Skip to content

Microsoft Secure

This article in our compliance series looks at how the Microsoft Security Development Lifecycle (SDL) helps organizations meet compliance requirements under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.

HIPAA is legislation which affects organizations operating in the United States who provide health insurance coverage for workers and their families. The Act also defines policies, procedures and guidelines for protecting the privacy and security of individually identifiable health information through a series of rules. One of these rules is the Security Rule which deals specifically with standards for the handling and storage of Electronic Protected Health Information (EPHI).

In the whitepaper “SDL and HIPAA,” we discuss how the Microsoft SDL can help organizations comply with requirements of the HIPAA Security Rule, as well as the HIPAA Privacy Rule while also creating or integrating more secure software and services. The paper discusses how SDL practices and HIPAA requirements intersect in very practical ways by using two common scenarios in the healthcare software ecosystem:

  • Developing new software and services.
  • Integrating new software modules or interfaces for a medical environment.

The paper is designed for business decision makers, compliance managers, software and service developers, IT consultants, and systems integrators who are working within or on behalf of organizations that must meet HIPAA compliance requirements.

For more information on software and compliance, I encourage you to check out the Microsoft SDL compliance center

Tim Rains
Trustworthy Computing