OneDrive is a cloud storage solution provided by Microsoft. As cloud storage is often used to store and transmit Electronic Patient Health Information, covered entities should rely on cloud storage solutions that can be used in a HIPAA-compliant manner. OneDrive can be HIPAA compliant if the organization takes the proper steps.
A business associate agreement is an essential part of making any software solution HIPAA compliant. This agreement states how the parties handle the Electronic Patient Health Information (ePHI) will adhere to HIPAA. Without a signed BAA agreement, no technology solution can be considered HIPAA compliant, but Microsoft does provide a BAA. In addition, Exchange Administrator Access Tracking can be turned on so the user can know which administrators have accessed which data.
As a result, OneDrive seems to fulfill the access control obligation quite well.
Readers should perform their own research before making the final decision. The information on the Jotform HIPAA Compliance Checker does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.