At xRM, we frequently hear two questions from our customers who work in the medical industry, whether are they doctors, dentists, clinics, or health insurance companies:

  1. Is Microsoft Dynamics CRM HIPAA compliant?
  2. Will Microsoft provide a signed HIPAA-BAA?

The Health Insurance Portability and Accountability (HIPAA) Act and The Health Information Technology for Economic and Clinical Health (HITECH) Act are two federal laws that govern the handling of personal health information (PHI) Personal Health Records (PHR). The laws require that all hospitals, insurance providers, and medical offices (known as HIPAA-covered entities or entities for short) maintain control of and security over this personal information. The acts require that vendors that provide services to HIPAA-covered entities comply with the regulations as well. Microsoft Dynamics CRM Online meets all of the requirements of HIPAA and HITECH.

A Business Associate Agreement (BAA) is a contract between a HIPAA-covered entity and a vendor that provides that entity with services. HIPAA and HITECH impose regulations on those vendors who use and disclose PHI. Microsoft will provide a signed HIPAA-BAA for any of its CRM Online customers who request it. You can request a signed HIPAA-BAA here.

You can read more about Microsoft’s commitment to security and privacy by visiting the Microsoft Trust Center.