Safer in the Cloud: Office 365 and HIPAA Data
By Gil Vidals, , HIPAA Blog, HIPAA Email, HIPAA Outlook, Resources

You like saving everything to your hard drive – it’s what you do. Then your laptop or tablet gets lifted, right out of your car.

Sure, you thought it was safer to have sensitive information under your own watchful eye – except when it was on your car seat, while you went to the 7-11 to get gum. (Expensive gum!)

Then again, computer hard drives have been stolen right out of offices, and cell phones with private health data have fallen into the wrong hands, leading to serious breaches. Which brings up a question:

Is sensitive data – such as Protected Health Information (PHI) that passes through your Office 365 apps and remains on your hard drive – really safer than in the cloud?

Here, some of you may be asking, “But how can I safely entrust my data to something that sounds so… out of reach? How do I even understand “the cloud,” and where is it anyway?” 

Though admittedly a nebulous concept, the cloud is really just shorthand for a network of sophisticated server networks and data centers (think Google or Microsoft Azure) that are geographically distributed and offer essentially unlimited data storage and cost-effective pricing. 

The Truth About Cloud Security

Both Microsoft Azure and Google have invested heavily in security, both can support HIPAA compliance, and both promise near 99.99% uptime. So the truth is, HIPAA data contained in apps like Office 365 (once configured for HIPAA) is actually much safer in a secured, HIPAA compliant cloud than when downloaded onto your hard drive. 

Consider for a moment the potential threats to your own computer: damage, hard drive failure, fires and floods, etc.; risk from fellow employees (see this Insider Data Breach survey); even gaps in your local IT security systems. These are all significantly decreased or eliminated in the cloud. 

Of course, the cloud is attractive for its many other advantages, such as anywhere access on different devices, online collaboration with multiple employees, file-sharing with OneDrive (or our own solution, HIPAA Drive), and built-in backups. As always, users are responsible to establish and maintain HIPAA safeguards for privacy and workplace security and use all solutions in a HIPAA compliant manner. 

The HIPAA Vault Difference

Like all HIPAA Vault cloud solutions, security is paramount. Our HIPAA Compliant email for Outlook has at-rest and in-transit encryption to give you the end-to-end security needed to protect your data. And, our 24/7 managed security services – standard with all our solutions – means that we’re on the job for you, in support of any technical questions and needs that may arise.   

Questions about HIPAA Compliant Outlook or Office 365? Give us a call (760-290-3460), or visit us at

HIPAA Vault is a leading provider of HIPAA compliant solutions, enabling healthcare providers, business organizations, and government agencies to secure their protected health information from data breaches, threats, and security vulnerabilities. Customers trust HIPAA Vault to mitigate risk, actively monitor and protect their infrastructure, and ensure that systems stay online at all times. In addition to HIPAA Compliant WordPress, HIPAA Vault provides secure email and file sharing solutions to improve patient communications. For more information, please visit our website at