Azure ML Now Compliant with HIPAA, ISO 27001, ISO 27018 and EU Model Clauses

This post is authored by Krishna Anumalasetty, Principal Program Manager at Microsoft.

We are excited to announce that Azure Machine Learning security practices have been verified by independent third party auditors and achieved HIPAA, ISO 27001, ISO 27018 and EU Model Clauses compliance.

Enterprise customers often require that cloud services comply with specific security certifications. Compliance certifications provide assurance to customers that the security of these services have been verified by independent auditors.

HIPAA Announcement

HIPAA (Health Insurance Portability and Accountability Act) establishes requirements for the use, disclosure and safeguarding of electronic Patient Health Information (ePHI). Azure ML HIPAA compliance enables customers to use Advanced Analytics workloads involving electronic Health Information (ePHI) such as Genome Sequence Data in Azure ML, opening up opportunities to leverage cloud scale and agility.

This milestone will help to unlock new opportunities for all types of customers with Azure ML and the Cortana Intelligence Suite.

“Adding Azure ML to the Microsoft Trust Center and HIPAA-required BAA will allow us to expand our healthcare ML offerings such as the GAFFEY propensity to pay ML Model which improves revenue cycle efficiency. This is a very significant achievement for us and other healthcare focused companies looking to leverage Azure ML.” says Pradeesh Mathew, Director of Data Architecture at GAFFEY HealthCare.

“I'm excited that a barrier for transforming healthcare analytics with Microsoft Azure and Azure Machine Learning is now overcome. A HIPPA compliant Azure ML will lower the complexity of analyzing large health datasets leading to rapid deployment of our state-of-the-art ML models for the patient care continuum. Kensci already delivers groundbreaking innovation to benefit patients; this will shorten our solution discovery cycle while lowering development costs.”, says Prof. Ankur Teredesai, cofounder of KenSci – a University of Washington Tacoma healthcare ML spinoff.

For more information on HIPAA, HITECH Act and the Business Associate Agreement (BAA), refer to detailed information here.

ISO and EU Model Clauses Compliance ISO 27001 is an international security standard and one of the most widely recognized certifications for a cloud service. And today, we are excited to join the group of Microsoft cloud services in scope for ISO/IEC 27001.

Along with ISO 27001, ISO 27018 represents the code of practice for protecting personal data in the cloud, please visit the dedicated site for more information.

The EU (European Union) Model Clauses are standardized contractual clauses used in agreements between service providers such as Microsoft and customers, ensuring that any personal data leaving the EEA (European Economic Area) will be transferred in compliance with EU data protection law. Additional information on EU Model Clauses can be found here.

Learn more about Azure ML by visiting the Azure ML website and feel free to chat with us at our online forum.