HIPAA (HIPAA) | TrueConfig

US federal law requiring protection of electronic protected health information by covered entities and business associates.

What is HIPAA?

HIPAA (Health Insurance Portability and Accountability Act) Security Rule requires administrative, physical, and technical safeguards for ePHI. Unlike prescriptive frameworks, HIPAA specifies what must be achieved (like access controls and audit logging) but not specific technologies. Covered entities must conduct risk assessments and implement appropriate safeguards.

In Microsoft 365

Microsoft 365 provides technical safeguards for HIPAA compliance. Azure AD Conditional Access provides access controls, audit logs provide the required audit trails, and sensitivity labels can classify ePHI. Microsoft signs a Business Associate Agreement for M365 services.

Examples

1§164.312(d) - Authentication requirement
2§164.312(b) - Audit controls
3§164.312(a)(1) - Access control

Related TrueConfig Controls

These controls help implement and verify hipaa in your Microsoft 365 environment.

ID-01User MFA Registration CA-01Require MFA via Conditional Access Policy LOG-01Enable Unified Audit Logging GOV-01Review Stale User Accounts

Frequently Asked Questions

What is HIPAA (HIPAA)?▼

US federal law requiring protection of electronic protected health information by covered entities and business associates.

How does HIPAA work in Microsoft 365?▼

Microsoft 365 provides technical safeguards for HIPAA compliance. Azure AD Conditional Access provides access controls, audit logs provide the required audit trails, and sensitivity labels can classify ePHI. Microsoft signs a Business Associate Agreement for M365 services.

What are examples of HIPAA?▼

Examples of HIPAA include: §164.312(d) - Authentication requirement, §164.312(b) - Audit controls, §164.312(a)(1) - Access control.

Which TrueConfig controls relate to HIPAA?▼

TrueConfig controls related to HIPAA include: ID-01, CA-01, LOG-01, GOV-01. These controls help implement and verify hipaa in your environment.