Is Azure SQL HIPAA compliant yet? if not, when will it be? we have a solution that utilizes Azure services heavily and Azure SQL is an important component of this solution. it is not ideal to not have it covered as well.

also, if it is NOT currently HIPAA compliant, then what is the recommended approach to integrating SQL Server into an Azure solution? should we host SQL Server on-premise with a Service Bus connection to our cloud services, or host it within Virtual Machine(s) hosted in Azure? if we take that approach, how do we setup fail-over scenarios to ensure the VM solution is as reliable as on-premise?

thanks in advance from your comments and a

Hello,

1.Windows Azure announced in July 2012 that it's offering HIPAA BAA to customers and partners who need to build HIPAA compliant applications. But the BAA is not yet available for Windows Azure SQL Database.For more information, please review Windows Azure Trust Center compliance page and Windows Azure HIPAA Implementation Guidance document.

2. Windows Azure provides high availability mechanisms, such as service healing for cloud services and failure recovery detection for the Virtual Machines. When running SQL Server in Windows Azure VMs, Windows Azure doesn't guarantee the desired HADR capabilities of SQL Server. But you can deploy high availability solution for your SQL Server databases in Windows Azure using AlwaysOn Availability Groups or database mirroring.

Reference:High Availability and Disaster Recovery for SQL Server in Windows Azure Virtual Machines

Regards,
Fanny Liu

If you have any feedback on our support, please click here.

thank you for your response.

does this mean that running SQL Server within Azure VMs is the recommended approach to HIPAA compliance until Windows Azure SQL Database is covered by the BAA? I don't want to have a complicated VM deployment in Azure because of the added cost, complicated setup, and unknown territory.

basically, what is the easiest solution (that is HIPAA compliant) to enable our Azure cloud services to communicate with a SQL Server database since Windows Azure SQL Database is not yet covered by the BAA? perhaps it is easier to keep the SQL DB on-premise? if so, how do we enable communication between Azure and our on-premise network?

please advise. thanks!

Same question. I've read the docs on compliance and they really don't help with the "when" question.  I'm trying to find out when this story will change and the BAA can cover the service.  The VM story has it's own pain as Microsoft reserves the right to bounce your VM at any time, to update the host machine.  From what I've seen, they don't even use their own technology to protect the VMs from that bouncing.  Sql Server doesn't really like that and can result in pretty extensive downtime.   That means we get to manage Sql clustering ourselves, to minimize that hit.  That's fine, but really makes the cloud solution even more pain than managing it on premise.  Very quickly, we end up losing all the advantages we hoped to gain. 

I'd really like to use the Sql Services, but this is kind of a showstopper.  Has anyone seen a roadmap or have information that would help me determine if I need to abandon Azure as a potential solution?  

Thanks