A Cloud-Based Corporate Email Service Compliant With HIPAA


Healthcare IT unlike information technology in other industries has its own unique set of challenges. Any organization related to the healthcare industry such as a doctor’s office, an insurance agency, or a medical supply company that handles protected health information (PHI) is subject to strict regulatory and compliance guidelines. Even with regulations in place, many organizations are slow to adopt new technologies or upgrade their existing infrastructures to improve workflow while remaining compliant.

One major area of concern for a health IT professional is the security of an organization’s email. Email is a powerful tool that keeps companies connected, allows for the sharing of files, and provides instant communication between staff members, regardless of if they are at their desk, or out on a job. However, it is often over email that sensitive PHI data is transmitted. Due to the risk of having emails containing classified patient information hacked and exposed, it is important that health organizations adopt an email service that is both secure and compliant.

Microsoft Office 365

Microsoft Office 365 is a cloud-based work productivity solution that is compliant with HIPAA regulations. The program allows for secure access to email and work applications from both network and mobile devices, with the capabilities of having all activity monitored and audited. One major feature of Office 365 is its business-class email that is run on Exchange Online which keeps email encrypted and secure regardless of where email is accessed, on what device, and over what type of internet connection.

According to Microsoft.com:

Microsoft Office 365 complies with the HIPAA Business Associate Agreement, which memorializes the implementation of physical, technical and administrative safeguards. It meets the breach notification requirements of ARRA/HITECH, the International Organization for Standardization 27001, Federal Information Security Management Act, EU Safe Harbor, EU Model Clauses, and the Data Processing Agreement.

In addition to providing a scalable, encrypted, and HIPAA compliant email solution, Office 365 ensures the security of PHI for healthcare organizations through:

  • Physician Mobile Use

Physicians have been making the switch to laptops, tablets, and other mobile devices to improve patient care. While they may use a dedicated device within the organization, there may be a time where a doctor is needed to access patient information while not in the office. With Office 365 they can access their work data on their personal devices, with the same level of protection that is associated with devices in-house.

  • Eliminates Threat of Physical Theft

A major cause of HIPAA security breaches is the physical theft of hard drives and laptops. With the cloud-based Microsoft Office 365 – data is stored securely in the cloud, behind layers of enterprise level access controls in the Microsoft Cloud. This also can improve device performance as files are accessed from the cloud, instead of taking up valuable hard drive space if stored locally.

  • Options for Remote Data Wipe

In the event a healthcare professional’s device is lost or stolen, Microsoft Office 365 safeguards mobile data. An administrator can remotely wipe the data and lock out program access preventing unauthorized access to corporate and sensitive PHI information.

About the Author

Nick Underwood

Nick Underwood has over 15 years of experience supporting IT infrastructures for businesses across a broad range of industries.


    Get Your Project Started With a Free Consultation

    Get a Free Consultation