HIPAA-Compliant Teams and/or Channels (NEED HELP)

Copper Contributor

This is my first post. My transportation company is migrating to Microsoft 365 to simplify our platform stack. Currently we use Telegram for direct messaging. Here is the current challenge with Telegram: 



We have Telegram groups that allow some of our clients to order their taxi service directly from the group. Any driver (almost 20) can respond, as well as our two dispatchers and two managers. We have about ten such clients. The challenge is adding a new group. Every time someone has a new client, we must add almost 25 employees to that group, then send an invite to the client's cell phone. When an employee is hired, we must have them create a Telegram profile and add them manually to each of these direct order groups one-at-a-time. When an employee leaves, we must remove them manually from each group, as there are HIPAA issues with these clients (ID/DD). 


I am moving to Teams so I can create groups and simply add groups to a team instead of each employee individually. That is the easy part. However, I still have a HIPAA issue. I would like to create a Team for this sort of client support and have a channel for each client below that called Direct Order - John Doe, Direct Order - Jane Doe, etc. If I make the channel shared, I can add someone from outside the organization (the client), but then I also must manually add members (cannot add a Microsoft 365 group), defeating the purpose of using a Microsoft 365 Group. I have also considered adding the clients directly to my organization and paying $6/month for their Microsoft 365. I can make them a group and add that group to the Team and if I use "Standard" access for a subchannel, everyone (drivers group and clients group) can see the channel. Here is my next HIPAA roadblock: I do not want the clients to be able to see each other. I have no doubt that the agency paying for their transportation does not want the clients to be able to peek into the channels for any client other than their own Direct Order channel. 


If anybody has any suggestion on how to crack this code allowing a channel to have access at a Microsoft 365 group and be able to add one other person from outside the organization (or inside for that matter), I would appreciate it. 


One thing I do not want to do, but would work, is to have a separate Team for each client (and just using the General channel for direct order) as we operate in multiple municipalities, and I would like to use one team per municipality so I can collapse the channels list when I want. In general, I want to keep the number of Teams as small as possible and rely on channels instead. 


0 Replies