHI in an address book, directory, or global address list, nor to provide or allow access to ePHI during support services or troubleshooting with Microsoft.
- User training: Train your users not to put ePHI in email headers, filenames, or public SharePoint sites. Make sure users understand not to email ePHI to individuals who don’t have the right to view that ePHI.

These requirements are specific to Microsoft’s products. You’ll have to do your homework if you’re planning to use a different solution. While these safeguards are a great start, staying HIPAA-friendly requires total team support. If you don’t have the right access controls and security processes in place, no software can make you compliant.

Establish procedures to stay HIPAA-friendly

Microsoft recommends that you put procedures in place to manage access control and deal with personnel changes.

With access control, you can review who is modifying user accounts and passwords or adding themselves to shared resources. This will help you manage risk and prevent potential security breaches.

It’s also critical that you have procedures in place for staff changes. When someone leaves your organization, you should remove any access they have to PHI. You’ll also need to update Microsoft with your HIPAA administrative contact at MSOHIPAA@microsoft.com.

By evaluating the software solution, considering a BAA, restricting access, and establishing proper security procedures, you’ll ensure your organization is ready to use OneDrive in a compliant manner.

Was this article helpful?

Yes

We're sorry to hear that. What problem did you have with the article?

How can we improve this article?

What did you like best about this article?

AUTHOR

Jotform Editorial Team

Jotform's Editorial Team is a group of dedicated professionals committed to providing valuable insights and practical tips to Jotform blog readers. Our team's expertise spans a wide range of topics, from industry-specific subjects like managing summer camps and educational institutions to essential skills in surveys, data collection methods, and document management. We also provide curated recommendations on the best software tools and resources to help streamline your workflow.

RECOMMENDED ARTICLES

What Is HIPAA Compliance?

5 best patient management software tools

15 best video conferencing tools that help with HIPAA compliance

The best patient communication software

7 ways to increase patient satisfaction

Does sending patient information via text violate HIPAA?

Webinar: 3 ways to digitally transform your healthcare practice

Improving the patient experience

Top 5 intakeQ alternatives for 2025

Does Dropbox enable HIPAA compliance?

The Patience of Patients: Doctor’s Office Waiting Room Survey

What is doctor-patient confidentiality and how will it affect your practice?

How to facilitate a group therapy session online

SimplePractice: Plans, pricing, and alternatives

Best medical spa software

Mark Your Calendars: Jotform for Healthcare Providers Webinar

File sharing services that help with HIPAA compliance

EMR vs EHR: What’s the difference?

Does Square enable HIPAA compliance?

Use the best fax services that help with HIPAA compliance

How can you prevent medical identity theft

How to collect patient-reported outcomes with online forms

How Dr. Miami uses Jotform to collect patient information

The 9 best software products that help with HIPAA compliance

4 best chiropractic software programs

What is an eCRF in clinical trials?

3 best VoIP providers that can help you with HIPAA compliance

Top 7 Power Diary alternatives in 2025

Set up contactless COVID-19 screening in two simple steps

Announcing the new Jotform Health app

How to improve your patient intake process in 3 steps

How to do a head to toe assessment

What are the pros and cons of electronic health records?

How to improve your hospital’s HCAHPS scores

HIPAA vs FERPA: The difference between two acts

What are HCAHPS survey questions?

How to make things easier for your intake coordinator

How to do contact tracing with online forms

An overview of ClinicSense’s pricing, features and more

The 5 most common HIPAA-compliance mistakes and how to overcome them

The insider threat to HIPAA compliance: Data breach

How to take patient history with online forms

How to maintain HIPAA compliance in a remote work environment

Using a limited data set under HIPAA for research

What makes e-signatures HIPAA-friendly?

How to organize your vaccine distribution with Jotform

What is an encounter form?

How to improve patient outreach

Healthcare white paper: Online forms

How to get physician referrals to your medical practice

How Jotform helped a clinic cut patient processing time by 80%

10 Caspio alternatives in 2025

Healthie vs Practice Better for practice management

CareCloud vs Athenahealth: Refreshing your medical software stack

How can HIPAA waivers help your medical institution?

SimplePractice vs TheraNest: A side-by-side comparison

Accepting a COVID-19 self-declaration without contact

Does Zoom enable HIPAA compliance?

How to create an intake form in Word

Why data collection is so important in healthcare

How does HIPAA fit into medical ethics?

The 10 best cloud storage solutions that help with HIPAA compliance

Which states used Jotform to screen for COVID-19 symptoms?

AdvancedMD vs CareCloud

Book Like a Boss vs Acuity: Which is best?

Why it’s important to collect patient demographics

How the health industry is using Jotform and Zoom to help patients

How to evaluate HCAHPS surveys with star ratings

How to reduce paperwork for doctors

Streamline data collection with healthcare online forms

HIPAA compliance rules for pharmacies

How much does Updox cost? Pricing and alternatives for 2025

How to improve patient screening

Mobile apps that help with HIPAA compliance

TherapyNotes vs SimplePractice: A practitioner weighs in

How to become a holistic health coach

TherapyNotes vs TheraNest

Best HIPAA-friendly survey tool: Jotform

Best CRM software tools that help with HIPAA compliance

Jotform is your online forms solution that enables HIPAA compliance

Announcing free unlimited HIPAA accounts for coronavirus responders

Best text messaging and chat apps that enable HIPAA compliance

How is HIPAA applied to electronic health records (EHR)?

Firewalls that help with HIPAA compliance for medical services

Top 5 medical survey portals to earn extra money

What is protected health information (PHI)?

4 ways of protecting patient privacy

Healthie: A comprehensive review of pricing and features

How does CAHPS help medical institutions improve?

How to conduct an online health assessment

What is personally identifiable information (PII) under HIPAA?

5 data-collection tools for healthcare organizations

10 best healthcare compliance software solutions

6 best hosting services to enable HIPAA compliance for 2025

Lighthouse 360 vs Solutionreach

What is HCAHPS, and why does it matter?

12 examples of unintentional HIPAA violations

What are the main types of HIPAA-friendly forms?

How to conduct a HIPAA risk assessment

HIPAA forms for WordPress: A primer

Send Comment:

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Be the first to comment.