Yes, OneDrive is HIPAA compliant because Microsoft will sign a Business Associate Agreement (BAA).
OneDrive is a cloud storage solution provided by Microsoft. As cloud storage is often used to store and transmit Electronic Patient Health Information, covered entities should rely on cloud storage solutions that can become HIPAA compliant. OneDrive can be HIPAA compliant if the organization takes the proper steps.
The business associate agreement is an essential part of making any software solution HIPAA compliant. This agreement states how the parties handle the Electronic Patient Health Information (ePHI) will adhere to HIPAA. Without a signed BAA agreement, no technology solution can be considered HIPAA compliant but Microsoft provides that. In addition, Exchange Administrator Access Tracking can be turned on so the user can know which administrators have accessed which data.
As a result, OneDrive fullfills the access control obligation quite sufficently.
The business associate agreement is an essential part of making any software solution HIPAA compliant. This agreement states how the parties handle the Electronic Patient Health Information (ePHI) will adhere to HIPAA. Without a signed BAA agreement, no technology solution can be considered HIPAA compliant but Microsoft provides that. In addition, Exchange Administrator Access Tracking can be turned on so the user can know which administrators have accessed which data.
As a result, OneDrive fullfills the access control obligation quite sufficently.