HIPAA Teams and Private Channels

Temple University provides access to Microsoft Teams as part of its Microsoft 365 suite, which supports HIPAA compliance. Temple has a Business Associate Agreement (BAA) in place with Microsoft, allowing Teams to be used for protected health information (PHI) when configured correctly. While the Microsoft 365 environment includes the necessary tools for compliance—such as multi-factor authentication, audit logging, and data protection policies—it is the responsibility of individual departments and users to ensure those features are enabled and Teams are used in accordance with university policies and federal regulations.

When creating a Team that may involve PHI or sensitive health-related data, it is essential that the Team is set to Private at the time of creation. This prevents unauthorized access and ensures that only explicitly added members can view content. Public Teams are never appropriate for HIPAA-related data. For more information on creating a private Team and private Channel review Manage Teams and Channels.