Microsoft Azure portal Build, manage, and monitor all Azure products in a single, unified console Azure Purview Maximize business value with unified data governance Azure mobile app Stay connected to your Azure resources—anytime, anywhere.
The Trust Center is where you can find security and privacy settings for Microsoft Office programs. With the consistent appearance of the ribbon in Office programs, steps to find the Trust Center are the same for each program. The options available in the Trust Center allow you to share documents with the people you want, as well as to find and remove hidden information you may not want to disclose. To learn more about Office privacy, read the Microsoft Privacy Statement.
Important: If you're using Version 1904, or newer, of Microsoft Office then your privacy settings have moved. For information about how to access them see: Account Privacy Settings.
In an Office program, on the File tab, click Options.
Click Trust Center, and then click Trust Center Settings. The following screen is an example from Word:
Click the area that you want (on the left pane) and make the selections you need. For example, to change the privacy settings, click Privacy Options.
When changing privacy settings, you should make selections that will help set the level of Office privacy you want. The selections can include getting notification if a document is from a suspicious website or links to one, or making hidden markup visible when files are opened and saved.
Note: When you select Let Office connect to online services from Microsoft to provide functionality that's relevant to your usage and preferences, Office connects to online services and sites provided by Microsoft, such as Bing Maps, Insights, and Bing Weather.
Click OK when finished.
Important: Changing Trust Center settings can greatly reduce or increase the security of your computer, its data, data on your organization's network, and other computers on that network. We advise that you consult with your system administrator, or carefully consider the risks, before making changes to Trust Center settings.
Help improve Office!
Select Trust Center then Trust Center Settings. On the resulting page, click Macro Settings. Select the Disable all macros with notification option so that the macros will be disabled but you will receive a popup window asking if you want to enable macros individually. The Microsoft Service Trust Portal provides a variety of content, tools, and other resources about Microsoft security, privacy, and compliance practices. Accessing the Service Trust Portal The Service Trust Portal contains details about Microsoft's implementation of controls and processes that protect our cloud services and the customer data.
To participate in the work to improve Office products, follow these steps.
In an Office program, on the File tab, click Options.
Click Trust Center, and then click Trust Center Settings. The following screen is an example from Word:
Click Privacy Options.
Click the check box next to Get designs, information, recommendations, and services by allowing Office to access and make product improvements based on Office content on my device.
Here's some helpful information you should know about helping us improve Office:
If you are willing to participate, you don't have to do any additional work. You never have to complete a form, fill out a survey, or answer a telephone call.
Microsoft automatically collects information from your computer, including the error messages that are generated by the software and when they are generated, the kind of computer equipment that you are using, whether your computer is having any difficulty running Microsoft software, and whether your hardware and software respond well and perform rapidly. In general, this information is collected once each day.
This information is not used in advertising or sales in any way. Microsoft does not share this information with any other company. When you join the program, an identification number is generated randomly. That number is the only identification that is used when you share information with Microsoft. Because the number is completely random, Microsoft cannot trace your information back to you — and neither can anyone else.
See Also
-->HIPAA and the HITECH Act overview
The Health Insurance Portability and Accountability Act (HIPAA) is a US healthcare law that establishes requirements for the use, disclosure, and safeguarding of individually identifiable health information. It applies to covered entities, doctors' offices, hospitals, health insurers, and other healthcare companies, with access to patients' protected health information (PHI), as well as to business associates, such as cloud service and IT providers, that process PHI on their behalf. (Most covered entities do not carry out functions such as claims or data processing on their own; they rely on business associates to do so.)
The law regulates the use and dissemination of PHI in four general areas:
- Privacy, which covers patient confidentiality.
- Security, which deals with the protection of information, including physical, technological, and administrative safeguards.
- Identifiers, which are the types of information that cannot be released if collected for research purposes.
- Codes for electronic transmission of data in healthcare-related transactions, including eligibility and insurance claims and payments.
The scope of HIPAA was extended with the enactment of the Health Information Technology for Economic and Clinical Health (HITECH) Act. Together, HIPAA and HITECH Act rules include:
- The HIPAA Privacy Rule, which focuses on the right of individuals to control the use of their personal information, and covers the confidentiality of PHI, limiting its use and disclosure.
- The HIPAA Security Rule, which sets the standards for administrative, technical, and physical safeguards to protect electronic PHI from unauthorized access, use, and disclosure. It also includes such organizational requirements as Business Associate Agreements (BAAs).
The HITECH Breach Notification Final Rule, which requires giving notice to individuals and the government when a breach of unsecured PHI occurs.
Microsoft and HIPAA and the HITECH Act
HIPAA regulations require that covered entities and their business associates, in this case, Microsoft when it provides services, including cloud services, to covered entities, enter into contracts to ensure that those business associates will adequately protect PHI. These contracts, or BAAs, clarify and limit how the business associate can handle PHI, and set forth each party's adherence to the security and privacy provisions set forth in HIPAA and the HITECH Act. Once a BAA is in place, Microsoft customers (covered entities) can use its services to process and store PHI.
Currently there is no official certification for HIPAA or HITECH Act compliance. However, those Microsoft services covered under the BAA have undergone audits conducted by accredited independent auditors for the Microsoft ISO/IEC 27001 certification.
Microsoft enterprise cloud services are also covered by FedRAMP assessments. Microsoft Azure and Microsoft Azure Government received a Provisional Authority to Operate from the FedRAMP Joint Authorization Board; Microsoft Dynamics 365 U.S. Government received an Agency Authority to Operate from the US Department of Housing and Urban Development, as did Microsoft Office 365 U.S. Government from the US Department of Health and Human Services.
To learn how the Microsoft Cloud helps customers support HIPAA and the HITECH requirements, visit Microsoft Customer Stories.
Microsoft in-scope cloud services
- Microsoft Cloud App Security
- Microsoft Healthcare Bot Service
- Microsoft Stream
- Microsoft Professional Services: Premier and On Premises for Azure, Dynamics 365, Intune, and for medium business and enterprise customers of Microsoft 365 for business
- Power Automate (formerly Microsoft Flow) cloud service either as a standalone service or as included in an Office 365 or Dynamics 365 branded plan or suite
- Intune
- PowerApps cloud service either as a standalone service or as included in an Office 365 or Dynamics 365 branded plan or suite
- Power BI cloud service either as a standalone service or as included in an Office 365 or Dynamics 365 branded plan or suite
- Azure DevOps Services
Accelerate your deployment of HIPAA/HITRUST solutions on Azure
Get a head start on taking advantage of the benefits of the cloud for health data solutions with the Azure Security and Compliance Blueprint: HIPAA/HITRUST Health Data and AI. This blueprint provides tools and guidance to get you started building HIPAA/HITRUST solutions today.
Frequently asked questions
Can my organization enter into a BAA with Microsoft?
Microsoft offers qualified companies or their suppliers a BAA that covers in-scope Microsoft services.
For Microsoft cloud services: The HIPAA Business Associate Agreement is available via the Online Services Terms by default to all customers who are covered entities or business associates under HIPAA. See 'Microsoft in-scope cloud services' on this webpage for the list of cloud services covered by this BAA.
For Microsoft Professional Services services: The HIPAA Business Associate Amendment is available for in-scope Microsoft Professional Services upon request to your Microsoft services representative.
Microsoft Office Trust Center Macro
Does having a BAA with Microsoft ensure my organization's compliance with HIPAA and the HITECH Act?
No. By offering a BAA, Microsoft helps support your HIPAA compliance, but using Microsoft services does not on its own achieve it. Your organization is responsible for ensuring that you have an adequate compliance program and internal processes in place, and that your particular use of Microsoft services aligns with HIPAA and the HITECH Act.
Can Microsoft modify my organization's BAA?
Microsoft cannot modify the HIPAA BAA, because Microsoft services are consistent for all customers and so must follow the same procedures for everyone. However, to create the BAA for Microsoft's HIPAA-regulated customers and its services, Microsoft collaborated with some of the leading US medical schools and their HIPAA privacy counsel, as well as other public- and private-sector HIPAA-covered entities.
How can I get copies of the auditor's reports?
The Service Trust Portal provides independently audited compliance reports. You can use the portal to request audit reports so that your auditors can compare Microsoft's cloud services results with your own legal and regulatory requirements.
How can I learn more about complying with HIPAA and the HITECH Act?
To assist customers with this task, Microsoft has published these guides:
Microsoft Office Trust Center For Mac
- HIPAA/HITECH Act implementation guidance for Azure and for Dynamics 365 and Office 365. Written for privacy, security, and compliance officers and others responsible for HIPAA and HITECH Act implementation, they describe concrete steps your organization can take to maintain compliance.
- Practical guide to designing secure health solutions using Microsoft Azure helps you better understand what it takes to successfully adopt a cloud service in a secure manner.
- Addressing HIPAA security and privacy requirements in the Microsoft Cloud offers a brief overview of regulation requirements. It also provides a detailed analysis of how Microsoft's cloud services were built with methodologies that map to those requirements, and guidance on how to build compliance-ready solutions.
Use Microsoft Compliance Manager to assess your risk
Microsoft Compliance Manager is a feature in the Microsoft 365 compliance center to help you understand your organization's compliance posture and take actions to help reduce risks. Compliance Manager offers a premium template for building an assessment for this regulation. Find the template in the assessment templates page in Compliance Manager. Learn how to build assessments in Compliance Manager.
Resources
- HIPAA Omnibus Rule (The final regulations-modifying HIPAA rules)
- Understanding HIPAA Compliance with Azure(May 19, 2016)