Is SharePoint HIPAA Compliant? You Bet Your Business It Is!

If you’re in the healthcare industry, then you know that HIPAA compliance is a big deal. You also know that SharePoint is a big deal. So what happens when you put the two together? Is SharePoint HIPAA compliant?

You bet your business it is! Here are all the answers to the question, “Is SharePoint HIPAA compliant?”.

What is SharePoint?

Microsoft’s popular collaboration platform, SharePoint, helps companies manage documents, collaborate, and share information. Used by 78% of Fortune 100 Companies, it is one of the most widely used systems of its kind.

The platform is based on Microsoft’s open document standards so it easily integrates with Microsoft Office.

While both Google and DropBox offer similar features, Microsoft’s SharePoint is a more powerful platform that can be used for internet portals, intranet sites, and Customer Relationship Management (CRM) systems.

SharePoint is a versatile platform that can offer many benefits to healthcare organizations. However, it is important to ensure that the platform is configured correctly to meet all HIPAA requirements.

SharePoint includes several features and security controls that can help protect sensitive patient data, but it is important to work with a qualified consultant to ensure that the platform is properly configured for your specific needs.

This post explores the question of whether SharePoint is a HIPAA-compliant software and if it is suitable to be used in the healthcare industry.

Is SharePoint Covered by Microsoft’s Business Associate Agreement?

When considering which platforms to use, the first question to ask is whether that company will sign a business associate agreement (BAA) with a healthcare organization.

The BAA is a contract between a HIPAA-covered entity (CE) and a Business Associate (BA). It’s required for a BA to legally use protected health information (PHI).

Microsoft has prepared a business associate agreement for Office365, Yammer, and Sharepoint. This will allow them to be used with PHI.

Microsoft has stated that SharePoint Online with Office 365 Enterprise is HIPAA compliant.

Is SharePoint HIPAA Compliant?

Yes, SharePoint can be considered HIPAA compliant.

As a business, you must ensure that you use Office 365, a software suite from Microsoft, in a way that is compliant with the Health Insurance Portability and Accountability Act (HIPAA).

Microsoft has committed to meeting its responsibilities as a Business Associate under this law, but you are still responsible for following all applicable laws.

To comply with HIPAA, covered entities must make sure that individuals or roles that have access are authorized, that audit trails are being monitored, that the appropriate security measures are enabled, and that users are trained on the platform and the requirements of PHI.

As long as a BAA is acquired, and the proper configuration and usage guidelines are followed, Microsoft’s collaboration tool, SharePoint, can be deemed a HIPPA-compliant platform for documents, files, and records.

What is HIPAA and What Is It For?

The Health Insurance Portability and Accountability Act, or HIPAA, sets the standard for protecting sensitive patient data.

Any company dealing with Protected Health Information (PHI) must ensure all physical and network security and processes are followed. This is to protect the confidentiality of the PHI, its integrity, and availability.

A core element of HIPPA is the implementation of IT controls that are designed to protect patient information. These IT controls are put in place to ensure that any electronic information that is created, saved, sent, or received by any employee or third party is appropriately safeguarded.

A 2018 annual survey conducted by A T Kearny revealed that more than 85% of C-level execs around the world experienced breaches in the last three years.

Due to the sensitive information that healthcare companies deal with, they have complex fraud and security challenges.

All healthcare organizations face fraud and cybersecurity challenges that can be mitigated by implementing HIPAA compliance mechanisms into their cyber defense strategy. By doing so, these organizations can protect themselves, their patients, and their data.

This post discusses the tools and strategies available to businesses using Microsoft’s cloud-based productivity suite, Office 360, to comply with HIPPA.

HIPAA Privacy Rule and Security Rule

The HIPAA is a federal law that safeguards the privacy and security of patient information.

While the HIPAA privacy rule sets the standard as to who may have access to your patient’s health information, the HIPAA security rule ensures only those who should have access to the information will in fact have that ability.

The HIPAA privacy rules apply to all forms of patient data (oral, written, electronic) while the security rules apply only to electronic data.

Patient information includes any information that is created, received, managed, or transmitted through any medium. This could include data that are sent through the Internet, stored on a hard drive, or any type of media.

How does SharePoint stack against HIPAA?

No software can, on its own, meet all the requirements laid out by HIPAA. But, Microsoft’s SharePoint has built-in features to comply with these strict guidelines.

This will enable all covered entities and business associates to comply with all aspects of HIPAA.

Microsoft’s Office 365 is an online solution that not only enhances productivity but also ensures collaboration while safeguarding data and complying with industry regulations.

However, SharePoint and SharePoint Online have not mentioned all such details.

Microsoft is willing to sign a Business Associate Agreement with healthcare organizations that will include SharePoint. This agreement will help ensure compliance with HIPAA regulations and the proper configuration of the SharePoint platform.

SharePoint is a great tool for HIPAA compliance, but users are responsible for ensuring that the platform is configured properly to meet all regulations.

Training the employees, setting up access restrictions, and configuring the settings are all ways to ensure compliance.

SharePoint can be used for document management and collaboration in a HIPAA-compliant way. By taking measures to ensure the privacy and security of patient data, SharePoint can help you meet your HIPAA obligations.


Is SharePoint HIPAA compliant? SharePoint is a powerful tool that can help your business stay compliant with HIPAA. By understanding how SharePoint stacks up against HIPAA, you can be sure that your business is protected.

You may also like…