Are you looking to find out if OneDrive is a HIPAA compliant cloud storage solution? We reviewed the Microsoft Trust Center and found a page called HIPAA and the HITECH Act.
Within the document Microsoft states the following:
“Currently there is no official certification for HIPAA or HITECH Act compliance. However, those Microsoft services covered under the BAA have undergone audits conducted by accredited independent auditors for the Microsoft ISO/IEC 27001 certification.”
Since Microsoft OneDrive is bundled into Office 365, we decided to look for a PDF doc for Office 365 and behold Office 365 Compliance Framework for Industry Standards and Regulations . This PDF document offered a deeper insight for OneDrive and its capabilities on HIPAA compliance and the document specifically states that OneDrive for Business can be HIPAA compliant while OneDrive consumer cloud storage is not HIPAA compliant.
So Is Microsoft OneDrive A HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a covered entity and a business associate. Since Microsoft offers one specifically for OneDrive for Business, this lets us know in fact it is a HIPAA compliant solution. Make sure you sign a BAA with Microsoft before using OneDrive for Business to store or transmit any PHI.