Breach policy RRS feed

  • Question

  • Not sure if this is the correct forum for this.

    Writing up our privacy policy.

    So we have to notify Microsoft of a breach of our application?

    What is Microsoft's policy of a breach of the HV platform from their side?

    Is Microsoft following the latest HITECH guidelines for PHR breaches?

    I know that MS is not required to follow HIPAA, but just trying to get some details on a breach of the HV platform from the MS side.

    I want to give our users as much detail as possible, and try to comply to HIPAA as much as possible on our end.

    Thursday, November 19, 2009 8:10 PM


All replies

  • Hello Gary,

    I am following this internally now and will have an update soon.
    Thursday, November 19, 2009 10:06 PM
  • Thanks.

    Appreciate it.

    Friday, November 20, 2009 6:11 PM
  • Hello Gary,

    Microsoft's policy for notifying HealthVault Solution Providers is covered in detail in the HealthVault Solution Provider agreement that each company signs before going live on the platform. 

    Some of the terms of this agreement are posted at http://msdn.microsoft.com/en-us/healthvault/cc268231.aspx but you can contact hvbd@microsoft.com to see a current and complete copy of the agreement.

    Friday, November 20, 2009 6:25 PM
  • Just FYI for everyone-- non-technical business questions are best sent to hvbd@microsoft.com, as this is a technical forum.  Any legal or business questions are best handled directly.
    Wednesday, December 2, 2009 11:39 PM