Is Bitlocker HIPAA compliant?

George Davidson
Oct 30, 2020

Yes, Bitlocker is HIPAA compliant for data at rest. Full compliance requires integrating with a cloud service (such as Azure) and purchasing volume licensing so Microsoft will sign a BAA.

Bitlocker is HIPAA compliant for data at rest. This service uses the XTS-AES algorithm for data encryption on Windows systems, offering customers both AES 128-bit and 256-bit key lengths. The highest level of protection is available when this encryption is paired with a Trusted Platform Module (TPM) version 1.2 or later.
Since Bitlocker integrates with the Microsoft Windows operating system, covered entities should use additional security precautions if cloud storage is involved. Another benefit of using Bitlocker for HIPAA compliance is the data protection feature that addresses data theft risks, including exposure from computers that are stolen, lost, or inappropriately decommissioned.
Compliance depends on several criteria, such as integrating Azure cloud service and having volume licensing. Microsoft will sign a BAA as a contract addendum with customers who have a Volume Licensing/Enterprise Agreement.

Product details

Company Logo

Business Associate Agreement

Yes

HIPAA Compliant

Yes

Categories

Encryption

Product description

Bitlocker offers full encryption for devices running on Microsoft Windows. Integrating Bitlocker Drive Encryption with the operating system provides security features that reduce the risk of data loss.

Disclaimer:

Readers should perform their own research before making the final decision. The information on the JotForm HIPAA Compliance Checker does not constitute official healthcare or legal advice. JotForm is not liable for any damage or liabilities arising out of or connected in any manner with this platform.

If you see any incorrect, incomplete or inaccurate information, please request correction by filling the form below.

Request Correction