Share via

How to I get the business associate agreement

novavitaetx-2132 0 Reputation points
2026-04-08T20:33:39.4133333+00:00

I can't find where the business associate agreement is located. Can you provide the link please and seeing up HIPPA compliance

Microsoft 365 and Office | Subscription, account, billing | For business | Other

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alexis-NG 14,990 Reputation points Microsoft External Staff Moderator
    2026-04-08T20:48:52.79+00:00

    Hi @novavitaetx,

    Good day and thank you for clearly presenting your concern.

    Microsoft offers a standard Business Associate Agreement (BAA) for all covered entities and business associates that create, receive, store, or transmit PHI via a Microsoft Office 365 product or service. The BAA is entered into automatically as soon as an organization identifies itself as being subject to HIPAA and signs a Service Agreement for a Microsoft Office 365 product or service covered by the Online Products and Services Data Protection Addendum.

    Microsoft 365 is HIPAA-compliant if you have a Microsoft 365 Business Standard or Business Premium account (also enterprise and government accounts).

    To find the actual BAA document:

    1. Go to: Microsoft Products and Services Data Protection Addendum (DPA).
    2. Download the most recent version for your language.
    3. Look in the Table of Contents for HIPAA Business Associate (or similar).
    4. That page will include a link to the download page for the Microsoft BAA.

    Additionally, Microsoft does not require customers to sign BAAs. The Microsoft HIPAA Business Associate Agreement is available through the Microsoft Online Services Data Protection Addendum by default to all customers who are covered entities or business associates under HIPAA. That means if you have Microsoft cloud services, HIPAA BAA is available by default to all customers who are covered entities or business associates under HIPAA.

    For more details, you can refer to this official article: Health Insurance Portability and Accountability Act (HIPAA) & Health Information Technology for Economic and Clinical Health (HITECH) Act - Microsoft Compliance | Microsoft Learn

    I hope this provides enough clarity and helps you stay inform with your current situation.

    In the meantime, if you see my replies bring helpful information, please kindly accept it as an answer and vote it up by your original account, which raised this question. Once marked, it will automatically pin to top. As other users will also search information in this community, your valuable vote up will definitely also help other users who have similar queries easily to find the correct channel and useful information more quickly.   

    Thank you for your patience and your understanding. If you have any questions or need further assistance, please feel free to share them in the comments on this post so I can continue to support you.  

    Note: Follow the steps in this documentation to enable email notifications if you want to receive email notifications related to this topic.

    0 comments
  2. Q&A Assist
    2026-04-08T20:33:51.9966667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The Microsoft HIPAA Business Associate Agreement (BAA) is not a separate document that needs to be requested or signed individually. For eligible customers, it is included by default in Microsoft’s standard online terms.

    For Microsoft 365/Office 365 and other Microsoft Online Services:

    1. The HIPAA BAA is included as part of the Microsoft Online Services Data Protection Addendum / Data Protection Addendum (DPA) and Product Terms (formerly Online Services Terms).
    2. Covered entities and business associates under HIPAA automatically receive the Microsoft HIPAA BAA when they enter into a qualifying volume licensing or online services agreement that incorporates these terms.
    3. The BAA for Microsoft 365/Office 365 and other in-scope services can be viewed and downloaded from the Service Trust Portal under the “Microsoft HIPAA Business Associate Agreement” document.

    For Azure and other in-scope cloud services:

    1. The HIPAA BAA is made available by default via the Microsoft Product Terms to all customers who are covered entities or business associates under HIPAA.
    2. Execution of the customer’s volume licensing agreement includes execution of the HIPAA BAA as referenced in the Microsoft Products and Services Data Protection Addendum.

    Key points for setting up HIPAA-related compliance:

    1. Having a BAA with Microsoft does not by itself make an organization HIPAA compliant. The organization must implement its own policies, procedures, and technical controls that align with HIPAA and HITECH.
    2. Use Microsoft Purview Compliance Manager in the Microsoft Purview portal to assess HIPAA/HITECH-related risk and build assessments using the HIPAA/HITECH premium template.
    3. For detailed HIPAA/HITECH implementation guidance (especially for Azure), follow the HIPAA/HITECH implementation guidance referenced in the HIPAA/HITECH offering documentation.

    To summarize:

    • The BAA is already included in Microsoft’s standard cloud terms (Product Terms/DPA) for covered entities and business associates.
    • The actual BAA document can be obtained from the Service Trust Portal as the “Microsoft HIPAA Business Associate Agreement.”
    • Compliance setup requires using tools like Microsoft Purview Compliance Manager and implementing internal HIPAA controls; Microsoft services and the BAA only support, but do not guarantee, HIPAA compliance.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.