Is OneDrive HIPAA compliant?

OneDrive is a cloud storage solution provided by Microsoft. As cloud storage is often used to store and transmit Electronic Patient Health Information, covered entities should rely on cloud storage solutions that can be used in a HIPAA-compliant manner. OneDrive can be HIPAA compliant if the organization takes the proper steps.

A business associate agreement is an essential part of making any software solution HIPAA compliant. This agreement states how the parties handle the Electronic Patient Health Information (ePHI) will adhere to HIPAA. Without a signed BAA agreement, no technology solution can be considered HIPAA compliant, but Microsoft does provide a BAA. In addition, Exchange Administrator Access Tracking can be turned on so the user can know which administrators have accessed which data.

As a result, OneDrive seems to fulfill the access control obligation quite well.

Reference link for OneDrive:

https://www.microsoft.com/en-us/microsoft-365/blog/wp-content/uploads/sites/2/2019/04/HIPAA-Compliance-Microsoft-Office-365-and-Microsoft-Teams.pdf

BAA for OneDrive:

https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=52&Language=1

Product details

Company Logo

Website

https://www.microsoft.com/en-us/microsoft-365/onedrive/online-cloud-storage

Product description

OneDrive is a cloud storage service offered by Microsoft. It allows users to store files in the cloud and access them from anywhere in an instant.

This web page was updated on September 28, 2022.

Disclaimer:

Readers should perform their own research before making the final decision. The information on the Jotform HIPAA Compliance Checker does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.