Updated November 2016. HIPAA and the HITECH Act are United States laws that apply to most doctors’ offices, hospitals, health insurance companies, and other companies involved in the healthcare industry that may have access to patient information (called Protected Health Information, or PHI). In many circumstances, for a covered healthcare company to use a service such as Microsoft Azure, the service provider must agree in a written agreement to adhere to certain security and privacy provisions set out in HIPAA and the HITECH Act. This guide was developed to assist customers interested in HIPAA and the HITECH Act to understand the relevant capabilities of Microsoft Azure. The intended audience for this guide includes privacy officers, security officers, compliance officers, and others in customer organizations responsible for HIPAA and HITECH Act implementation and compliance. While Microsoft Azure includes features to help enable customers’ privacy and security compliance, customers are responsible for ensuring their particular use of Azure complies with HIPAA, the HITECH Act, and other applicable laws and regulations.