Compliance Series: Microsoft SDL Helps Orgs Meet HIPAA Standards

This article in our compliance series looks at how the Microsoft Security Development Lifecycle (SDL) helps organizations meet compliance requirements under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.

HIPAA is legislation which affects organizations operating in the United States who provide health insurance coverage for workers and their families. The Act also defines policies, procedures and guidelines for protecting the privacy and security of individually identifiable health information through a series of rules. One of these rules is the Security Rule which deals specifically with standards for the handling and storage of Electronic Protected Health Information (EPHI).

In the whitepaper “SDL and HIPAA,” we discuss how the Microsoft SDL can help organizations comply with requirements of the HIPAA Security Rule, as well as the HIPAA Privacy Rule while also creating or integrating more secure software and services. The paper discusses how SDL practices and HIPAA requirements intersect in very practical ways by using two common scenarios in the healthcare software ecosystem:

  • Developing new software and services.
  • Integrating new software modules or interfaces for a medical environment.

The paper is designed for business decision makers, compliance managers, software and service developers, IT consultants, and systems integrators who are working within or on behalf of organizations that must meet HIPAA compliance requirements.

For more information on software and compliance, I encourage you to check out the Microsoft SDL compliance center

Tim Rains
Director
Trustworthy Computing

 

About the Author
Tim Rains

Chief Security Advisor, Microsoft Worldwide Cybersecurity & Data Protection

Tim Rains is Chief Security Advisor of Microsoft’s Worldwide Cybersecurity & Data Protection group where he helps Microsoft’s enterprise customers with cybersecurity strategy and planning. Formerly, Tim was Director Cybersecurity & Cloud Strategy in Trustworthy Computing at Microsoft, where he Read more »