✖

Related Products
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
EventLog Analyzer

Real-time Log Analysis & Reporting
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo

Health Insurance Portability and Accountability Act (HIPAA)

Enacted in 1996, the Health Insurance Portability and Accountability Act is a federal law in the United States that focuses on safeguarding the privacy and security of individuals' protected health information (PHI). It establishes national standards for the collection, use, and disclosure of PHI. HIPAA encompasses various rules that healthcare organizations must adhere to, such as the Privacy Rule, Security Rule, Breach Notification Rule, and Enforcement Rule. Non-compliance with HIPAA can lead to substantial fines and legal consequences.

With the help of M365 Manager Plus, monitor your Microsoft 365 environment and obtain comprehensive reports on all objects, user logon activity, and more to become HIPAA compliant.

The following table lists the HIPAA compliance requirements and M365 Manager Plus reports that help meet them.

Section	Description	Reports
164.308 [164.308 (a)(1)(i), 164.308 (a)(1)(ii)(A), 164.308 (a)(1)(ii)(B), 164.308 (a)(1)(ii)(C), 164.308 (a)(1)(ii)(D), 164.308 (a)(3)(ii)(C), 164.308 (a)(4)(i), 164.308 (a)(4)(ii)(A), 164.308 (a)(4)(ii)(C), 164.308 (a)(5)(ii)(A), 164.308 (a)(5)(ii)(B), 164.308 (a)(5)(ii)(C), 164.308 (a)(5)(ii)(D), 164.308 (a)(6)(i), 164.308 (a)(6)(ii), 164.308 (a)(7)(ii)(B)]	Administrative safeguards: Security management process. Risk analysis. Risk management. Sanction policy. Information system activity review. Termination procedures. Information access management. Isolating health care clearing house functions. Access establishment and modification. Periodic security updates. Protection from malicious software. Log-in monitoring. Password management. Security incident procedures. Response and reporting. Disaster recovery plan.	Non-Owner Mailbox Access Undelivered Emails Messages by Subject OWA Logon by Users User To User Email Activity User Logon Activity Recent Successful Logon Recent Logon Failure Mailbox Auditing Mailbox Created Mailbox Deleted OneDrive Events Log
164.312 [164.312(a)(1), 164.312 (a)(2)(i), 164.312 (a)(2)(iii), 164.312 (b), 164.312 (c)(1), 164.312 (d), 164.312 (e)(2)(i)]	Technical safeguards: Standard: Access control. Unique user identification. Automatic logoff. Standard: Audit controls. Integrity. Person or entity authentication. Integrity controls.	OneDrive Events Log User Logon Activity Recent Successful Logon Recent Logon Failure Mailbox Auditing
164.316 [164.316(b)(1)(ii), 164.316(b)(2)(i), 164.316(b)(2)(ii)]	Policies and procedures and documentation requirements. Documentation Time limit. Availability.	OneDrive Events Log User Logon Activity Recent Successful Logon Recent Logon Failure
164.528 (a)	Right to an accounting of disclosures of protected health information	OWA Logon by Users User To User Email Activity

Steps to generate HIPAA compliance reports in M365 Manager Plus

Log on to M365 Manager Plus and navigate to the Reports tab.
In the left pane, click Compliance Reports.
Under HIPAA, click the report that you wish to generate.
Select the desired domain(s) and click Generate Now.

Previous Topic Next Topic