Healthcare // Analytics
News
1/9/2013
08:33 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

HIPAA 101: Universities Use Office 365 To Meet Regs

Federal healthcare privacy requirements don't apply only to medical institutions -- schools that maintain student health records must also comply with HIPAA law.

Windows 8: 8 Big Benefits For SMBs
Windows 8: 8 Big Benefits For SMBs
(click image for larger view and for slideshow)
While the Health Insurance Portability and Accountability Act (HIPAA) generally applies to healthcare providers and related organizations, the act also imposes requirements on any institution that maintains health records on individuals, including schools. To meet those requirements when it comes to their cloud systems, a number of top universities have opted for Office 365, which Microsoft says can be HIPAA-compliant.

"Although the federal HIPAA law in large part applies to health organizations that need to protect patient data, education institutions must also adhere to the same HIPAA regulations if school data systems store students' records that include protected health information," Microsoft said.

Microsoft recently worked with several major universities, including Duke, Emory and Thomas Jefferson, as well as the universities of Iowa and Washington, to develop a business associate agreement (BAA) for implementing Office 365 in a manner that's compliant with the HIPAA. The BAA puts in writing the physical, administrative and technical safeguards that will be used to protect data governed by HIPAA within the Office 365 environment.

[ As Microsoft enters a new year filled with challenges, lets look back at how it did last year. Read Microsoft's Big Hits And Misses Of 2012. ]

That's a must for educational institutions that maintain student health records, and for those that operate medical schools and on-campus healthcare facilities.

"A robust, reliable and secure email system is vital to the daily operations of the university and health system," said Duke University CIO Tracy Futhey in a statement. "Moving to the Microsoft cloud environment will enable us to achieve greater efficiency and ensure that our users will have the level of protection necessary to keep Duke's data private, including guaranteeing that our data servers would stay in the U.S."

Among the institutions that helped craft the Office 365 BAA agreement with Microsoft was Thomas Jefferson University and its Medical College, where the full-time faculty and staff of 5,300 includes 900 practicing clinicians. Thomas Jefferson CIO Doug Henrick said Microsoft's willingness to jointly develop a BAA, and the fact that it guaranteed to maintain all student data within the U.S., gave it the edge over Google when it came to choosing a cloud-based email and collaboration platform.

"A key deciding factor for TJU was that Office 365 helps enable us to be HIPAA compliant. With Google, we would have never have known where our intellectual property and records were stored," said Henrick in a statement. "Microsoft had the willingness to understand our business and be transparent about how it handles security and privacy."

Microsoft officials said the universities' efforts show that HIPAA requirements extend well beyond the healthcare industry.

"U.S. healthcare information spans numerous industries and agencies. This makes it essential that we work with healthcare providers and our customers to protect healthcare consumers' and students' data, and it starts with making sure our products are built from the ground up with privacy by design," said Cameron Evans, chief technology officer for Microsoft Education.

Microsoft recently unveiled pricing and special offers for a version of Office 365 suite that's aimed at college and university students.

Higher education students can subscribe to Office 365 University, which rolls out in the first quarter, for a four-year subscription priced at $79.99. That, as Microsoft points out, works out to $1.67 per month. Students who enter graduate programs, or just take longer than planned to complete a four-year degree, can renew for an additional four years at the same price.

Documents created or saved in Office 365 University are automatically saved to Microsoft's SkyDrive storage service. The price includes 27 GB of storage. It also allows users to install Office University 365 on up to two devices. It can also be streamed to other devices when users are away from their own PC.

Office 365 University includes access to online versions of Word, PowerPoint, OneNote, Outlook, Publisher and Access. Students who purchase Office University 2010 for Windows, or Office University 2011 for Mac, both of which are priced at $100, get access to Office University 365 for free. The pricing structure mirrors that of the consumer version of Office, which also offers free cloud apps when purchased.

Office 365 University is available to higher-education students, faculty, and staff. After purchasing, buyers must verify their academic credentials online. Those purchasing the software from a Microsoft store can verify before buying.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Apprentice
1/21/2013 | 2:52:22 AM
re: HIPAA 101: Universities Use Office 365 To Meet Regs
Why wouldnGÇÖt they just implement these new regulations in the health departments of the Universities? Is all the studentGÇÖs information stored under the same file and need to be protected along with the rest of the data in their file? I do like Office 365 it is a very useful product and is well paired to help regulate these standards. I will say that this is no surprise considering MicrosoftGÇÖs major contributions to Universities with MSDNAA for students, by providing all sorts of free software to students ranging from operating systems to an variety of developer tools.

Paul Sprague
InformationWeek Contributor
Big Love for Big Data? The Remedy for Healthcare Quality Improvements
Big Love for Big Data? The Remedy for Healthcare Quality Improvements
Healthcare data is nothing new, but yet, why do healthcare improvements from quantifiable data seem almost rare today? Healthcare administrators have a wealth of data accessible to them but aren't sure how much of that data is usable or even correct.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government, May 2014
NIST's cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work?
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.