Share via

Where to Find the Business Associate Agreement for Covered Entities Who Subscribe to Microsoft 365 Business Standard?

Anonymous
2024-01-11T21:12:53+00:00

This article: Health Insurance Portability and Accountability Act (HIPAA) & Health Information Technology for Economic and Clinical Health (HITECH) Act (04/25/2023), in the Microsoft, HIPAA, and the HITECH Act section states:

"To support our customers compliance with HIPAA when utilizing Microsoft enterprise products and services, Microsoft will enter into Business Associate Agreements with its covered entity and business associate customers."

And, in the Frequently asked questions section on the same web page:

"Can my organization enter into a BAA with Microsoft? Yes. Microsoft offers its covered entity and business associate customers a Business Associate Agreement that covers in-scope Microsoft services. The Microsoft HIPAA Business Associate Agreement is available through the Microsoft Online Services Data Protection Addendum by default to all customers who are covered entities or business associates under HIPAA. See 'Microsoft in-scope cloud services' on this webpage for the list of cloud services covered by this BAA."

That last sentence contains grammatical errors (it is not clear where the pointing word this is pointing) and the table is actually not named Microsoft in-scope cloud services, therefore you might have trouble finding "the list of cloud services covered by this BAA". FYI, it appears immediately above the FAQ section. Here is a screenshot:

Thus, since I have a Microsoft 365 Business Standard account, which includes OneDrive for Business, and if I store documents containing PHI in OneDrive, I am covered by the Microsoft HIPAA Business Associate Agreement.

That's all peachy, but what I don't understand is this: If a government authority tells me "Show us your BAA signed with Microsoft", what do I do? Where is it? In the hyperlinked text above, "Microsoft HIPAA Business Associate Agreement" does not link to the actual BAA—it links to the Service Trust Portal. I am required by law to have a BAA from Microsoft on file. How to I obtain the actual BAA?

Microsoft 365 and Office | Subscription, account, billing | For business | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-01-11T21:38:25+00:00

    I found it!

    ==> Microsoft General - HIPAA BAA (October 2021)

    Path to get there: Licensing Resources and Documents > Licensing Use Rights > Microsoft Products and Services Data Protection Addendum (DPA) > page 7 of the Addendum: "The full text of the BAA identifies the Online Services or Professional Services to which it applies and is available at http://aka.ms/BAA".

    10 people found this answer helpful.
    0 comments
  2. Anonymous
    2024-01-17T02:49:03+00:00

    CORRECTION: It's on page 11, not page 7.

    Path to get there: Licensing Resources and Documents > Licensing Use Rights > Microsoft Products and Services Data Protection Addendum (DPA) > page 7 page 11 of the Addendum: "The full text of the BAA identifies the Online Services or Professional Services to which it applies and is available at http://aka.ms/BAA".

    6 people found this answer helpful.
    0 comments
  3. Anonymous
    2024-01-12T02:14:02+00:00

    Dear Mark D Worthen PsyD1,

    Thank you for posting to Microsoft Community. We are happy to assist you.

    I'm glad to see that you have found the information by yourself, and thank you for shareing the information here.

    If you need further assistance, feel free to update the thread to let me know!

    If there is any query about Office365 in the future, welcome to post back in our forum!

    Thanks for your time and your understanding would be highly appreciated.

    Sincerely,

    Sherry | Microsoft Community Moderator

    0 comments