Is Sharepoint HIPAA compliant?

Yes, Sharepoint states that it is HIPAA compliant. This service uses both technical and administrative protections to comply with HIPAA regulations. Also, Microsoft will sign a Business Associate Agreement (BAA).

Sharepoint declares that it provides necessary administrative and technical features to meet HIPAA compliance. Some of these features include access control for users, audit control, logs, and encryption. Threat awareness resources make it easy to access real-time reports about information access and usage.

Sharepoint is a Microsoft service. The Microsoft website states that Sharepoint online is HIPAA compliant when paired with Office 365 Enterprise. While Microsoft ensures it meets its responsibilities as a business associate, users are responsible for configuring the platform correctly.

A variety of security add-ons are included for Office 365 Enterprise users, such as advanced threat protection, security management, advanced compliance, and threat intelligence. Licensing includes anti-malware, Windows Defender, Cloud App Security (CAS), Azure AD Identity Protection, Azure Security Center, Azure Advanced Threat Protection, and more.

If you are a HIPAA covered entity, then you must follow HIPAA regulations. For example, you must control how data is shared, used, published, and updated. Always classify sensitive data to ensure monitoring, protection, and appropriate access controls for storage and information transit.

Microsoft is willing to sign a Business Associate Agreement (BAA) for organizations that use Sharepoint for patient health information. This BAA is for Office 365 Enterprise, which also covers Sharepoint Online. Without this signed BAA, HIPAA-covered entities shouldn’t use this platform for protected health information.

If you configure and use Sharepoint correctly and obtain a BAA, then this service can be a HIPAA-compliant solution for information storage, management, and collaboration.

Product details

Company Logo

Business Associate Agreement


HIPAA Compliant


Product description

Sharepoint is a document storage and management system that integrates with Microsoft Office. This powerful system offers a range of functions and can form the basis of a CRM system.


Readers should perform their own research before making the final decision. The information on the Jotform HIPAA Compliance Checker does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.

If you see any incorrect, incomplete or inaccurate information, please request correction by filling the form below.

Request Correction