HIPAA

HIPAA (Health Insurance Portability and Accountability Act) is the US law governing privacy and security of Protected Health Information (PHI). Healthcare organisations and their business partners ("covered entities" and "business associates") must safeguard PHI per HIPAA Security Rule and Privacy Rule. Microsoft 365 is HIPAA-compliant and Microsoft signs a Business Associate Agreement (BAA) with healthcare customers — the legal artefact that allows them to use Microsoft 365 for PHI. Specific Microsoft 365 features support HIPAA compliance — Customer Lockbox, Audit logs, Purview retention, Information Protection. Healthcare-specific Microsoft 365 plans (such as Microsoft Cloud for Healthcare) bundle additional capabilities for clinical scenarios.