HIPAA Compliance and Yammer

by | Feb 21, 2018

Yammer is a freemium enterprise social networking platform used for private communication and collaboration within organizations since 2008. After a bedding in period Microsoft purchased the company in 2012. It has grown in popularity since then to the extent that it is used by the majority of Fortune 500 companies.

The service allows company staff to communicate with each other, collaborate on projects, share information and address inquiries from colleagues. It has often been referred to as ‘Twitter for companies’ due to its many similarities to that social media platform.

However, Yammer is unique as all communications are private and are not published publicly. The platform can be restricted for use on internal communications only and as a collaboration tool, although it can be used as a tool to communicate with business associates and clients. Via the Yammer platform, users can interact chat and share documents, photos and other data.

As of January 1, 2016, Yammer has been included in the Office 365 Trust Center and is incorporated in the Microsoft Office 365 enterprise business associate agreement.

Since buying Yammer, Microsoft strengthened auditing and reporting capabilities. Detailed activity logs are produced, allowing admins full visibility into how the platform is being operated. Using those logs, administrators can audit users, groups, files, admins, network infrastructure settings and view all activities on the platform. The logs adhere with the HIPAA security standard for audit controls.

The HIPAA security standard for access controls is also adhered to. Subscribers get their own accounts and are logged in through their existing group credentials. Access is only granted with a valid company email log in.

All data on the move into and out of the production network is encrypted, as is data stationary. Microsoft employs AES 256-bit key encryption to allow data security.

The platform was formulated as multitenant, so a group’s information is logically keep apart from other companies using the platform and is kept private.

Yammer can be deemed as HIPAA compliant due to the fact that Microsoft has incorporated all the necessary controls, but HIPAA compliance is dependent on the group and its end users. Provided dangers are identified and mitigated and healthcare organizations enter into a business associate agreement with Microsoft that includes Yammer – before the service is being operated in connection with any ePHI – Yammer can be thought of as a HIPAA compliant collaboration utility.

The platform must also be set up properly, policies need to be formulated covering the use of the platform, and staff will need to be shown the relevant information on Yammer and HIPAA regulations.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy