Microsoft has updated the business associate agreement for its next set of cloud services intending to help healthcare organizations comply with the Health Insurance Portability and Accountability Act.
The revised agreement covers Office 365, Dynamics CRM Online and Windows Azure Core Services and intends to help health providers coordinate services and comply with privacy rules under HIPAA’s final omnibus, Microsoft said Thursday.
HIPAA counsel at U.S.-based medical schools worked with Microsoft on the agreement, as well as other private and public organizations covered by HIPAA.
Microsoft says the new agreement intends to qualify as a business associate any organization that helps secure health information on behalf of a HIPAA-covered entity and gains access to the same data without viewing it.
Additionally, the revamped BAA covers Microsoft's reporting requirements and subcontractors who maintain protected health data to comply with HIPAA breach notification and security rules.