[MS] Microsoft 365 Certification control spotlight: HIPAA - devamazonaws.blogspot.com

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law for American citizens and healthcare organizations, including those outside the US that handle US health data. This law requires the Secretary of the U.S. Department of Health and Human Services (HHS) to create regulations protecting the privacy and security of certain health information.  Organizations handling potentially protected health information (ePHI) must comply with HIPAA. ePHI includes any electronically transmitted or stored individually identifiable health information. HIPAA consists of two key rules: 
  • Privacy Rule: Establishes national standards for protecting certain health information. 
  • Security Rule: Sets security standards for protecting electronic protected health information (ePHI). 
The security rule implements the protections of the privacy rule by outlining technical and non-technical measures that “covered entities” must take to safeguard ePHI. This summary highlights essential HIPAA elements to ensure compliance and protect processed health information.  Microsoft 365 Certification verifies that ISVs have established protocols for managing health information, dealing with emergencies and service disruptions, and staff access to health information and training. Organizations are required to maintain and outline these administrative safeguards as part of their HIPAA security program. This is a necessary aspect of complying with HIPAA regulations.  Certification ensures compliance with the security rule, including “covered entities” under the terms for confidentiality, integrity and availability as defined under § 164.304: 
  • Confidentiality: “the property that data or information is not made available or disclosed to unauthorized persons or processes.” 
  • Integrity: “the property that data or information have not been altered or destroyed in an unauthorized manner.” 
  • Availability: “the property that data or information is accessible and useable upon demand by an authorized person.” 
ISVs must implement technical safeguards such as access, audit, integrity, and transmission controls within the IT infrastructure to ensure ePHI confidentiality while maintaining its integrity and availability to authorized users.  Certification auditors will review configuration settings of the protection mechanisms used to ensure that ePHI data is secured in line with the control requirement. Such mechanisms can include access controls, emergency access procedures, RBAC, encryption etc.  The Privacy Rule defines Protected Health Information (PHI) and prohibits its improper use and disclosure. Organizations must restrict e-PHI access to authorized personnel only and comply with the minimum necessary rule, using or disclosing only the least amount of e-PHI required for their purpose.  To achieve certification, ISVs must demonstrate that their application protects against reasonably anticipated uses or disclosures of information not permitted by the privacy rule. Additionally, they must ensure their workforce complies with the security rule. Providing training to staff on how to handle e-PHI securely and appropriately. Data backup and disaster recovery plans should be established in accordance with HIPAA requirements specified under 164.308. 

Next steps 

To learn how Microsoft 365 Certification validates your application supports HIPAA regulations, visit the Microsoft 365 Certification control evidence requirements  To start certification, go to the Microsoft Partner Center dashboard, select an app from Marketplace offers overview, and select App Compliance. 
Post Updated on April 24, 2025 at 03:55PM
Thanks for reading
from devamazonaws.blogspot.com

Comments

Post a Comment

Popular posts from this blog

Scenarios capability now generally available for Amazon Q in QuickSight - devamazonaws.blogspot.com

Today, AWS announces the general availability of the scenarios capability of Amazon Q in QuickSight. Amazon Q guides you through data analysis by uncovering hidden trends, making recommendations for your business, and intelligently suggesting next steps for deeper exploration—all in response to natural language interactions. Now anyone can explore past trends, forecast future scenarios, and model solutions without needing specialized skill, analyst support, or manual manipulation of data in spreadsheets. With its intuitive interface and step-by-step guidance, the scenarios capability of Amazon Q in QuickSight helps users perform complex data analysis up to 10x faster than spreadsheets. Whether you're optimizing marketing budgets, streamlining supply chains, or analyzing investments, Amazon Q makes advanced data analysis accessible so you can make data-driven decisions across your organization. This capability is accessible from any Amazon QuickSight dashboard, so you can move seam...
Read more

[MS] Introducing Pull Request Annotation for CodeQL and Dependency Scanning in GitHub Advanced Security for Azure DevOps - devamazonaws.blogspot.com

Image
In the world of software development, security is paramount. As developers, we strive to write clean, efficient, and most importantly, secure code. GitHub Advanced Security for Azure DevOps has always been at the forefront of providing tools that make it easier to build and release high-quality software. Today, we’re excited to announce a new feature release that will take your code security to the next level: PR (Pull Request) Annotation for CodeQL and Dependency Scanning. PR Annotation - What Does it Mean for You? Pull Request Annotation brings security insights directly into your development workflow. Here’s how it works: When you raise a Pull Request, CodeQL runs automatically, scanning for any potential security issues. Dependency Scanning concurrently checks for vulnerabilities in packages or libraries you might be using. If any issues are found, they are reported directly on the PR interface as annotations. Developers can see exactly what the problem is and where it occu...
Read more

AWS Console Mobile Application adds support for Amazon Lightsail - devamazonaws.blogspot.com

AWS customers can now access Amazon Lightsail from within the AWS Console Mobile App to monitor and manage Lightsail instances, containers, databases, network, storage, snapshots, domains and DNS while on the go. Visit the Services tab in the AWS Console Mobile App and select Lightsail to get started. The AWS Console Mobile App enables AWS customers monitor and manage a select set of resources and receive push notifications to stay informed and connected with their AWS resources while on-the-go. The sign-in process supports biometrics authentication, making access to AWS resources simple, secure, and quick. Lightsail offers easy-to-use virtual private server (VPS) instances, storage, databases, and more for a cost-effective monthly price. For AWS services not available natively, customers can access the AWS Management Console via an in-app browser to access service pages without additional authentication, manual navigation, or need to switch from the app to a browser. Visit the AWS...
Read more