The moment a lawyer saves their medical records in a way that unintentionally and without their consent uploads them to OneDrive, they have a pretty solid case to charge Microsoft for a HIPAA violation.
However I’ve got no sympathy for even a small business to use IT without someone configuring their system in a way that controls this. A lawyer of all people know that knowledge is worth something.
HIPAA doesn’t even require encryption. It’s considered “addressable”. They just require access be “closed”. You can be HIPAA compliant with just Windows login, event viewer, and notepad.
(Also HIPAA applies to healthcare providers. Adobe doesn’t need to follow HIPAA data protection, though they probably do because it’s so lax, just because you uploaded a PDF of a medical bill to their cloud.)
The moment a lawyer saves their medical records in a way that unintentionally and without their consent uploads them to OneDrive, they have a pretty solid case to charge Microsoft for a HIPAA violation.
https://www.hipaajournal.com/onedrive-hipaa-compliant/#
Totally feasible to use onedrive.
However I’ve got no sympathy for even a small business to use IT without someone configuring their system in a way that controls this. A lawyer of all people know that knowledge is worth something.
HIPAA doesn’t even require encryption. It’s considered “addressable”. They just require access be “closed”. You can be HIPAA compliant with just Windows login, event viewer, and notepad.
(Also HIPAA applies to healthcare providers. Adobe doesn’t need to follow HIPAA data protection, though they probably do because it’s so lax, just because you uploaded a PDF of a medical bill to their cloud.)