HIPAA Compliance Deployment to Azure App Services

%3CLINGO-SUB%20id%3D%22lingo-sub-1578597%22%20slang%3D%22en-US%22%3EHIPAA%20Compliance%20Deployment%20to%20Azure%20App%20Services%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1578597%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20deploying%20application%20which%20holds%20PHI%20data%20to%20Azure%20in%20Azure%20App%20Services%20with%20Azure%20SQL.%3C%2FP%3E%3CP%3EAre%20Azure%20SQL%20and%20Azure%20App%20Services%20HIPAA%20compliant%3F%20Are%20there%20any%20further%20steps%20I%20will%20have%20to%20take%20to%20make%20the%20infrastructure%20HIPAA%20compliant%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1578597%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EApp%20Services%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20SQL%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1578950%22%20slang%3D%22en-US%22%3ERe%3A%20HIPAA%20Compliance%20Deployment%20to%20Azure%20App%20Services%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1578950%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10496%22%20target%3D%22_blank%22%3E%40Rizwan%20Ansari%3C%2FA%3E%26nbsp%3BHi%20there!%20You%20can%20look%20at%20the%20compliance%20status%20of%20all%20of%20the%20Azure%20services%20at%20the%20following%20site...%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Foffering-hipaa-hitech%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Foffering-hipaa-hitech%3Fview%3Do365-worldwide%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20describes%20the%20services%20in%20scope%20for%20compliance%20as%20well.%20Important%20to%20note%20though%20that%20the%20platform%20is%20compliant%2C%20this%20does%20not%20mean%20your%20application%20is%20compliant%2C%20you%20will%20still%20need%20accreditation%20for%20your%20application%20you%20are%20deploying%20but%20the%20platform%20(depending%20on%20the%20content%20of%20the%20link%20above)%2C%20will%20be%20compliant.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20the%20same%20for%20any%20compliance%20in%20Azure%2C%20platform%20is%20compliant%2C%20what%20you%20deploy%20on%20top%20you%20need%20to%20validate%20yourself.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

We are deploying application which holds PHI data to Azure in Azure App Services with Azure SQL.

Are Azure SQL and Azure App Services HIPAA compliant? Are there any further steps I will have to take to make the infrastructure HIPAA compliant? 

1 Reply
Highlighted

@Rizwan Ansari Hi there! You can look at the compliance status of all of the Azure services at the following site... https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-hipaa-hitech?view=o365-worldwide

 

This describes the services in scope for compliance as well. Important to note though that the platform is compliant, this does not mean your application is compliant, you will still need accreditation for your application you are deploying but the platform (depending on the content of the link above), will be compliant.

 

This is the same for any compliance in Azure, platform is compliant, what you deploy on top you need to validate yourself.