Microsoft Office 365 Security for

Healthcare Organizations

February 2017

2

Table of Contents

Overview ....................................................................................................................................................... 3

Office 365 Summary...................................................................................................................................... 4

Security and Compliance Recommendations ............................................................................................... 5

Encryption Options ................................................................................................................................... 5

OneDrive Privacy and Security .................................................................................................................. 6

Regulatory Compliance Support ............................................................................................................... 7

Information Security Strategy and Policies Approach ............................................................................ 10

Mobile Device Management ................................................................................................................... 10

Data Loss Prevention .............................................................................................................................. 11

Audit Logging and Monitoring ................................................................................................................ 13

Access Controls ....................................................................................................................................... 13

Licensing Considerations ......................................................................................................................... 15

Conclusion ................................................................................................................................................... 16

3

Overview

The evolution and advances in healthcare information technology are driving innovative technical

solutions to improve organizational efficiency, population health, and patient outcomes across the

continuum of care. Healthcare organizations ranging from providers, payers, and Business Associates

have looked in recent years to take advantage of cloud-hosted platforms like Microsoft’s Office 365

solution to drive efficiencies and boost productivity amidst growing resource and budget constraints.

At the same time, the healthcare industry is reeling from sharp increases in attacks, new threat vectors,

and ramped up regulatory enforcement that has caused security to become a strategic business

requirement for cloud-based IT platforms and solutions like Office 365. Industry data shows the average

healthcare breach costs $355 per record stolen1 and approximately $2.2 million per breach event2.

Meditology Services has worked with healthcare entities across the country to deploy and secure

implementations of Microsoft’s Office 365 platforms and use cases to protect sensitive information and

systems including Protected Health Information (PHI). This paper outlines key considerations and

leading practices for securely deploying Office 365 in healthcare settings. Office 365 is a robust platform

with a variety of capabilities and security features. The recommendations provided in this paper should

be leveraged to take advantage of the lessons learned from other healthcare entities that have worked

to optimize the security and compliance of their Office 365 deployments.

Security considerations outlined in this paper include guidance and recommendations for addressing Office 365 capabilities regarding:

Encryption options

OneDrive privacy and security

Regulatory compliance support

Information security strategy and policies approach

Mobile Device Management (MDM) options

Data Loss Prevention (DLP) capabilities, rules, and policies

Audit logging and monitoring configurations

Access controls and permissions

Licensing considerations for security features

1 Ponemon Institute. 2016 Cost of Data Breach Study: Global Analysis, June, 2016. 2 Ponemon Institute. Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, May, 2016.

4

Office 365 Summary

With the Office 365 platform, Microsoft has built upon traditional, client-based, Office products (Word, Excel, PowerPoint, Outlook, OneNote, etc.) to include cloud-based services and mobile capabilities. Healthcare entities have looked to adopt Office 365 to move the platform for on-premises services that are traditionally costly to maintain and support (e.g., Active Directory, Exchange), to a cloud infrastructure.

In addition to traditional directory and email platforms, Office 365 also includes collaborative applications such as instant messaging and online meetings (Skype), cloud file storage (OneDrive), team sites, and corporate social networks (Teams).

With Office 365, Microsoft also introduces new applications such as Planner and Sway. Planner provides team collaboration and helps to organize work and assign tasks. Sway provides interactive digital storytelling and represents a step up from traditional PowerPoint-based presentation models.

The following sections of this document outline security capabilities and options that should be reviewed and implemented where appropriate to maintain compliance with security regulations and reduce the likelihood and impact of a breach event. Each of the available security options for the applications and features outlined in this paper should be considered relative to an organization’s specific needs and use cases.

Comparisons of all Office 365 options for business are available here:

https://products.office.com/en-us/business/compare-more-office-365-for-business-plans

5

Security and Compliance Recommendations

Office 365 includes a series of integrated security and compliance options that allow organizations to customize Office 365 to meet their specific needs. The following sections outline specific security and compliance capabilities including encryption, regulatory compliance, licensing, security strategy and policies, DLP, audit logging and monitoring, access controls, OneDrive file security, and MDM integration.

Encryption Options

Meditology recommends enabling and implementing the following encryption and authentication capabilities where applicable for organizations to protect sensitive information including PHI.

Encryption for Data in Transit

Office 365 Message Encryption: users send encrypted email to any SMTP address and receive encrypted email directly from their desktops as easily as regular email.

Secure Multipurpose Internet Mail Extension (S/MIME): allows for the originator to digitally sign encrypted email message to protect the integrity and origin of the message.

Rights Management Services (RMS): users encrypt content using AES 128-bit keys and use policies on email or documents so that the content is appropriately used by specified people.

Transport Layer Security (TLS): Allows for server-to-server encryption, ensuring email stays secure while in transit.

Office 365 Message Encryption

Office 365 Message Encryption provides email encryption capabilities that support safe harbors for breach notification by encrypting sensitive information including PHI to individuals with a valid business purpose to access the information. Some of the email encryption features include:

An encryption process that is transparent to the sender; no user intervention is required to encrypt traffic who does not need to do anything other than write and send the email.

Encrypted email messages that can be sent directly to the recipient’s inbox and allow the recipient to decrypt and read the email without installing client software.

Simple user management, which eliminates the need for certificates by using a recipient's email address as the public key.

Communication through a TLS-enabled network further enhances message security.

Enhanced security of subsequent email responses by encryption of each message in a thread.

Note: Office 365 Message Encryption requires the purchase of Microsoft Azure Rights Management, which is available for $2.00 per user per month. For more information, see Microsoft Azure Rights Management.3

Learn more about Office 365 Message Encryption online at the following location:

https://products.office.com/en-us/exchange/office-365-message-encryption

3 https://products.office.com/en-us/exchange/office-365-message-encryption

6

OneDrive Privacy and Security

Microsoft Office 365 and OneDrive are compliant and/or certified with the following industry standards/frameworks:

HITRUST CSF Validated Certification Assessment

ISO 27001

ISO 27018

SSAE16 SOC 1 Type I and Type II and SOC 2 Type II

The HITRUST certification demonstrates that foundational controls are in place to address healthcare-specific regulatory requirements including HIPAA and HITECH mandates. The HITRUST Common Security Framework is also mapped to the NIST series of security frameworks including NIST 800-53 and the NIST Cybersecurity Framework (CSF).

During contract negotiations with Microsoft, healthcare entities should ensure that Microsoft signs a Business Associate Agreement and then assign a person or department (e.g. the Privacy Office) in the organization to maintain the Business Associate Agreement over time.

When establishing an Office 365 and OneDrive account, organizations should be sure to select the geographic region. The selection of geography will direct Microsoft to only store the organization’s data within the organization’s own country (e.g., United States).

Strong password configurations are critical for any platform that stores or manages PHI or other sensitive information, including Office 365. Configure authentication for OneDrive to require strong passwords based on the organization’s password policy to ensure compliance with organizational policies. Strong password configurations should be aligned with HIPAA and other industry framework requirements (e.g., HITRUST) requirements including password length, complexity, and reset settings.

Healthcare entities should configure OneDrive to require multi-factor authentication, as OneDrive is accessible from public networks and could be susceptible to password guessing attacks and compromise. Multifactor authentication provides an extra layer of security over traditional authentication (i.e., only username and password). Organizations should ensure the workforce is trained on the use of OneDrive multifactor authentication.

Use OneDrive administrator privacy and security options to limit access to files and sensitive information stored in OneDrive. Develop an organizational privacy and security baseline configuration standard to govern the use of data on OneDrive. Consider the following areas in the configuration standard:

Require encryption of files containing confidential data while at rest and in transit.

Restrict storage of PCI DSS-regulated data in any Office 365 product.

Disable external sharing of sensitive data so that links to the files cannot be sent to email addresses outside of the organization.

Restrict network access to whitelisted trusted networks only.

Apply data loss prevention (DLP) rules that prevent files from being accessed by unauthorized users and setup appropriate remediation rules.

Prevent users from sharing files with ‘everyone’ unless absolutely necessary. Recommend that files are shared with specific individuals or groups that are authorized to access the files.

Develop policies and procedures to ensure that access is terminated to OneDrive accounts when individuals leave the organization.

7

Develop policies to ensure that all devices, regardless of ownership, that connect to OneDrive meet the security and compliance requirements.

Do not store files in OneDrive that contain login and password credentials. Ensure the workforce is educated on this requirement.

Regulatory Compliance Support

The HIPAA Privacy and Security rules require systems that store and manage PHI to include administrative, physical, and technical security controls. Office 365 has several compliance options available to support HIPAA requirements including:

Data Loss Prevention (DLP): Uses content analysis to identify, monitor, and protect sensitive data including PHI that may be leaving the organization.

Archiving: Electronically preserves stored information retaining email messages, calendar items, tasks, and other mailbox items.

eDiscovery: Retrieves content from across Exchange Online, SharePoint Online, Lync Online, and file shares.

Audit Logging and Monitoring: Analyzes logs and reports to meet HIPAA Privacy and Security requirements for the routine collection, monitoring, and review of access to PHI.

Exchange Online Protection (EOP): Allows administrators to manage anti-virus, anti-spam, and anti-malware settings from within the Office 365 administration console.

Additional information on these capabilities can be found at the following location:

http://go.microsoft.com/fwlink/p/?LinkID=404234

Microsoft uses its Compliance Framework to segregate Office 365 applications and services into four categories in compliance with global, regional, and industry-specific standards. More information about Microsoft’s Compliance Framework can be accessed at the following location:

http://go.microsoft.com/fwlink/p/?LinkID=618494

Office 365 Security & Compliance Center

Office 365 Admin Center and the Security & Compliance Center are used to configure security settings. Meditology recommends leveraging these centralized portals and controls to ensure that security controls are deployed consistently across the organization.

Learn more about the Office 365 Admin Center online at the following location:

https://support.office.com/en-us/article/About-the-Office-365-admin-center-58537702-d421-4d02-8141-e128e3703547?ui=en-US&rs=en-US&ad=US

The Office 365 Security & Compliance Center provides a central portal for protecting an organization’s data and controlling sensitive information. For example, an organization can manage eDiscovery searches and holds, manage access for mobiles devices, manage permissions, and more.

Learn more about the Office 365 Security & Compliance Center online at the following location:

https://support.office.com/en-us/article/Security-and-Compliance-in-Office-365-for-business-Admin-Help-7fe448f7-49bd-4d3e-919d-0a6d1cf675bb?ui=en-US&rs=en-US&ad=US

8

The following table describes the security options available in the Office 365 Security & Compliance Center and provides links for additional information.

Menu Options Learn more

Home Security & Compliance Center home page

Click Take a tour on the home page to learn more about the Security & Compliance Center.

Alerts Manage alerts

View security alerts

Advanced Security Management alerts

https://support.office.com/en-us/article/Alerts-in-the-Office-365-Security-Compliance-Center-2bb4e7c0-5f7f-4144-b647-cc6a956aaa53?ui=en-US&rs=en-US&ad=US

Permissions Compliance Administrator

eDiscovery Manager

Organization Management

Reviewer

Service Assurance User

Supervisory Review

https://support.office.com/en-us/article/Permissions-in-the-Office-365-Security-Compliance-Center-d10608af-7934-490a-818e-e68f17d0e9c1?ui=en-US&rs=en-US&ad=US

Security policies Mobile management

Device security policies

Data Loss Prevention (DLP)

Anti-spam

Anti-malware

DomainKeys Identified Mail (DKIM)

Safe attachments

Safe links

https://support.office.com/en-us/article/Security-policies-in-the-Office-365-Security-Compliance-Center-0a73d5fa-b2c8-43e7-9ed4-61f0552b1c98?ui=en-US&rs=en-US&ad=US

Mobile devices Mobile Device Management (MDM)

https://support.office.com/en-us/article/Overview-of-Mobile-Device-Management-MDM-for-Office-365-faa7d8e5-645d-4d59-839c-c8d4c1869e4a?ui=en-US&rs=en-US&ad=US

Data management Import

Archive

Retention

https://support.office.com/en-us/article/Data-management-in-the-Office-365-Security-Compliance-Center-5fe09846-41b6-4168-9c48-2eb491b69dc2?ui=en-US&rs=en-US&ad=US

Search and investigation

Content search

Audit log search

eDiscovery

https://support.office.com/en-us/article/Search-and-investigation-in-the-Office-365-Security-Compliance-

9

Menu Options Learn more

Supervisory review

Quarantine

Center-c4915c5f-82a7-4871-ba20-ef47c7588043?ui=en-US&rs=en-US&ad=US

Auditing Accessed file

Checked in file

Checked out file

Copied file

Deleted file

Discarded file checkout

Download file

Modified file

Moved file

Renamed file

Restored file

Uploaded file

https://support.office.com/en-us/article/Search-the-audit-log-in-the-Office-365-Security-Compliance-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c?ui=en-US&rs=en-US&ad=US

eDiscovery Run a Content Search

eDiscovery Cases

In-Place eDiscovery

The eDiscovery Center in SharePoint Online

Office 365 Advanced eDiscovery

https://support.office.com/en-us/article/eDiscovery-in-Office-365-143b3ab8-8cb0-4036-a5fc-6536d837bfce?ui=en-US&rs=en-US&ad=US

Reports Auditing reports

Device management reports

Supervisory review reports

DLP reports

https://support.office.com/en-us/article/Reports-in-the-Office-365-Security-Compliance-Center-7acd33ce-1ec8-49fb-b625-43bac7b58c5a?ui=en-US&rs=en-001&ad=US

Service assurance Dashboard

Compliance reports

Trust documents

Settings

https://support.office.com/en-us/article/Service-assurance-in-the-Office-365-Security-Compliance-Center-47e8b964-4b09-44f7-a2d7-b8a06e8e389c?ui=en-US&rs=en-US&ad=US

10

Information Security Strategy and Policies Approach

Microsoft recommends aligning with the security model presented below or integrating aspects of it into existing information security strategic plans.

Microsoft provides an information protection capability grid here:

http://download.microsoft.com/download/2/3/D/23D91386-8349-4F7A-9470-FD5AED861F16/MSFT_cloud_architecture_informationprotection.pdf

Mobile Device Management

Mobile devices, such as smartphones and tablets, that access email, calendars, contacts, and mobile health applications have become an essential component to delivering healthcare and related services. Protection of sensitive data, including PHI, stored on mobile device platforms and applications is required by HIPAA regulations and is a core component of healthcare information security risk management programs. MDM for Office 365 provides a centralized and automated means to manage and secure mobile devices using device security policies.

MDM helps organizations enforce security settings including encryption, passwords and authentication, and remote wipe, across mobile platforms. MDM can also be used to prevent unauthorized devices from connecting to company data and regulated patient information.

The Office 365 MDM capabilities can be leveraged to replace expensive MDM solutions already deployed in healthcare settings. However, Meditology recommends that organizations perform an analysis to compare the licensing costs and implementation costs prior to moving forward with MDM replacement strategies.

Configure security policies to prompt users to enroll the mobile device the first time they access Office 365 email and documents. Note that MDM policies and access rules override Exchange ActiveSync policies and access rules.

•The first step of protecting information is identifying what to protect. Develop clear, simple, and well-communicated guidelines to identify, protect, and monitor the most important data assets anywhere they reside.

Establish information protection priorities

•Establish minimum standards for devices and accounts accessing any data assets belonging to the organization. This can include device configuration compliance, device wipe, enterprise data protection capabilities, user authentication strength, and user identity.

Set organization minimum standards

•Identify and classify sensitive assets. Define the technologies and processes to automatically apply security controls.

Find and protect sensitive data

•Establish the strongest protection for assets that have a disproportionate impact on the organization's mission or profitability. Perform stringent analysis of HVA lifecycle and security dependencies. Establish appropriate security controls and conditions.

Protect high value assets (HVAs)

11

Office 365 MDM security settings include:

Restrict access to applications by device.

Password protect attachments.

Restrict files to read only access.

Require an in-application passcode for Office 365.

Define the number of failed login attempts before a device is automatically wiped to prevent a malicious agent from brute forcing the PIN.

Set a password expiration policy.

Set an inactivity timeout for the device.

Require strong passwords.

Prevent mobile devices from being rooted and unlocked (rooting a device exposes it to significant security vulnerabilities).

Block screen captures to prevent disclosure of sensitive information.

Note: MDM for Office 365 can be used to secure and manage the following types of devices:

Windows Phone 8.1+

iOS 7.1 or later versions

Android 4 or later versions

Windows 8.1 / Windows 8.1 RT (limited to Exchange ActiveSync)

Windows 10 / Windows 10 Mobile (Requires Azure Active Directory)

Learn more about Office 365 MDM capabilities at the following location:

https://support.office.com/en-US/article/Overview-of-Mobile-Device-Management-MDM-for-Office-365-faa7d8e5-645d-4d59-839c-c8d4c1869e4a

Data Loss Prevention

DLP policies in Office 365 allow you to identify, monitor, and automatically protect your organization’s sensitive information using deep content analysis.

Office 365 DLP capabilities can be used to:

Identify sensitive information in multiple locations, such as SharePoint Online and OneDrive for Business. A DLP policy can be created in the Exchange admin center that applies to email and other mailbox items.

Prevent the accidental sharing of sensitive information.

Monitor and protect sensitive information in the desktop versions of Excel 2016, PowerPoint 2016, and Word 2016.

Help with end user education and awareness related to securing sensitive information including PHI.

Create DLP reports to gain visibility into PHI storage and usage.

Preconfigured DLP policy templates are available to detect specific types of sensitive information, such as HIPAA data (i.e. PHI), PCI DSS data, or locale-specific personally identifiable information (PII).

12

DLP policies can also specify:

The location to protect the content such as SharePoint Online and OneDrive for Business sites.

Conditions the content must meet before the rule is enforced.

Actions to take automatically when content meeting the conditions is found.

Figure 1- Microsoft Office Data Loss Prevention4

DLP Policy Tips can also be configured. These messages inform email senders that they are about to transmit sensitive information including PHI. The Policy Tips are customizable and provide options for security awareness education messages and warnings or message blocking.

Learn more about Office 365 DLP capabilities at the following location:

https://support.office.com/en-us/article/Overview-of-data-loss-prevention-policies-1966b2a7-d1e2-4d92-ab61-42efbb137f5e

Note: If the organization is using the Enterprise E5 license option, Microsoft provides advanced DLP via the Office 365 Management API. The solution gathers data about sharing from Microsoft Exchange Online, SharePoint Online, OneDrive for Business, and Azure Active Directory. Microsoft then uses Power business intelligence (BI) dashboards to visualize the data.

Learn more about the enterprise and business intelligence reporting capabilities at the following location:

https://msdn.microsoft.com/en-us/library/mt718319.aspx

4 https://support.office.com/en-us/article/Overview-of-data-loss-prevention-policies-1966b2a7-d1e2-4d92-ab61-42efbb137f5e

13

Audit Logging and Monitoring

Microsoft has implemented auditing and logging across the entire Office 365 suite. This supports healthcare organizations’ HIPAA compliance obligations for logging and monitoring access to PHI. Audit logging and monitoring capabilities are also an essential security protection layer to detect and respond to potential information security breach events.

Organizations can search unified audit logs for the following types of user and admin activity in Office 365:

User activity in SharePoint Online and OneDrive for Business

User activity in Exchange Online (Exchange mailbox audit logging)

Admin activity in SharePoint Online

Admin activity in Azure Active Directory (the directory service for Office 365)

Admin activity in Exchange Online (Exchange admin audit logging)

User and admin activity in Sway

It is important to note that all audit events are not available through the Office 365 Security & Compliance Center. Certain audit events need to be accessed using the Office 365 Compliance Center PowerShell interface.

For a complete list of audited activities in Office 365, refer to the following documentation:

https://support.office.com/en-us/article/Search-the-audit-log-in-the-Office-365-Security-Compliance-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c?ui=en-US&rs=en-US&ad=US#auditlogevents

Learn more about Office 365 audit logging capabilities at the following location:

https://support.office.com/en-us/article/Search-the-audit-log-in-the-Office-365-Security-Compliance-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c?ui=en-US&rs=en-US&ad=US

Access Controls

Authentication

Office 365 uses Azure Active Directory to manage users. Microsoft provides several options for managing user accounts and access within the environment including:

Multi-Factor Authentication: Enhances security by using another factor, such as a PIN, in addition to the primary factor which is identity. o Meditology highly recommends the configuration of multi-factor authentication for remote

access to healthcare applications, systems, and data. o Learn more about healthcare hacking trends related to authentication and remote access at

the following location: https://www.meditologyservices.com/fullpanel/uploads/files/meditology-hacking-healthcare-whitepaper--final.pdf

Cloud Identity: Provides a cloud-based identity and access management solution with functionality for several workforce use cases.

Synchronized Identity: Synchronizes on-premises directory objects with Office 365 users. This can also be used to synchronize passwords across on-premises and cloud implementations.

Federated Identity: Provides single sign-on by synchronizing on-premises directory objects with Office 365.

14

Role-Based Access Control (RBAC): Office 365 uses the same permissions model as Exchange and allows administrators to enable access for authorized users based on role assignment, role authorization, and permission authorization.

Identity Management Options: This includes both cloud-based and synchronized identity. And synchronized identity allows for users to have the same password both on-premises and in the cloud, or federated identity which provides single sign-on for both on-premises and in the cloud.

Learn more about Office 365 Authentication at the following location:

https://support.office.com/en-US/article/Understanding-Office-365-identity-and-Azure-Active-Directory-06a189e7-5ec6-4af2-94bf-a22ea225a7a9

Managing Office 365 with Windows PowerShell

IT professionals and power users can use the PowerShell command-line environment as a complement to the Office 365 Admin Center to automate the administration of Office 365.

The most basic part of PowerShell is called a cmdlet (pronounced command-let). Cmdlets allow organizations to use PowerShell for remote administrative tasks such as configuring a large number of users, managing Office 365 license assignments, and identifying inactive mailboxes. Multiple cmdlets can be added together in a text file to create a PowerShell script.

PowerShell capabilities are also available for managing Security & Compliance Center, Skype, SharePoint, and Azure Active Directory settings.

Learn more about Office 365 PowerShell scenarios and scripts at the following locations:

http://powershell.office.com/

http://powershell.office.com/script-samples/

https://technet.microsoft.com/library/dn975125.aspx

https://technet.microsoft.com/library/jj984289(v=exchg.160).aspx

https://technet.microsoft.com/library/dn362795(v=ocs.15).aspx

https://technet.microsoft.com/library/fp161372.aspx

https://msdn.microsoft.com/en-us/library/jj151815.aspx

15

Licensing Considerations

With the launch of Office 365, Microsoft switched from the traditional software installation model to a subscription-based model where organizations pay a monthly fee for each user. Organizations select a subscription tier based on budget and required functionality. Security professionals in healthcare organizations need to evaluate the licensing models that best accommodate available budget and functionality requirements.

Healthcare entities should also perform an analysis to understand which security capabilities provided by Office 365 are already deployed using point security solutions and adjust licensing accordingly.

Review the Office 365 licensing options at the following location:

https://products.office.com/en-us/business/mostsecure-office-in-the-cloud-enterprise-e5

The Enterprise E3 and Enterprise E5 license options include additional security and compliance features:

Email security features including archiving and legal hold capabilities

Data loss prevention (DLP)

Document and email access controls features including Rights Management Services to restrict access to documents and email to specific users

eDiscovery

Enterprise management of apps with Group Policy, Telemetry, and Shared Computer Activation

DLP and encryption across Exchange Online, Skype for Business, and SharePoint Online

The full list of Office 365 Enterprise E3 features can be accessed at the following location:

https://products.office.com/en-us/business/office-365-enterprise-e3-business-software

16

Conclusion

Healthcare entities are faced with increasing pressures to reduce costs while still maintaining robust security protections to address emerging threats, regulatory enforcement activities, and data breach prevention.

Office 365 has a substantive security portfolio that makes the product a viable option for helping to move healthcare data to the cloud in a secure and compliant manner. However, licensing and other costs outlined in this report should be taken into consideration prior to moving forward with any migration to Microsoft’s cloud platforms.

For organizations that have already embarked on the move to Office365, the security recommendations and configurations in this document should be consulted to take advantage of Office 365 security capabilities and maximize security protections through available features and functionality.

Meditology has extensive experience advising healthcare organizations on how to secure cloud-based platforms, including Office 365. Contact our healthcare security professionals to learn more about how we may be able to assist with securing patient information and supporting systems.

About Meditology

Meditology Services LLC is a healthcare-focused advisory services firm with core principles of quality, integrity, loyalty, and value. Our executive team has an average of 15 years of consulting and operational experience in healthcare with provider and payer clients nationally of varying size and complexity. We understand the importance of relationships and derive much of our business from a long list of satisfied clients who value the quality of our work products combined with the professionalism, approach, and innovative solutions we bring to our engagements.

For More Information

Meditology Services LLC 5256 Peachtree Road, Suite 190 Atlanta, GA 30341 info@MeditologyServices.com Tel. (404) 382-7591 www.meditologyservices.com