This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 94%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBD%3C/text%3E%3C/svg%3E)
Hello
As an HIPAA regulated company CISO, i'm trying to get the status of our company in O365 about our status versus HIPAA compliance. I would like to be registered as such but I can't find how to do it and how I can check for sure we are already registered as such.
Aa an example, in AWS it really easy to find a proof, and get it. in O365, i have already taken hours to search how to get it and nowhere there is an simple explanation and valid URL to get it !
an example : i find this link : https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3
in this page : https://learn.microsoft.com/en-us/answers/questions/5295837/where-to-find-the-business-associate-agreement-for
but when i click on it, it fails to get there and I land on this page : https://servicetrust.microsoft.com/ViewPage/HomePageVNext
And there is no HIPAA there ! I did this research many times i always get in circles and get nowhere
Can we have something that work ?
Again this an agent that provide unusable informations, the link you provide just do not work i never get to the location the links are supposed to bring me.
Read my quesitons in details and see by yourself that the link i gave are not working for me, but there is no explanation of any kind and i can't get the informaiton I NEED !
I have receive this response by mail from you
To retrieve your organization's status regarding HIPAA compliance in Office 365, you should first ensure that you have a Business Associate Agreement (BAA) with Microsoft.
unfortunately, you wrote this (in your agent reply) :
Check for a Business Associate Agreement: Ensure that your organization has entered into a BAA with Microsoft. This agreement is automatically included for customers who are covered entities or business associates under HIPAA.
So if its supposed to be automatic, I would not need to ensure we have it, but because i can't find a way to check we have it, still I don't find much about how to ask for it.again, could you provide a working link to let me request to registered as an HIPAA regulated entity ?
Hello. You can try the following steps:
You should then see the available materials, such as: • HIPAA / HITECH Act Implementation Guidance • Microsoft’s list of in-scope HIPAA-eligible services • Additional audit and compliance documents depending on your licensing level
If none of the HIPAA documents appear, the signed-in account likely doesn’t have the required admin or compliance role.
And as far as I rmemeber HIPAA support is contractual, not a tenant setting or switch. This is documented here: https://learn.microsoft.com/en-us/compliance/regulatory/offering-hipaa-hitech
According to Microsoft:
The Microsoft HIPAA Business Associate Agreement is available through the Microsoft Online Services Data Protection Addendum by default to all customers who are covered entities or business associates under HIPAA.
Hi
thank you but its not enough, you have to open the Healthcare and life sciences category to find the hipaa baa, the search without opening the category didn't find it.
BUT, the baa is saying "If Customer is a Covered Entity"
so now, how can I check I'm a covered entity ?
That determination is made by your company's business activities as defined by the U.S. Department of Health & Human Services (HHS).
The BAA clause "If Customer is a Covered Entity" means the customer is self-attesting to that status by engaging in the agreement.
This section of the forum is community-driven, so it’s pretty unlikely you’ll get an official reply from Microsoft here. I would suggest you create a support ticket again to verify the contractual side for your specific tenant:
I did, thank you anyway
Sorry again
I did, thank you anyway
Yeah, at the end they are the best to provide information about your status.