HIPAA & BAA · Unified communications / collaboration
Is Microsoft Teams HIPAA compliant?
Conditionally. Microsoft signs a BAA, but only for eligible paid Microsoft 365/Office 365 plans, and the BAA is delivered through the Microsoft Product Terms / Data Protection Addendum rather than a separately negotiated document for most customers.
Key facts
- BAA available: Conditionally — on specific plans
- What it takes: Eligible paid Microsoft 365 / Office 365 commercial or government plans; not available on free tier or personal accounts
- Official source: Microsoft Learn — HIPAA/HITECH compliance offering — https://learn.microsoft.com/en-us/compliance/regulatory/offering-hipaa-hitech (verified 2026-06)
How to use Microsoft Teams in a HIPAA-compliant way
- Subscribe to a HIPAA-eligible Microsoft 365 or Office 365 commercial/government plan
- Review the HIPAA BAA terms incorporated into Microsoft's Data Protection Addendum (DPA) / Product Terms
- Confirm your tenant and Teams settings are configured for HIPAA (enforce MFA, access controls, data handling policies)
- Restrict PHI to in-scope, covered services and disable non-covered integrations
- Document acceptance and retain the DPA/BAA terms with your compliance records
Important caveats
- Teams Free and personal Microsoft accounts are NOT covered and must never be used for PHI
- Coverage depends on configuration (e.g., MFA) and using only in-scope services; misconfiguration can fall outside the BAA
- Microsoft is the business associate but your organization remains responsible for its own HIPAA safeguards — confirm scope details directly with Microsoft
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring Microsoft Teams correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with Microsoft Teams.
Frequently asked questions
Does Microsoft Teams sign a BAA?
On specific plans. Eligible paid Microsoft 365 / Office 365 commercial or government plans; not available on free tier or personal accounts A signed BAA is required before any PHI is involved.
Is Microsoft Teams HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when Microsoft Teams offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using Microsoft Teams with PHI?
Teams Free and personal Microsoft accounts are NOT covered and must never be used for PHI
