The healthcare industry is in a major period of transformation and IT modernization. More than ever, healthcare providers and professionals are faced with the need to be more efficient, reduce costs and collaborate seamlessly as virtual teams to deliver higher quality care for more people at a lower cost point. Healthcare organizations are increasingly looking to cloud technologies to help them meet these goals. However, a natural concern with using cloud technology is keeping sensitive health information private and secure.

At Microsoft, we understand that each person or entity using or maintaining protected health information (PHI), including the cloud vendor, must adhere to strict privacy and security standards. This is why Microsoft is committed to meeting or exceeding HIPAA requirements for all data housed in our enterprise cloud computing environment. This is also why the company became the first major IT cloud provider to offer a comprehensive and peer-reviewed Business Associate Agreement (BAA) for many of its cloud solutions.

Microsoft’s strong track record as a trusted data steward and its willingness to offer a comprehensive BAA was one of the major reasons that University of Colorado Health (UCHealth) chose e Microsoft Office 365 over other vendor cloud solutions.

Clearly, data privacy is an issue that is only growing in importance. As more healthcare systems follow UCHealth’s lead in moving to the cloud, organizations should choose cloud vendors who have a demonstrated history of addressing HIPAA obligations, and transparent in their commitment to keeping not only PHI, but all their data private and secure in the cloud..

My colleague, Dr. Dennis Schmuland, Chief Health Strategy Officer, U.S. Health and Life Sciences, Microsoft, continues this discussion in a blog post on the Microsoft on the Issues blog here. Read a press release here to learn more about University of Colorado Health’s migration to Office 365.

For further information regarding Microsoft’s commitments to cloud security, privacy and compliance transparency, see: and