Healthcare-focused customers and partners with volume-licensing contracts can obtain a HIPAA BAA from Microsoft for Azure Cloud Services (Web and Worker roles); storage (tables, blobs and queues); virtual machines and networking (Windows Azure Connect, Traffic Manager and Virtual Network).
As Microsoft officials explained in a new Windows Azure blog post, HIPAA (the Health Insurance Portability and Accountability Act) and the HITECH Act are U.S. laws that apply to most doctors’ offices, hospitals, health insurance companies, and other companies involved in the healthcare industry that may have access to patient information (called Protected Health Information or PHI). The BAA is a standard contract clause that is mandatory whenever a contract involves the use or disclosure of PHI. On July 24,the Azure teame updated the Windows Azure Trust Center and made available a HIPAA BAA that includes Windows Azure breach monitoring and notification at the platform level, today's blog post noted. "The existence of Windows Azure BAA means that covered healthcare entities can now leverage Windows Azure core services in a pure public cloud platform, as well as a hybrid cloud configuration that extends their existing on premises assets and investments through the public cloud," the blog post added Earlier in 2012, Microsoft announced the availability of a HIPAA BAA that covered Microsoft Office 365 and Dynamics CRM Online, company officials added. And in June, Microsoft announced the availability of SSAE 16/ISAE 3402 attestation for Windows Azure core services.