Originally Posted by
bb10adopter111 It sounds like you have a great email solution, but you're not correct about Office 365 or G Suite, both of which are used by many health care providers and health systems.
As someone who has worked in both cybersecurity and for a leading analytics firm with some of the US's largest health systems, I can assure you that both Cloud Exchange with Office 365 and Gmail with G Suite are fully HIPAA compliant, if implemented as documented for HIPAA compliance. You'd need to execute a standard BAA agreement with Microsoft or Google, and follow their configuration guidelines.
NOTE: Not all G Suite apps are covered by Google's BAA. Last I checked, Google Contacts was not, so could NOT be used with PHI.
Posted with my trusty Z10