Is Outlook HIPAA compliant?

Yes, Outlook can be HIPAA compliant, but only if it’s part of one of the paid Enterprise versions of Office 365. Microsoft provides a Business Associate Agreement (BAA) for the Enterprise version of Office 365.

The free email platform offered by Microsoft,, isn’t built to handle ePHI securely and isn’t HIPAA compliant. However, Outlook can be used as a HIPAA-compliant service with a paid Office 365 subscription and additional client-side encryption. For HIPAA compliance, users must be on one of the following plans: Office 365 Business Premium, Office 365 Business Essentials, Office 365 ProPlus, Office 365 Enterprise E1, Office 365 Enterprise E2, or Office 365 Enterprise E3.

Product details

Company Logo

Business Associate Agreement


HIPAA Compliant



Email Services

Product description

Microsoft Outlook is an email service provider used to send and receive emails and manage personal information, notes, and calendar appointments.


Readers should perform their own research before making the final decision. The information on the Jotform HIPAA Compliance Checker does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.

If you see any incorrect, incomplete or inaccurate information, please request correction by filling the form below.

Request Correction