HIPAA 101: Universities Use Office 365 To Meet Regs
Federal healthcare privacy requirements don't apply only to medical institutions -- schools that maintain student health records must also comply with HIPAA law.
Windows 8: 8 Big Benefits For SMBs
(click image for larger view and for slideshow)
While the Health Insurance Portability and Accountability Act (HIPAA) generally applies to healthcare providers and related organizations, the act also imposes requirements on any institution that maintains health records on individuals, including schools. To meet those requirements when it comes to their cloud systems, a number of top universities have opted for Office 365, which Microsoft says can be HIPAA-compliant.
"Although the federal HIPAA law in large part applies to health organizations that need to protect patient data, education institutions must also adhere to the same HIPAA regulations if school data systems store students' records that include protected health information," Microsoft said.
Microsoft recently worked with several major universities, including Duke, Emory and Thomas Jefferson, as well as the universities of Iowa and Washington, to develop a business associate agreement (BAA) for implementing Office 365 in a manner that's compliant with the HIPAA. The BAA puts in writing the physical, administrative and technical safeguards that will be used to protect data governed by HIPAA within the Office 365 environment.
That's a must for educational institutions that maintain student health records, and for those that operate medical schools and on-campus healthcare facilities.
"A robust, reliable and secure email system is vital to the daily operations of the university and health system," said Duke University CIO Tracy Futhey in a statement. "Moving to the Microsoft cloud environment will enable us to achieve greater efficiency and ensure that our users will have the level of protection necessary to keep Duke's data private, including guaranteeing that our data servers would stay in the U.S."
Among the institutions that helped craft the Office 365 BAA agreement with Microsoft was Thomas Jefferson University and its Medical College, where the full-time faculty and staff of 5,300 includes 900 practicing clinicians. Thomas Jefferson CIO Doug Henrick said Microsoft's willingness to jointly develop a BAA, and the fact that it guaranteed to maintain all student data within the U.S., gave it the edge over Google when it came to choosing a cloud-based email and collaboration platform.
"A key deciding factor for TJU was that Office 365 helps enable us to be HIPAA compliant. With Google, we would have never have known where our intellectual property and records were stored," said Henrick in a statement. "Microsoft had the willingness to understand our business and be transparent about how it handles security and privacy."
Microsoft officials said the universities' efforts show that HIPAA requirements extend well beyond the healthcare industry.
"U.S. healthcare information spans numerous industries and agencies. This makes it essential that we work with healthcare providers and our customers to protect healthcare consumers' and students' data, and it starts with making sure our products are built from the ground up with privacy by design," said Cameron Evans, chief technology officer for Microsoft Education.
Microsoft recently unveiled pricing and special offers for a version of Office 365 suite that's aimed at college and university students.
Higher education students can subscribe to Office 365 University, which rolls out in the first quarter, for a four-year subscription priced at $79.99. That, as Microsoft points out, works out to $1.67 per month. Students who enter graduate programs, or just take longer than planned to complete a four-year degree, can renew for an additional four years at the same price.
Documents created or saved in Office 365 University are automatically saved to Microsoft's SkyDrive storage service. The price includes 27 GB of storage. It also allows users to install Office University 365 on up to two devices. It can also be streamed to other devices when users are away from their own PC.
Office 365 University includes access to online versions of Word, PowerPoint, OneNote, Outlook, Publisher and Access. Students who purchase Office University 2010 for Windows, or Office University 2011 for Mac, both of which are priced at $100, get access to Office University 365 for free. The pricing structure mirrors that of the consumer version of Office, which also offers free cloud apps when purchased.
Office 365 University is available to higher-education students, faculty, and staff. After purchasing, buyers must verify their academic credentials online. Those purchasing the software from a Microsoft store can verify before buying.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.