top of page
Search
  • Hanna Korotka

Securing Health Data: Mastering HIPAA Compliance with Microsoft Purview DLP


In today's healthcare technology landscape, adhering to HIPAA is about more than compliance; it's crucial for patient trust and care reliability. With the shift towards cloud-based solutions and digital processes, safeguarding sensitive health information is paramount, especially under the framework of managed security for Microsoft 365.


Microsoft Purview's Data Loss Prevention (DLP) policy is key in this regard, aligning with managed compliance for Microsoft cloud. This post will guide you through setting up a Microsoft Purview DLP policy to not only fulfill HIPAA's rigorous requirements but also enhance your data security strategy, a core aspect of security and compliance for Microsoft 365. Mastering this tool is essential for anyone in healthcare IT or compliance, ensuring patient data safety and upholding HIPAA's high standards, thereby contributing to cybersecurity for Microsoft 365.


Set up Data Loss Prevention (DLP)


You need to set up two DLP policies:


DLP policy for the detecting the presence of information subject to United States Health Insurance Portability and Accountability Act (HIPAA) in SharePoint sites, OneDrive accounts, and Teams chat and channel messages.


DLP policy to track to track and encrypt automatically HIPAA related sensitive information that is sent in email message.


Go to Microsoft Purview > Data loss prevention > Policies > select Create policy and configure two polices as outlined in the table below.


DLP (Email)

DLP (Data)

Location

SharePoint sites OneDrive accounts Teams chat and channel messages

Exchange email

Conditions

(including sensitive information types)

Contains any of the following sensitive information:

U.S. Social Security Number (SSN) - Min count 1, Max count any

Drug Enforcement Agency (DEA) Number - Min count 1, Max count any

AND

Content contains any of these terms:

International Classification of Diseases (ICD-9-CM) - Min count 1, Max count any

International Classification of Diseases (ICD-10-CM) - Min count 1, Max count any


Content is shared with:

People outside my organization

(including sensitive information types)

Contains any of the following sensitive information:

U.S. Social Security Number (SSN) - Min count 1, Max count any

Drug Enforcement Agency (DEA) Number - Min count 1, Max count any

AND

Content contains any of these terms:

International Classification of Diseases (ICD-9-CM) - Min count 1, Max count any

International Classification of Diseases (ICD-10-CM) - Min count 1, Max count any


Content is shared with:

People outside my organization

Action

Block users from receiving email or accessing shared SharePoint, OneDrive, and Teams file: - Block only people outside your organization


Encrypt email messages - Encrypt

Setting up a Microsoft Purview DLP policy is essential for HIPAA compliance, protecting patient privacy and data security. This post guides healthcare organizations in reducing data breach risks and unauthorized access. HIPAA compliance goes beyond legalities; it cultivates a security and trust culture. As digital transformation advances in healthcare, robust DLP policies become vital. Microsoft Purview is a key tool in ensuring compliance and safeguarding patient data, helping you leverage technology for outstanding patient care. Stay informed and compliant.


To help you to have peace of mind knowing your business is secure, click here to schedule a Microsoft 365 Secure Score review with our experts today. We'll evaluate your current cybersecurity measures, identify potential vulnerabilities, and help you implement a strategic security plan to keep your company safe.


20 views0 comments

Get the Latest News to Your Inbox

bottom of page