REDMOND, Wash. — Oct. 19, 2012 — Microsoft Corp. today announced new academic institutions and medical schools that are adopting Microsoft Office 365 for education, the company’s next-generation cloud productivity service, to improve communication and collaboration across campuses while helping meet security, privacy and other regulatory requirements as mandated by the U.S. Health Insurance Portability and Accountability Act (HIPAA).
Duke University, Emory University, Thomas Jefferson University, University of Iowa and University of Washington chose Office 365 after a consortium of leading technology, legal and compliance experts from the academic, public and private sector worked closely with Microsoft to develop a business associate agreement (BAA) to address HIPAA requirements. These institutions and medical schools represent 188,000 additional students, faculty and staff that are using the cloud productivity service. As a result of the collaborative efforts, Microsoft now offers the most comprehensive agreement available to HIPAA-covered entities that manage electronic-protected health information.
Considerations for Moving to the Cloud
Many universities seeking to consolidate resources and save money in their infrastructure and email storage businesses need to combine the benefits of moving to the cloud with assurances around how data is secured and accessed from the cloud. As such, Duke University led a consortium of universities, which included the University of Chicago and the University of Iowa, to find an industry technology partner to help them navigate the current regulatory environment and provide a solution with robust security features that could help prevent data breaches and keep the universities’ sensitive data private in the cloud. Duke will be rolling out Office 365 to all students, faculty and staff to provide the opportunity for cost savings and more effective collaboration across the university and health system.
“A robust, reliable and secure email system is vital to the daily operations of the university and health system,” said Tracy Futhey, vice president of Information Technology and chief information officer, Duke University. “Moving to the Microsoft cloud environment will enable us to achieve greater efficiency and ensure that our users will have the level of protection necessary to keep Duke’s data private, including guaranteeing that our data servers would stay in the U.S.”
Although the federal HIPAA law in large part applies to health organizations that need to protect patient data, education institutions must also adhere to the same HIPAA regulations if school data systems store students’ records that include protected health information. In addition to the medical schools, university hospitals, research departments, school counseling centers and athletic departments are just a few examples of places on campus that store information about students’ physical and mental health. Human resources and benefits departments may also be governed by HIPAA, as they are likely privy to information about healthcare claims that employees are filing.
Thomas Jefferson University (TJU) and Jefferson Medical College, one of the oldest academic medical centers in the United States, were the first academic customers to sign the Office 365 BAA agreement, with more than 5,300 faculty and staff, including 900 practicing clinicians. The combination of research, teaching and clinical staff presented a unique challenge in TJU’s quest to move to the cloud and simultaneously maintain strong privacy protections for its constituents.
“A key deciding factor for TJU was that Office 365 helps enable us to be HIPAA compliant. With Google, we would have never have known where our intellectual property and records were stored,” said Doug Herrick, chief information officer, Thomas Jefferson University. “Microsoft had the willingness to understand our business and be transparent about how it handles security and privacy, which meets the demands of a real enterprise.”
“U.S. healthcare information spans numerous industries and agencies. This makes it essential that we work with healthcare providers and our customers to protect healthcare consumers’ and students’ data, and it all starts with making sure our products are built from the ground up with privacy by design,” said Cameron Evans, chief technology officer, U.S. Education, Microsoft. “Our collaboration with some of the most prominent academic institutions in the country has allowed us to meet the biggest compliance challenges our customers face and ensure that our cloud services offer unprecedented privacy and security capabilities to students, patients and businesses alike.”
Office 365 is the first and only major cloud business productivity service to address the rigors of the federal government’s HIPAA requirements. Microsoft offers a complete range of public, private and hybrid cloud solutions that support covered healthcare entities’ compliance needs. Rather than using separate cloud vendors for productivity, collaboration, application hosting, data storage and relationship management, Microsoft’s customers can consolidate on one cloud, with one infrastructure partner with a common security and privacy framework that is specifically tailored to help meet the compliance needs of healthcare-covered entities.
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.
Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://www.microsoft.com/news. Web links, telephone numbers and titles were correct at time of publication, but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/news/contactpr.mspx.