Service Description
Microsoft 365 at Michigan Medicine is a cloud-based collaboration and file-storage service that provides a selection of productivity and collaboration tools to Michigan Medicine faculty, staff, students, sponsored affiliates with regular (not temporary) uniqnames. You can use Microsoft 365 to create, edit, share, and collaborate on cloud-based content. Tools include SharePoint Online, Office 365, Exchange/Outlook Email and Calendar, Teams, Forms, Power Automate, Planner, and others.
Compliance
Microsoft 365 at Michigan Medicine provides a secure environment in which to maintain or share data, including some types of sensitive regulated data classified as High. Data classified as Restricted may not be maintained or shared in Microsoft 365.
Microsoft OneDrive allows you to synchronize data in the cloud and on your devices. If you store and synchronize data in locations other than the OneDrive cloud storage, you will also need to follow any sensitive data restrictions for the devices and storage locations to which you synchronize.
U-M's agreement with Microsoft includes a Business Associate Agreement (BAA). This means this service is being designed for use of Protected Health Information (PHI) regulated by HIPAA. Complying with HIPAA's requirements is a shared responsibility. Users sharing and storing PHI in Microsoft 365 at Michigan Medicine are responsible for complying with HIPAA safeguards, including:
- Use and disclose only the minimum necessary PHI for the intended purpose.
- Obtain all required authorizations for using and disclosing PHI.
- Ensure that PHI is seen only by those who are authorized to see it.
- Follow any additional steps required by your unit to comply with HIPAA.