Microsoft Defender Experts services are now HIPAA and ISO certified

We are excited to announce that Microsoft Defender Experts for XDR and Microsoft Defender Experts for Hunting can help healthcare and life sciences customers meet their Health Insurance Portability and Accountability Act (HIPAA) obligations. To perform proactive threat hunting and managed detection and response on behalf of our customers, the Defender Experts team needs access to Microsoft Defender Portal alerts, incidents, and advanced threat hunting data. Now, customers can leverage Defender Experts services through a Business Associate Agreement (BAA) to support HIPAA compliance when they are able to ensure that protected health information (PHI) is appropriately protected.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the regulations issued under HIPAA are a set of U.S. health care laws that establish requirements for the use, disclosure, and protection of individually identifiable health information. HIPAA applies to covered entities (e.g., health care providers, health plans, etc.) that create, receive, maintain, transmit, or access PHI from patients. HIPAA also applies to business partners of covered entities that perform certain functions or activities involving PHI as part of providing services to covered entities or on behalf of covered entities.

The Microsoft services included in the BAA have been audited by an accredited independent auditor for Microsoft International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 certification and Health Information Technology for Economic and Clinical Health (HITRUST) Common Security Framework (CSF) certification. Both Defender Experts services are ISO 27001, 27017, and 27018 certified.

• ISO 27001 provides guidance for companies of all sizes and in all sectors of activity to establish, implement, maintain and continually improve an information security management system.
• ISO 27017 provides guidance on information security controls applicable to the provision and use of cloud services by providing additional implementation guidance on the relevant controls specified in ISO/IEC 27002 (access control, encryption, human resource security and incident response), and by providing additional controls with implementation guidance specifically related to cloud services.
• ISO 27018 provides guidelines based on ISO/IEC 27002, taking into account regulatory requirements for PII protection that may apply within the information security risk environment of public cloud service providers.

To learn how Microsoft helps healthcare and life sciences customers demonstrate compliance, visit: Microsoft HIPAA Compliance Documentation Page.

Click here Learn more about our services or check out: Microsoft Defender Expert for XDR and Microsoft Defender Expert for Hunting The manual page. Be sure to bookmark it. Defender Experts Ninja Hub Check out our latest resources and videos.