Power Virtual Agents is HIPAA, SOC, ISO, and CSA compliant

I am happy to announce that Power Virtual Agents is now covered under HIPAA (Health Insurance Portability and Accountability Act) BAA (Business Associate Agreement) and is a Core Online Service in the Microsoft Online Services Terms (OST).

Power Virtual Agents also acquired System and Organization Controls (SOC), International Organization for Standardization (ISO), and Cloud Security Alliance (CSA) certifications which are required by enterprise customers. You can find the SOC and ISO reports on Microsoft Service Trust Portal.

The HIPAA is a US healthcare law that establishes requirements for the use, disclosure, and safeguarding of individually identifiable health information. It applies to covered entities — doctors’ offices, hospitals, health insurers, and other healthcare companies — with access to patients’ protected health information (PHI), as well as to business associates, such as cloud service and IT providers, that process PHI on their behalf.

Customers can now create bots with Power Virtual Agents that can handle protected health information (PHI) when your organizations are bound by HIPAA (a US health information act). Scenarios that involve PHI include using a chatbot to:

1. Ask individuals to provide their health information (blood pressure, weight, and so on)
2. Capture health information and personally-identifying information (such as the customer’s IP address or email)

NOTE: PVA is still not intended for use as a medical device. See the disclaimer on PVA’s intended use and medical devices.

To learn more about Power Virtual Agents compliance, see documentation here.

We’d love to hear about your experience with this feature! Please visit our community forum at https://aka.ms/PowerVirtualAgentsForum and share your feedback.

If you have any idea requests, please submit them at https://aka.ms/PowerVirtualAgentsIdeas.