fbpx
Blog December 1, 2016

HIPAA Compliant Azure Hosting and the Business Associate Agreement

All healthcare organizations in the U.S., or any organization that has access to protected healthcare information (PHI), must adhere to the guidelines of both the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH). It’s important to employ the best practices since HIPAA requirements are vague and some can be overlooked.

In many cases, for a healthcare company to use a service like Microsoft Azure, their service provider must provide a written agreement called a Business Associate Agreement (BAA) to adhere to certain security requirements set out in HIPAA and the HITECH Act. Azure does include features to help enable your privacy and security compliance, but you are ultimately responsible for ensuring that your Azure environment complies with HIPAA and other regulations.

When considering placing PHI in Azure, it’s important to know that Azure is certified according to physical, technical, and administrative safeguards that make up HIPAA. It provides a compliant foundation for healthcare industry organizations, but it’s your responsibility to sign a BAA with your service provider outlining these services. The BAA ensures that your organization will leverage Azure services while adhering to HIPAA compliance.

Connectria provides a BAA to all customers, especially those with a HIPAA Compliant Hosting plan. For instance, ePreop, a Connectria customer since 2009, decided to move their HIPAA compliant platform to Azure. They chose to move to Azure because of its scalability and their global data center footprints. As a software company whose Software as a Service (SaaS) platform assists in care coordination of surgical patients, they had to ensure that their Azure environment remained HIPAA compliant.

After evaluating the benefits of Microsoft Azure, including integration, credibility and customization, ePreop decided to sign a BAA with Connectria for our HIPAA compliant services on Azure. The BAA will ensure our services and benefit the company with reduced time, cost and risk, audited security controls and processes, SaaS support, and a dedicated compliance team.

If you have any questions regarding HIPAA compliance, Microsoft Azure, or any of Connectria’s services and solutions, please contact us.

Related Resources

 
Protect Your Clients, Their Customers, AND Yourself with Regulation Compliant Hosting
For many businesses, compliance is an essential component of what you do and how you protect your customers. Whether you’re in the healthcare sector, financial…
 
Who Does HIPAA Protect? And What Does This Mean for Your IT Team?
Many experts are eager to point out the what and the how of HIPAA compliance: What protected health information (PHI) is included, how it needs…
 
Small Businesses & PCI – What You Need to Know
Running a business in today’s digital-laden and data-driven world requires compliance with various federal regulations. Depending on the industry and the type of data that…