We are a community based cancer treatment center with multiple sites. Everything I am reading from Microsoft, HIPAA Journal, etc. tells me Teams is fully HIPAA compliant. We have physician-staff teams that want to use Teams for Secure texting (Chat) and file sharing within their specific Team. This would include PHI.
Are any other Healthcare provider entities using Teams in this way? What has been your experience?
My experience is more on the Finance side where everything has to be documented/searchable. By default, Teams modified conversation aren't saved by default. Meaning you can't use e-discovery to search previous message. You have to do Teams governance policy where IT create the teams, and on your script, enable Litigation Hold on it.
@John_IT There are many settings in Office 365 that will need to be properly configured to help ensure that your compliance requirements are fulfilled. While MS has done everything they can and are compliant, there are still many settings, tools and practices that each organization must do on their own to fully comply. This includes Data Loss Prevention policies, Information Protection (for Sensitive data) labels, Retention labels (for keeping business records), Cloud App Security policies, Conditional Access Policies and more, the Compliance Manager can be used to help plan and manage compliance assessment activities. https://servicetrust.microsoft.com/ComplianceManager/V3