Microsoft says its cloud Office 365 platform now conforms to HIPAA and European Union privacy regulations.
Microsoft says it has added
compliance to the U.S. Health Insurance Portability and Accountability
and European Union data privacy regulations in its Office 365 cloud
Under the HIPAA provisions
in the 2009 Health Information Technology for Economic and Clinical Health
(HITECH) Act, companies must report data breaches within 30 days, and the cloud
version of Office 365 now features incident-reporting capabilities.
"When you have a cloud
provider like Microsoft, we basically have to run that in parallel and make
sure we can report to them any incident, so that they're made aware of it in a
reasonable amount of time," Dr. Dennis Schmuland, chief health strategy
officer at Microsoft, told eWEEK.
Schmuland was named to his current position in a reshuffling
of the company's health care IT leadership
this past summer.
As required by HIPAA, Office
365 also allows "business associates" to sign contracts specifying
how they will use health information and safeguard the data.
In addition to the U.S.
privacy guidelines, Microsoft says Office 365 now also complies with the
European Commission's Data Protection Directive, in which companies must
establish "model clause provisions" to demonstrate that they will
protect patient information.
Microsoft has drafted data processing
agreements for EU health care customers that include a more detailed data processing
agreement than the EU requires.
"We're setting the bar
for data protection to help customers meet their compliance requirements,"
The Dec. 14 Office 365 news
comes nearly a week after Redmond announced it will transfer a large part of
its health care IT business into a joint
venture with GE
. The new company will develop an interoperable platform on
which software vendors can develop clinical applications and embed Lync and
SharePoint into the new software, Schmuland said.
"This announcement is a
good example of how Microsoft is embedding health capabilities into our
existing products and platforms to expand the use and to allow more
innovation-so our commitment to health has never been greater," Schmuland
Meanwhile, Microsoft has
also launched an Office 365 Trust Center
site that includes details on privacy and security measures. The Trust Center
provides "transparency" on how Microsoft tracks health information
and specifies who has administrative access to the data.
Health care providers using
Office 365 can now spell out their logging, monitoring, archiving and incident-reporting
procedures in the cloud through Microsoft's data centers, rather than
on-premise in the client versions of Exchange, Lync, Office and SharePoint,
according to Schmuland.
"These are things
[health care organizations] would ordinarily implement on-site," he said.
"We've now implemented these in our data centers that support Office
Physician practices use
Office 365 applications such as instant messaging, document-sharing and video
conferencing to collaborate with colleagues and patients in real time.
"We think that with
Office 365, that gives these organizations a great platform to communicate and
collaborate and work together in real time to deliver the highest quality of
care and outcomes," Schmuland said.
Collaboration helps the
health care industry transition from pay for service to pay for value, or
outcomes (known as accountable care), Schmuland noted. Collaboration and
communication lead to a reduction in medical errors, according to Schmuland.
breaches in health care rising
, using collaboration tools to maintain
better accountability for protected health information will be increasing
useful, Schmuland suggested.
"We think it's timely
for a platform like this that's cloud-based to allow people to work together
and deliver better customer service," he said. "Most health
environments today-they're really using older forms of communication and
collaboration-they get paged and they have to go find a phone."