Home

Using Compliance Manager to Assess HIPAA Compliance

%3CLINGO-SUB%20id%3D%22lingo-sub-679086%22%20slang%3D%22en-US%22%3EUsing%20Compliance%20Manager%20to%20Assess%20HIPAA%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-679086%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20a%20community%20based%20cancer%20treatment%20center%20with%20multiple%20sites.%20Everything%20I%20am%20reading%20from%20Microsoft%2C%20HIPAA%20Journal%2C%20etc.%20tells%20me%20Teams%20is%20fully%20HIPAA%20compliant.%26nbsp%3B%20We%20have%20physician-staff%20teams%20that%20want%20to%20use%20Teams%20for%20Secure%20texting%20(Chat)%20and%20file%20sharing%20within%20their%20specific%20Team.%26nbsp%3B%20This%20would%20include%20PHI.%3C%2FP%3E%3CP%3EAre%20any%20other%20Healthcare%20provider%20entities%20using%20Teams%20in%20this%20way%3F%20What%20has%20been%20your%20experience%3F%3C%2FP%3E%3CP%3EThank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-679086%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActivity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECommunity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-679613%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20Compliance%20Manager%20to%20Assess%20HIPAA%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-679613%22%20slang%3D%22en-US%22%3EMy%20experience%20is%20more%20on%20the%20Finance%20side%20where%20everything%20has%20to%20be%20documented%2Fsearchable.%20By%20default%2C%20Teams%20modified%20conversation%20aren't%20saved%20by%20default.%20Meaning%20you%20can't%20use%20e-discovery%20to%20search%20previous%20message.%20You%20have%20to%20do%20Teams%20governance%20policy%20where%20IT%20create%20the%20teams%2C%20and%20on%20your%20script%2C%20enable%20Litigation%20Hold%20on%20it.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Flegal-hold%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Flegal-hold%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-679627%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20Compliance%20Manager%20to%20Assess%20HIPAA%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-679627%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F356975%22%20target%3D%22_blank%22%3E%40John_IT%3C%2FA%3EMicrosoft%20recently%20hosted%20a%20week%20long%20series%20of%20webinars%20showing%20how%20Teams%20can%20be%20used%20in%20the%20Healthcare%20industry%20and%20this%20was%20demonstrated%20and%20discussed%2C%20see%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FHealthcare-and-Life-Sciences%2FAnnouncing-the-HLS-Modern-Workplace-Events-Series%2Fba-p%2F480819%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FHealthcare-and-Life-Sciences%2FAnnouncing-the-HLS-Modern-Workplace-Events-Series%2Fba-p%2F480819%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-679628%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20Compliance%20Manager%20to%20Assess%20HIPAA%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-679628%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F356975%22%20target%3D%22_blank%22%3E%40John_IT%3C%2FA%3E%26nbsp%3B%20There%20are%20many%20settings%20in%20Office%20365%20that%20will%20need%20to%20be%20properly%20configured%20to%20help%20ensure%20that%20your%20compliance%20requirements%20are%20fulfilled.%20While%20MS%20has%20done%20everything%20they%20can%20and%20are%20compliant%2C%20there%20are%20still%20many%20settings%2C%20tools%20and%20practices%20that%20each%20organization%20must%20do%20on%20their%20own%20to%20fully%20comply.%20This%20includes%20Data%20Loss%20Prevention%20policies%2C%20Information%20Protection%20(for%20Sensitive%20data)%20labels%2C%20Retention%20labels%20(for%20keeping%20business%20records)%2C%20Cloud%20App%20Security%20policies%2C%20Conditional%20Access%20Policies%20and%20more%2C%20the%20Compliance%20Manager%20can%20be%20used%20to%20help%20plan%20and%20manage%20compliance%20assessment%20activities.%20%3CA%20href%3D%22https%3A%2F%2Fservicetrust.microsoft.com%2FComplianceManager%2FV3%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fservicetrust.microsoft.com%2FComplianceManager%2FV3%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-679805%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20Compliance%20Manager%20to%20Assess%20HIPAA%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-679805%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1096%22%20target%3D%22_blank%22%3E%40Dean%20Gross%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDean%2C%3C%2FP%3E%3CP%3EThank%20you%20so%20much%20for%20the%20information.%26nbsp%3B%20It%20and%20the%20presentations%20were%20very%20helpful.%3C%2FP%3E%3CP%3EJohn%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-679807%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20Compliance%20Manager%20to%20Assess%20HIPAA%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-679807%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F328428%22%20target%3D%22_blank%22%3E%40jerome317%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJerome%2C%3C%2FP%3E%3CP%3EThank%20you.%26nbsp%3B%20Very%20helpful.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EJohn%3C%2FP%3E%3C%2FLINGO-BODY%3E
John_IT
New Contributor

We are a community based cancer treatment center with multiple sites. Everything I am reading from Microsoft, HIPAA Journal, etc. tells me Teams is fully HIPAA compliant.  We have physician-staff teams that want to use Teams for Secure texting (Chat) and file sharing within their specific Team.  This would include PHI.

Are any other Healthcare provider entities using Teams in this way? What has been your experience?

Thank you

5 Replies
My experience is more on the Finance side where everything has to be documented/searchable. By default, Teams modified conversation aren't saved by default. Meaning you can't use e-discovery to search previous message. You have to do Teams governance policy where IT create the teams, and on your script, enable Litigation Hold on it.

https://docs.microsoft.com/en-us/microsoftteams/legal-hold

@John_ITMicrosoft recently hosted a week long series of webinars showing how Teams can be used in the Healthcare industry and this was demonstrated and discussed, see https://techcommunity.microsoft.com/t5/Healthcare-and-Life-Sciences/Announcing-the-HLS-Modern-Workpl...

@John_IT  There are many settings in Office 365 that will need to be properly configured to help ensure that your compliance requirements are fulfilled. While MS has done everything they can and are compliant, there are still many settings, tools and practices that each organization must do on their own to fully comply. This includes Data Loss Prevention policies, Information Protection (for Sensitive data) labels, Retention labels (for keeping business records), Cloud App Security policies, Conditional Access Policies and more, the Compliance Manager can be used to help plan and manage compliance assessment activities. https://servicetrust.microsoft.com/ComplianceManager/V3

 

@Dean Gross 

Dean,

Thank you so much for the information.  It and the presentations were very helpful.

John

@jerome317 

Jerome,

Thank you.  Very helpful.  

John

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
38 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies