Last month, I had a call with a digital health startup in Toronto. During our call, we discussed their use of Microsoft Azure services in their solution set. We've already covered how vast the HIPAA industry is so we can empathize with just how many people need to use cloud services in this healthcare sector. In previous posts, we’ve covered email service providers like Gmail, Hotmail, Yahoo, Outlook, and AOL and their capabilities for HIPAA compliance. The purpose of this post is to determine if Google Cloud, one of the more popular cloud platforms, offers HIPAA compliance or not.
SEE ALSO: Is Amazon Web Services (AWS) HIPAA Compliant?
Microsoft Azure is a growing collection of integrated cloud services that developers and IT professionals can use to build, deploy, and manage applications. Azure is widely regarding as the #2 cloud service provider on the market, with Amazon Web Services being #1.
We’ve previously talked about how a Business Associate Agreement is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance to ensure security and privacy. We checked the Microsoft Azure Trust Center and found a page called HIPAA and the HITECH Act. In it, Microsoft wisely points out: “Currently there is no official certification for HIPAA or HITECH Act compliance. However, those Microsoft services covered under the BAA have undergone audits conducted by accredited independent auditors for the Microsoft ISO/IEC 27001 certification.”
The Business Associate Agreement is a key component to HIPAA compliance between a covered entity and a business associate. Since Microsoft Azure offers one, we conclude they are in fact a HIPAA compliant cloud vendor.
READ: Is My Password-Protected PDF Document HIPAA Compliant?
Conclusion: Many parts of Microsoft Azure are HIPAA Compliant and adhere to regulatory compliance for healthcare providers and healthcare organizations.
READ MORE: Is Google Cloud HIPAA Compliant?