HIPAA Compliance for OneDrive

When the University of Colorado of Denver shares information, internally or externally, it is important that the confidentiality, integrity, and availability of that data be preserved. That is no small task, especially with so many cloud storage options available. Microsoft has entered into a Business Associate Agreement (BAA) with the University of Colorado of Denver | Anschutz Medical Campus. This agreement helps provide university students, faculty, and staff with a tool for collaboration and secure file sharing, OneDrive for Business.  

OneDrive for Business is different from OneDrive, which is a consumer product for personal use. If you have a OneDrive account for personal use be careful when selecting OneDrive to save or share a file by making sure to choose “OneDrive – The University of Colorado Denver.”

Though OneDrive for Business is configured for HIPAA compliance, you should use caution in the type of data stored as well as with whom and how the data is shared (same university HIPAA policies and procedures apply). By default, files stored and/or created in the OneDrive for Business are set to private. You can still share files or folders with one or more individuals, choose to grant access that is read-only, or you can grant permission to edit the file.

HIPAA Compliance Depends on all of us. Please review the following information:

If you have any questions regarding this service, please contact the CU Denver | Anschutz Medical Campus OIT Service Desk at 303.724.4357.