Skype for Business HIPAA Compliance

Skype for Business, a unified communications (UC) platform that integrates common channels of business communication and online meetings, including instant messaging (IM), presence, voice over IP (VoIP), voicemail, file transfers, video conferencing, web conferencing and email, has finally become HIPAA compliant. HIPAA is the Health Insurance Portability and Accountability Act which helps to set the standard for the protection of patient’s data. HIPAA/HITECH applies to companies, businesses, and organizations who provide service functions using individually identifiable health information.

But what does HIPAA have to do with Skype for Business? Many organizations are moving to cloud services, such as Office 365, due to their managed cost and easy scalability. HIPAA/HITECH mandates that any transmission of patient information over a computer network must be done in a secure and auditable manner.

While dealing with private health information, companies and services must have physical, network, and system security measures to be HIPAA Compliant. Being HIPAA Compliant is a must in today’s day and age with more of our private data being processed and accessed online, vulnerable to being hacked. With HIPAA certification, it gives people a peace of mind knowing that the companies and services they use are taking the correct measures to protect their data.

Microsoft provides this compliance to its Office 365 services which include services from Exchange Online to Advanced Threat Protection to now Skype for Business Online. These services don’t include Office 365 Pro Plus since these services operate outside Microsoft’s control. This is the same reason as to why Skype for Business on premises isn’t certified either as HIPAA compliant. Everything regarding the installation of the system and infrastructure including its network is in compliance except the app itself because Microsoft has no control over the data.

Now with Skype for Business Online, you can expect better security and thorough scans and monitoring of messages and calls so that you know what information is leaving the organization. With HIPAA certification for Skype for Business online, companies can finally be sure that they have control over what information is being sent where and to whom.

Below are few essential points to use Office 365 in accordance with HIPAA rules:

  • Use Office 365 correctly. While Microsoft guarantees that Office 365 can be used in a HIPAA compliant manner, it is each organization’s responsibility to ensure that it is used correctly.
  • Each organization will need to have their own policies and procedures in place that govern the use of patient’s data. This also includes any staff compliance measures, training, and auditing procedures.

Lumen21 as a premier IT Services company helps many organizations to become HIPAA Complaint and to configure Microsoft Office 365 in a HIPAA compliant manner. For more details visit