Top HIPAA Compliance Rating for Microsoft Office 365

by | Apr 9, 2015

Microsoft Office 365 cloud services for the healthcare industry has been awarded the highest possible HITRUST CSF rating – achieving a maximum score of five – in a certification review of its security and privacy controls begun by Centura Health.

The Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) is a scalable, prescriptive and certifiable framework developed for healthcare organizations. It was designed with the target of speeding up the process of vetting organizations and reviewing multiple certification standards as part of a programme to move data to the cloud.

The CSF incorporates an assessment and certification process that simplifies the management of multiple standards – HIPAA, HITECH, PCI, COBIT, NIST and FTC – and assesses the degree of “maturity” an organization or potential Business Associate has for particular security requirements.

The HITRUST CSF was formulated based on the Program Review for Information Security Management Assistance (PRISMA) – the National Institute of Standards and Technology’s Computer Security Division’s NISTIR 7358 standard. As is the case with NISTIR 7358, an organization must demonstrate five levels of maturity for each specific security requirement under examination. By using the assessment healthcare providers can quicken the process of monitoring and selection BAs for compliance with industry regulations.

Many healthcare organizations have alreadyimplemented the HITRUST CSF including Health Care Service Corporation, Anthem Inc., Hospital Corporation of America, Highmark Inc., IMS Health, UnitedHealth Group, Blue Cross Blue Shield of Massachusetts and Centura Health. These healthcare providers and insurers use the reports produced by certified HITRUST assessors to help them make a decision on which BAAs to use and to ensure continued compliance in the cloud.

The top security rating awarded to Microsoft Office 365 was one of the main reasons why Centura choose to use the company and its cloud services to serve its 15 hospitals and 18,000 staff.

According to a statement issued by Centura Health’ Director of Data Security, Kris Kistler, “For Centura Health, it is important that our business partners are securing our information to the same standards that we adhere to,” He went on to say “We believe that the HITRUST Common Security Framework (CSF) is the most comprehensive security framework available.”

This achievement portrays that Microsoft is committed to putting in place the strict security standards required by HIPAA and other regulations and is further proof that the company is using HIPAA Security Rules as a minimum standard.

This is not the only standard the company has been awarded achieved. Microsoft was one of the first providers of cloud services to offer HIPAA-covered entities(CE) a HIPAA Business Associate Agreement (BAA), which it co-developed with the healthcare industry to ensure full adherence with industry regulations.

It was also the first provider of cloud services to meet the requirements for the world’s first international standard for cloud privacy known as ISO 27018. ISO 27018 was developed by the International Organization for Standardizationwith the intention of formulating a more uniform approach to protecting privacy for personal data stored in the cloud.

Microsoft is certainly showing that it is dedicated to protecting data and ensuring it remains private and confidential, while allowing healthcare organizations to streamline their services and improve productivity by transferring data to the cloud.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy