Healthy EU And US Data Protection For Microsoft Office 365

Microsoft says its Office 365 cloud platform now conforms to European Union and HIPAA privacy regulations

Microsoft says it has added compliance to European Union data privacy regulations and the US Health Insurance Portability and Accountability Act (HIPAA) in its Office 365 cloud office-productivity platform.

Microsoft says Office 365 now also complies with the European Commission’s Data Protection Directive, in which companies must establish “model clause provisions” to demonstrate they will protect patient information.

Compliance plus

Microsoft has drafted data processing agreements for EU health care customers and claims that these include a more detailed data processing agreement than the EU requires.

“We’re setting the bar for data protection to help customers meet their compliance requirements,” Schmuland said.

In the US, the HIPAA provisions in the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, companies must report data breaches within 30 days, and the cloud version of Office 365 now features incident-reporting capabilities.

“When you have a cloud provider like Microsoft, we basically have to run that in parallel and make sure we can report to them any incident, so that they’re made aware of it in a reasonable amount of time,” Dr Dennis Schmuland, chief health strategy officer at Microsoft, told eWEEK. Schmuland was moved to his current position in a reshuffling of the company’s health care IT leadership this past summer.

As required by HIPAA, Office 365 also allows “business associates” to sign contracts specifying how they will use health information and safeguard the data.

The Office 365 news comes nearly a week after Redmond announced it will transfer a large part of its health care IT business into a joint venture with GE. The new company will develop an interoperable platform on which software vendors can develop clinical applications and embed Lync and SharePoint into the new software, Schmuland said.

“This announcement is a good example of how Microsoft is embedding health capabilities into our existing products and platforms to expand the use and to allow more innovation – so our commitment to health has never been greater,” Schmuland said.

Trust transparency

Microsoft has also launched an Office 365 Trust Center site that includes details on privacy and security measures. The Trust Center provides “transparency” on how Microsoft tracks health information and specifies who has administrative access to the data.

Health care providers using Office 365 can now spell out their logging, monitoring, archiving and incident-reporting procedures in the cloud through Microsoft’s datacentres, rather than on-premise in the client versions of Exchange, Lync, Office and SharePoint, according to Schmuland.

“These are things [health care organisations] would ordinarily implement on-site,” he said. “We’ve now implemented these in our data centres that support Office 365.”

Physician practices use Office 365 applications such as instant messaging, document-sharing and video conferencing to collaborate with colleagues and patients in real time.

“We think that with Office 365, that gives these organisations a great platform to communicate and collaborate and work together in real time to deliver the highest quality of care and outcomes,” Schmuland said.

Collaboration helps the health care industry transition from pay for service to pay for value, or outcomes (known as accountable care), Schmuland noted. Collaboration and communication lead to a reduction in medical errors, according to Schmuland.

With data breaches in health care rising, using collaboration tools to maintain better accountability for protected health information will be increasing useful, Schmuland suggested.

“We think it’s timely for a platform like this that’s cloud-based to allow people to work together and deliver better customer service,” he said. “Most health environments today – they’re really using older forms of communication and collaboration – they get paged and they have to go find a phone.”