Email platforms such as Microsoft Office 365 remain an important mode of communicating with and sharing information about patients. But is email HIPAA-compliant?The Health Insurance Portability and Accountability Act of 1996 Privacy Rule governs how healthcare organizations use, disclose and protect patients personal health information. It also covers business associates, including cloud services and email providers, that handle protected health information on their behalf.As long as a HIPAA-covered entity secures a business associate agreement with an email provider such as Microsoft, email can comply with HIPAA rules.That said, a BAA alone doesnt guarantee HIPAA compliance.Healthcare organizations must ensure access controls are configured correctly, administrator access tracking is turned on, Microsoft Dynamics CRM Online for supported devices is turned off, access control reports are obtained and checked regularly, and all users are trained on how to use Office 365 in a manner compliant with HIPAA rules, such as not including protected health information in subject lines, according to Microsofts guidance on the issue.

Source: Click here