Outlook can be HIPAA compliant, but currently only if it’s part of one of the paid Enterprise versions of Office 365. Microsoft provides a Business Associate Agreement (BAA) for the Enterprise version of Office 365.
The free email platform offered by Microsoft, Outlook.com, does not appear to have been built to handle ePHI securely or to be HIPAA compliant. However, Outlook can be used as a HIPAA-compliant service with a paid Office 365 subscription and additional client-side encryption.
For HIPAA compliance, users must be on one of the following plans: Office 365 Business Premium, Office 365 Business Essentials, Office 365 ProPlus, Office 365 Enterprise E1, Office 365 Enterprise E2, or Office 365 Enterprise E3.
Microsoft Outlook is an email service provider used to send and receive emails and manage personal information, notes, and calendar appointments.
Readers should perform their own research before making the final decision. The information on the Jotform HIPAA Compliance Checker does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.