Office 365 HIPAA and Data Protection News
Last Wednesday, Microsoft’s Office 365 certified compliance for the US based Health Insurance Portability and Accountability Act (HIPAA) and the European Commission’s stringent Data Protection Directive. This is a major step in setting itself apart from the other cloud providers who have yet to find a home at more highly regulated firms.
Office 365 Data Protection Standards
Compliance with the European Data Protection Directive will allow Office 365 to legitimize the transfer of personal data via international networks to locations outside the European Economic Area (EEA). As compared to Google Apps, this sets Office 365 up to sweep the market for geographically dispersed firms.
“European regulators have the option to request that customers halt the use of a service that hasn’t taken appropriate steps to safeguard personal data until they have evaluated the service and deemed it compliant with EU data protection and security standards.” This implies that customers of Google apps could find themselves stranded in the event of a political dispute within the EU over data trafficking. Note that this can even apply to data centers which house data outside of the EEA.
Office 365 and HIPAA
The second major certification, HIPAA, opens Office 365 up to operate for hospitals and clinics. For those who know the industry, this is somewhat groundbreaking as up till now very few medical facilities have moved to the cloud for anything other than email needs. As more and more EMR products are now basing themselves out of the cloud, it suddenly has become an option for small clinics to move on from expensive hardware.