We’ve recently been surveying the vendor landscape to see who has HITRUST certification. Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In this post, we will determine whether Office 365 from Microsoft is HITRUST certified or not.
SEE ALSO: Is Office 365 HIPAA Compliant?
Since Microsoft is such a large company, we’ll limit the scope of this post to Office 365.
Office 365
Office 365 is the brand name Microsoft uses for a group of software and services subscriptions, which together provide productivity software and related services to subscribers. For business users, Office 365 offers service plans providing e-mail, chat, cloud storage, as well as access to the Microsoft Office software.
Microsoft Office 365 and HITRUST
Although there isn’t a formal HIPAA certification issued by the U.S. Department of Health and Human Services (HHS), HITRUST certification is widely regarding as the closest thing to it. A quick search revealed that Microsoft does mention HITRUST for Office 365 on its website.
Is Office 365 HITRUST Certified?
An 5 October 2018 blog post by Hector Rodriguez, the Microsoft CISO for Worldwide Health, revealed that Office 365 earned HITRUST certification. You can view the HITRUST Letter of Certification for Office 365 at this download page (login required). According to that document, the following Office 365 services are HITRUST certified:- Microsoft Exchange Online
- SharePoint Online
- Skype for Business
- Microsoft Teams
- Information Protection
- Office Online
- Security Workload Environment
- Domain Name Service
- Suite User Experience
- Office Service Infrastructure
Conclusion: A subset of Office 365 product offerings are HITRUST Certified.
HITRUST Certification
Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis, and resilience.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.