Topics Map > Office of Cybersecurity > Cyber Risk Management & Compliance > HIPAA M365 Controls

HIPAA M365 Controls - Domains approved for M365 auto-forwarding within Health Care Component

Auto-forwarding email to approved domains by users within the UW-Madison Health Care Component is permitted. The following domains are approved for auto-forwarding. This list is reviewed and approved periodically by the Office of Cybersecurity and Office of Compliance.

Auto-forwarding to domains outside of the UW-Madison Health Care Component (HCC) and/or the UW-Madison Affiliated Covered Entity (ACE) is not permitted. Auto-forwarding between wisc.edu addresses and non-HCC / non-ACE domains creates the potential for HIPAA Privacy Rule violations.

This list is reviewed and approved periodically by the Office of Cybersecurity and Office of Compliance.

Domains approved for auto-forwarding within the UW-Madison Health Care Component:

  • all @wisc.edu subdomains that are part of UW-Madison's Microsoft365 tenant (such as medicine.wisc.edu, show.wisc.edu, clinicaltrials.wisc.edu, etc.)
  • athletics.wisc.edu
  • fammed.wisc.edu
  • hosp.wisc.edu
  • ortho.wisc.edu
  • rehab.wisc.edu
  • slh.wisc.edu
  • uwathletics.com
  • uwbadgers.com
  • uwhealth.org
  • uwhealthcaredirect.com
  • uwmf.wisc.edu


Keywords:
HIPAA, Risk Analyst, Security Coordinator, auto-forward, Microsoft 365, M365, HCC, Health Care Component, HIPAA, M365 Controls 
Doc ID:
93899
Owned by:
Patti H. in Cybersecurity
Created:
2019-08-15
Updated:
2024-08-05
Sites:
Office of Cybersecurity