First I would say it is a very delicate matter to discuss HIPAA compliance as definition and standards goes across many boundaries. Both the application and the infrastructure where the application is running defines the aspect of HIPAA compliance. HIPAA uses the concept of Business Associate and Service Provider as defined in HITECH Act, and ancillary Federal Register rules. Running a HIPAA compliance application requires every piece of information verified & stored and every action with the data is recorded and audited. HIPAA compliance means security, privacy, accountability, auditing and many more things. Any healthcare applications which must have HIPAA / HITECH Act compliance may not be suitable on Windows Azure completely. However it is possible that you can combine Windows Azure and other technologies which are HIPAA approved to create a hybrid solution.
The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.
Can the Security breaches ( published in Microsoft bullitins ) adversly affect HIPAA protected medical records in HealthVault and EHR companies like Allscripts etc ( Microsoft "Partners") ?