Read time: 4 minutes

The online records of a person are classified details that are not meant to be shared with a third party without that person’s consent. To protect the online medical records of American citizens, the US government enacted the Health Insurance Portability and Accountability Act, also known as HIPAA, in 1996. The law clearly states that healthcare, health insurance companies, and individual doctors cannot disclose the patient’s details to any third person or organization. It requires consent from the patient, and there will be a legal penalty for violating this act.

There are several sections (called titles) in this act, covering all the security, sharing, and availability of medical details.

Title I– Healthcare accessibility, portability, and renewability
It affects the health care plans for individuals, employees, and organizations. It gives several policy regulations to keep the plan alive in various situations and how the data should be protected and shared.

Title II – Prevention of health care fraud and abuse: medical liability reforms and simplification of data administration
The second title establishes various offenses that are punishable under HIPAA. It categorizes several rules for creating standards, policies, and procedures for keeping medical details private. There are privacy rules, security roles, and enforcement rules under this title.

Title III-A medical saving account for tax-related health provisions by the government
There is a medical savings account for employees covered under a high deductible plan by their employers. It will set the amount per person in a medical saving account.

Title IV – Group health insurance requirements and applicability
This title creates guidelines for applying for group health insurance plans based on the individual’s health history and other requirements.

Title V – Government tax deductions from employers
The final title provides the regulations for company-owned life insurance policies and similar products.

Several violations of the HIPAA Act have resulted in many Civil and Criminal penalties for the violators. The US Department of Health & Human Services Office for Civil Rights has reported more than 91,000 violations between 2003-2013, and 521 out of them were reported for higher authorities to consider as criminal activities.

When online medical records are saved in SharePoint lists or documents, then Microsoft is bound to follow HIPAA regulations. The SharePoint HIPAA Compliance provides a detailed whitepaper showing all the essential information to satisfy HIPAA compliance and cybersecurity diligence.

There are so many controls that a medical organization can use to secure the records and avoid the chances of data breaches.

Office 365 Security & Compliance Center

By leveraging Office 365 business standard and premium plan tools, you can increase data security according to SharePoint Online HIPAA compliance, and there will be no accidental data leakage.

  • Compliance Administrator
    Here you can manage settings for device management, data protection, data loss prevention, and preservation.
  • Security Operator
    This feature sets security alerts, view reports, and other security features.
  • Reviewer
    It is a role group, and a member of the reviewer group has permission to manage the record contents.
  • Records management
    The members of this role group can manage as well as dispose of records.
  • Organization Management
    The members of this role group can manage Exchange objects and delegate management roles to other uses. This role group should not be deleted.
  • Supervisory Review
    It will control the policies and permissions for reviewing employees’ communications.
  • Security Administrator
    The security administrator can set policies for data retention, data loss, audit logs, and device management.
  • Security Reader
    It will give view-only access to alerts, device management, DLP, and security logs.
  • eDiscovery Manager
    It runs searches and places hold on mailboxes, SharePoint Online sites, and OneDrive for Business locations.
  • Service Assurance User
    Such users can access the Security & Compliance Center service assurance section. This role group lets the user review documents connected with security, privacy, and compliance in Office 365.
  • Mail flow administrator
    It accesses recipients in the Exchange Admin Center.
  • Data Investigator
    It performs searches on mailboxes, SharePoint Online site, and OneDrive for Business.


All these features in Office 365 security & compliance center help the business to keep up with SharePoint HIPAA compliance. By using these features, you can set the controls at SharePoint Online, and it will ensure that a patient’s medical records are protected completely.
When you want to migrate your data present in SharePoint sites to other SharePoint accounts, your main consideration will be the data security in the new account. It will help if you use the Kernel Migration for SharePoint to ease out SharePoint Migration. It will not only migrate the data but also retains settings, metadata, and role groups. The data will be fully protected in the new account too.

Kernel Migration for SharePoint
Related Posts