Microsoft Office 365 Security for
Healthcare Organizations
February 2017
2
Table of Contents
Overview ....................................................................................................................................................... 3
Office 365 Summary...................................................................................................................................... 4
Security and Compliance Recommendations ............................................................................................... 5
Encryption Options ................................................................................................................................... 5
OneDrive Privacy and Security .................................................................................................................. 6
Regulatory Compliance Support ............................................................................................................... 7
Information Security Strategy and Policies Approach ............................................................................ 10
Mobile Device Management ................................................................................................................... 10
Data Loss Prevention .............................................................................................................................. 11
Audit Logging and Monitoring ................................................................................................................ 13
Access Controls ....................................................................................................................................... 13
Licensing Considerations ......................................................................................................................... 15
Conclusion ................................................................................................................................................... 16
3
Overview
The evolution and advances in healthcare information technology are driving innovative technical
solutions to improve organizational efficiency, population health, and patient outcomes across the
continuum of care. Healthcare organizations ranging from providers, payers, and Business Associates
have looked in recent years to take advantage of cloud-hosted platforms like Microsoft’s Office 365
solution to drive efficiencies and boost productivity amidst growing resource and budget constraints.
At the same time, the healthcare industry is reeling from sharp increases in attacks, new threat vectors,
and ramped up regulatory enforcement that has caused security to become a strategic business
requirement for cloud-based IT platforms and solutions like Office 365. Industry data shows the average
healthcare breach costs $355 per record stolen1 and approximately $2.2 million per breach event2.
Meditology Services has worked with healthcare entities across the country to deploy and secure
implementations of Microsoft’s Office 365 platforms and use cases to protect sensitive information and
systems including Protected Health Information (PHI). This paper outlines key considerations and
leading practices for securely deploying Office 365 in healthcare settings. Office 365 is a robust platform
with a variety of capabilities and security features. The recommendations provided in this paper should
be leveraged to take advantage of the lessons learned from other healthcare entities that have worked
to optimize the security and compliance of their Office 365 deployments.
Security considerations outlined in this paper include guidance and recommendations for addressing Office 365 capabilities regarding:
Encryption options
OneDrive privacy and security
Regulatory compliance support
Information security strategy and policies approach
Mobile Device Management (MDM) options
Data Loss Prevention (DLP) capabilities, rules, and policies
Audit logging and monitoring configurations
Access controls and permissions
Licensing considerations for security features
1 Ponemon Institute. 2016 Cost of Data Breach Study: Global Analysis, June, 2016. 2 Ponemon Institute. Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, May, 2016.
4
Office 365 Summary
With the Office 365 platform, Microsoft has built upon traditional, client-based, Office products (Word, Excel, PowerPoint, Outlook, OneNote, etc.) to include cloud-based services and mobile capabilities. Healthcare entities have looked to adopt Office 365 to move the platform for on-premises services that are traditionally costly to maintain and support (e.g., Active Directory, Exchange), to a cloud infrastructure.
In addition to traditional directory and email platforms, Office 365 also includes collaborative applications such as instant messaging and online meetings (Skype), cloud file storage (OneDrive), team sites, and corporate social networks (Teams).
With Office 365, Microsoft also introduces new applications such as Planner and Sway. Planner provides team collaboration and helps to organize work and assign tasks. Sway provides interactive digital storytelling and represents a step up from traditional PowerPoint-based presentation models.
The following sections of this document outline security capabilities and options that should be reviewed and implemented where appropriate to maintain compliance with security regulations and reduce the likelihood and impact of a breach event. Each of the available security options for the applications and features outlined in this paper should be considered relative to an organization’s specific needs and use cases.
Comparisons of all Office 365 options for business are available here:
https://products.office.com/en-us/business/compare-more-office-365-for-business-plans
5
Security and Compliance Recommendations
Office 365 includes a series of integrated security and compliance options that allow organizations to customize Office 365 to meet their specific needs. The following sections outline specific security and compliance capabilities including encryption, regulatory compliance, licensing, security strategy and policies, DLP, audit logging and monitoring, access controls, OneDrive file security, and MDM integration.
Encryption Options
Meditology recommends enabling and implementing the following encryption and authentication capabilities where applicable for organizations to protect sensitive information including PHI.
Encryption for Data in Transit
Office 365 Message Encryption: users send encrypted email to any SMTP address and receive encrypted email directly from their desktops as easily as regular email.
Secure Multipurpose Internet Mail Extension (S/MIME): allows for the originator to digitally sign encrypted email message to protect the integrity and origin of the message.
Rights Management Services (RMS): users encrypt content using AES 128-bit keys and use policies on email or documents so that the content is appropriately used by specified people.
Transport Layer Security (TLS): Allows for server-to-server encryption, ensuring email stays secure while in transit.
Office 365 Message Encryption
Office 365 Message Encryption provides email encryption capabilities that support safe harbors for breach notification by encrypting sensitive information including PHI to individuals with a valid business purpose to access the information. Some of the email encryption features include:
An encryption process that is transparent to the sender; no user intervention is required to encrypt traffic who does not need to do anything other than write and send the email.
Encrypted email messages that can be sent directly to the recipient’s inbox and allow the recipient to decrypt and read the email without installing client software.
Simple user management, which eliminates the need for certificates by using a recipient's email address as the public key.
Communication through a TLS-enabled network further enhances message security.
Enhanced security of subsequent email responses by encryption of each message in a thread.
Note: Office 365 Message Encryption requires the purchase of Microsoft Azure Rights Management, which is available for $2.00 per user per month. For more information, see Microsoft Azure Rights Management.3
Learn more about Office 365 Message Encryption online at the following location:
https://products.office.com/en-us/exchange/office-365-message-encryption
3 https://products.office.com/en-us/exchange/office-365-message-encryption
6
OneDrive Privacy and Security
Microsoft Office 365 and OneDrive are compliant and/or certified with the following industry standards/frameworks:
HITRUST CSF Validated Certification Assessment
ISO 27001
ISO 27018
SSAE16 SOC 1 Type I and Type II and SOC 2 Type II
The HITRUST certification demonstrates that foundational controls are in place to address healthcare-specific regulatory requirements including HIPAA and HITECH mandates. The HITRUST Common Security Framework is also mapped to the NIST series of security frameworks including NIST 800-53 and the NIST Cybersecurity Framework (CSF).
During contract negotiations with Microsoft, healthcare entities should ensure that Microsoft signs a Business Associate Agreement and then assign a person or department (e.g. the Privacy Office) in the organization to maintain the Business Associate Agreement over time.
When establishing an Office 365 and OneDrive account, organizations should be sure to select the geographic region. The selection of geography will direct Microsoft to only store the organization’s data within the organization’s own country (e.g., United States).
Strong password configurations are critical for any platform that stores or manages PHI or other sensitive information, including Office 365. Configure authentication for OneDrive to require strong passwords based on the organization’s password policy to ensure compliance with organizational policies. Strong password configurations should be aligned with HIPAA and other industry framework requirements (e.g., HITRUST) requirements including password length, complexity, and reset settings.
Healthcare entities should configure OneDrive to require multi-factor authentication, as OneDrive is accessible from public networks and could be susceptible to password guessing attacks and compromise. Multifactor authentication provides an extra layer of security over traditional authentication (i.e., only username and password). Organizations should ensure the workforce is trained on the use of OneDrive multifactor authentication.
Use OneDrive administrator privacy and security options to limit access to files and sensitive information stored in OneDrive. Develop an organizational privacy and security baseline configuration standard to govern the use of data on OneDrive. Consider the following areas in the configuration standard:
Require encryption of files containing confidential data while at rest and in transit.
Restrict storage of PCI DSS-regulated data in any Office 365 product.
Disable external sharing of sensitive data so that links to the files cannot be sent to email addresses outside of the organization.
Restrict network access to whitelisted trusted networks only.
Apply data loss prevention (DLP) rules that prevent files from being accessed by unauthorized users and setup appropriate remediation rules.
Prevent users from sharing files with ‘everyone’ unless absolutely necessary. Recommend that files are shared with specific individuals or groups that are authorized to access the files.
Develop policies and procedures to ensure that access is terminated to OneDrive accounts when individuals leave the organization.
7
Develop policies to ensure that all devices, regardless of ownership, that connect to OneDrive meet the security and compliance requirements.
Do not store files in OneDrive that contain login and password credentials. Ensure the workforce is educated on this requirement.
Regulatory Compliance Support
The HIPAA Privacy and Security rules require systems that store and manage PHI to include administrative, physical, and technical security controls. Office 365 has several compliance options available to support HIPAA requirements including:
Data Loss Prevention (DLP): Uses content analysis to identify, monitor, and protect sensitive data including PHI that may be leaving the organization.
Archiving: Electronically preserves stored information retaining email messages, calendar items, tasks, and other mailbox items.
eDiscovery: Retrieves content from across Exchange Online, SharePoint Online, Lync Online, and file shares.
Audit Logging and Monitoring: Analyzes logs and reports to meet HIPAA Privacy and Security requirements for the routine collection, monitoring, and review of access to PHI.
Exchange Online Protection (EOP): Allows administrators to manage anti-virus, anti-spam, and anti-malware settings from within the Office 365 administration console.
Additional information on these capabilities can be found at the following location:
http://go.microsoft.com/fwlink/p/?LinkID=404234
Microsoft uses its Compliance Framework to segregate Office 365 applications and services into four categories in compliance with global, regional, and industry-specific standards. More information about Microsoft’s Compliance Framework can be accessed at the following location:
http://go.microsoft.com/fwlink/p/?LinkID=618494
Office 365 Security & Compliance Center
Office 365 Admin Center and the Security & Compliance Center are used to configure security settings. Meditology recommends leveraging these centralized portals and controls to ensure that security controls are deployed consistently across the organization.
Learn more about the Office 365 Admin Center online at the following location:
https://support.office.com/en-us/article/About-the-Office-365-admin-center-58537702-d421-4d02-8141-e128e3703547?ui=en-US&rs=en-US&ad=US
The Office 365 Security & Compliance Center provides a central portal for protecting an organization’s data and controlling sensitive information. For example, an organization can manage eDiscovery searches and holds, manage access for mobiles devices, manage permissions, and more.
Learn more about the Office 365 Security & Compliance Center online at the following location:
https://support.office.com/en-us/article/Security-and-Compliance-in-Office-365-for-business-Admin-Help-7fe448f7-49bd-4d3e-919d-0a6d1cf675bb?ui=en-US&rs=en-US&ad=US
8
The following table describes the security options available in the Office 365 Security & Compliance Center and provides links for additional information.
Menu Options Learn more
Home Security & Compliance Center home page
Click Take a tour on the home page to learn more about the Security & Compliance Center.
Alerts Manage alerts
View security alerts
Advanced Security Management alerts
https://support.office.com/en-us/article/Alerts-in-the-Office-365-Security-Compliance-Center-2bb4e7c0-5f7f-4144-b647-cc6a956aaa53?ui=en-US&rs=en-US&ad=US
Permissions Compliance Administrator
eDiscovery Manager
Organization Management
Reviewer
Service Assurance User
Supervisory Review
https://support.office.com/en-us/article/Permissions-in-the-Office-365-Security-Compliance-Center-d10608af-7934-490a-818e-e68f17d0e9c1?ui=en-US&rs=en-US&ad=US
Security policies Mobile management
Device security policies
Data Loss Prevention (DLP)
Anti-spam
Anti-malware
DomainKeys Identified Mail (DKIM)
Safe attachments
Safe links
https://support.office.com/en-us/article/Security-policies-in-the-Office-365-Security-Compliance-Center-0a73d5fa-b2c8-43e7-9ed4-61f0552b1c98?ui=en-US&rs=en-US&ad=US
Mobile devices Mobile Device Management (MDM)
https://support.office.com/en-us/article/Overview-of-Mobile-Device-Management-MDM-for-Office-365-faa7d8e5-645d-4d59-839c-c8d4c1869e4a?ui=en-US&rs=en-US&ad=US
Data management Import
Archive
Retention
https://support.office.com/en-us/article/Data-management-in-the-Office-365-Security-Compliance-Center-5fe09846-41b6-4168-9c48-2eb491b69dc2?ui=en-US&rs=en-US&ad=US
Search and investigation
Content search
Audit log search
eDiscovery
https://support.office.com/en-us/article/Search-and-investigation-in-the-Office-365-Security-Compliance-
9
Menu Options Learn more
Supervisory review
Quarantine
Center-c4915c5f-82a7-4871-ba20-ef47c7588043?ui=en-US&rs=en-US&ad=US
Auditing Accessed file
Checked in file
Checked out file
Copied file
Deleted file
Discarded file checkout
Download file
Modified file
Moved file
Renamed file
Restored file
Uploaded file
https://support.office.com/en-us/article/Search-the-audit-log-in-the-Office-365-Security-Compliance-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c?ui=en-US&rs=en-US&ad=US
eDiscovery Run a Content Search
eDiscovery Cases
In-Place eDiscovery
The eDiscovery Center in SharePoint Online
Office 365 Advanced eDiscovery
https://support.office.com/en-us/article/eDiscovery-in-Office-365-143b3ab8-8cb0-4036-a5fc-6536d837bfce?ui=en-US&rs=en-US&ad=US
Reports Auditing reports
Device management reports
Supervisory review reports
DLP reports
https://support.office.com/en-us/article/Reports-in-the-Office-365-Security-Compliance-Center-7acd33ce-1ec8-49fb-b625-43bac7b58c5a?ui=en-US&rs=en-001&ad=US
Service assurance Dashboard
Compliance reports
Trust documents
Settings
https://support.office.com/en-us/article/Service-assurance-in-the-Office-365-Security-Compliance-Center-47e8b964-4b09-44f7-a2d7-b8a06e8e389c?ui=en-US&rs=en-US&ad=US
10
Information Security Strategy and Policies Approach
Microsoft recommends aligning with the security model presented below or integrating aspects of it into existing information security strategic plans.
Microsoft provides an information protection capability grid here:
http://download.microsoft.com/download/2/3/D/23D91386-8349-4F7A-9470-FD5AED861F16/MSFT_cloud_architecture_informationprotection.pdf
Mobile Device Management
Mobile devices, such as smartphones and tablets, that access email, calendars, contacts, and mobile health applications have become an essential component to delivering healthcare and related services. Protection of sensitive data, including PHI, stored on mobile device platforms and applications is required by HIPAA regulations and is a core component of healthcare information security risk management programs. MDM for Office 365 provides a centralized and automated means to manage and secure mobile devices using device security policies.
MDM helps organizations enforce security settings including encryption, passwords and authentication, and remote wipe, across mobile platforms. MDM can also be used to prevent unauthorized devices from connecting to company data and regulated patient information.
The Office 365 MDM capabilities can be leveraged to replace expensive MDM solutions already deployed in healthcare settings. However, Meditology recommends that organizations perform an analysis to compare the licensing costs and implementation costs prior to moving forward with MDM replacement strategies.
Configure security policies to prompt users to enroll the mobile device the first time they access Office 365 email and documents. Note that MDM policies and access rules override Exchange ActiveSync policies and access rules.
•The first step of protecting information is identifying what to protect. Develop clear, simple, and well-communicated guidelines to identify, protect, and monitor the most important data assets anywhere they reside.
Establish information protection priorities
•Establish minimum standards for devices and accounts accessing any data assets belonging to the organization. This can include device configuration compliance, device wipe, enterprise data protection capabilities, user authentication strength, and user identity.
Set organization minimum standards
•Identify and classify sensitive assets. Define the technologies and processes to automatically apply security controls.
Find and protect sensitive data
•Establish the strongest protection for assets that have a disproportionate impact on the organization's mission or profitability. Perform stringent analysis of HVA lifecycle and security dependencies. Establish appropriate security controls and conditions.
Protect high value assets (HVAs)
11
Office 365 MDM security settings include:
Restrict access to applications by device.
Password protect attachments.
Restrict files to read only access.
Require an in-application passcode for Office 365.
Define the number of failed login attempts before a device is automatically wiped to prevent a malicious agent from brute forcing the PIN.
Set a password expiration policy.
Set an inactivity timeout for the device.
Require strong passwords.
Prevent mobile devices from being rooted and unlocked (rooting a device exposes it to significant security vulnerabilities).
Block screen captures to prevent disclosure of sensitive information.
Note: MDM for Office 365 can be used to secure and manage the following types of devices:
Windows Phone 8.1+
iOS 7.1 or later versions
Android 4 or later versions
Windows 8.1 / Windows 8.1 RT (limited to Exchange ActiveSync)
Windows 10 / Windows 10 Mobile (Requires Azure Active Directory)
Learn more about Office 365 MDM capabilities at the following location:
https://support.office.com/en-US/article/Overview-of-Mobile-Device-Management-MDM-for-Office-365-faa7d8e5-645d-4d59-839c-c8d4c1869e4a
Data Loss Prevention
DLP policies in Office 365 allow you to identify, monitor, and automatically protect your organization’s sensitive information using deep content analysis.
Office 365 DLP capabilities can be used to:
Identify sensitive information in multiple locations, such as SharePoint Online and OneDrive for Business. A DLP policy can be created in the Exchange admin center that applies to email and other mailbox items.
Prevent the accidental sharing of sensitive information.
Monitor and protect sensitive information in the desktop versions of Excel 2016, PowerPoint 2016, and Word 2016.
Help with end user education and awareness related to securing sensitive information including PHI.
Create DLP reports to gain visibility into PHI storage and usage.
Preconfigured DLP policy templates are available to detect specific types of sensitive information, such as HIPAA data (i.e. PHI), PCI DSS data, or locale-specific personally identifiable information (PII).
12
DLP policies can also specify:
The location to protect the content such as SharePoint Online and OneDrive for Business sites.
Conditions the content must meet before the rule is enforced.
Actions to take automatically when content meeting the conditions is found.
Figure 1- Microsoft Office Data Loss Prevention4
DLP Policy Tips can also be configured. These messages inform email senders that they are about to transmit sensitive information including PHI. The Policy Tips are customizable and provide options for security awareness education messages and warnings or message blocking.
Learn more about Office 365 DLP capabilities at the following location:
https://support.office.com/en-us/article/Overview-of-data-loss-prevention-policies-1966b2a7-d1e2-4d92-ab61-42efbb137f5e
Note: If the organization is using the Enterprise E5 license option, Microsoft provides advanced DLP via the Office 365 Management API. The solution gathers data about sharing from Microsoft Exchange Online, SharePoint Online, OneDrive for Business, and Azure Active Directory. Microsoft then uses Power business intelligence (BI) dashboards to visualize the data.
Learn more about the enterprise and business intelligence reporting capabilities at the following location:
https://msdn.microsoft.com/en-us/library/mt718319.aspx
4 https://support.office.com/en-us/article/Overview-of-data-loss-prevention-policies-1966b2a7-d1e2-4d92-ab61-42efbb137f5e
13
Audit Logging and Monitoring
Microsoft has implemented auditing and logging across the entire Office 365 suite. This supports healthcare organizations’ HIPAA compliance obligations for logging and monitoring access to PHI. Audit logging and monitoring capabilities are also an essential security protection layer to detect and respond to potential information security breach events.
Organizations can search unified audit logs for the following types of user and admin activity in Office 365:
User activity in SharePoint Online and OneDrive for Business
User activity in Exchange Online (Exchange mailbox audit logging)
Admin activity in SharePoint Online
Admin activity in Azure Active Directory (the directory service for Office 365)
Admin activity in Exchange Online (Exchange admin audit logging)
User and admin activity in Sway
It is important to note that all audit events are not available through the Office 365 Security & Compliance Center. Certain audit events need to be accessed using the Office 365 Compliance Center PowerShell interface.
For a complete list of audited activities in Office 365, refer to the following documentation:
https://support.office.com/en-us/article/Search-the-audit-log-in-the-Office-365-Security-Compliance-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c?ui=en-US&rs=en-US&ad=US#auditlogevents
Learn more about Office 365 audit logging capabilities at the following location:
https://support.office.com/en-us/article/Search-the-audit-log-in-the-Office-365-Security-Compliance-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c?ui=en-US&rs=en-US&ad=US
Access Controls
Authentication
Office 365 uses Azure Active Directory to manage users. Microsoft provides several options for managing user accounts and access within the environment including:
Multi-Factor Authentication: Enhances security by using another factor, such as a PIN, in addition to the primary factor which is identity. o Meditology highly recommends the configuration of multi-factor authentication for remote
access to healthcare applications, systems, and data. o Learn more about healthcare hacking trends related to authentication and remote access at
the following location: https://www.meditologyservices.com/fullpanel/uploads/files/meditology-hacking-healthcare-whitepaper--final.pdf
Cloud Identity: Provides a cloud-based identity and access management solution with functionality for several workforce use cases.
Synchronized Identity: Synchronizes on-premises directory objects with Office 365 users. This can also be used to synchronize passwords across on-premises and cloud implementations.
Federated Identity: Provides single sign-on by synchronizing on-premises directory objects with Office 365.
14
Role-Based Access Control (RBAC): Office 365 uses the same permissions model as Exchange and allows administrators to enable access for authorized users based on role assignment, role authorization, and permission authorization.
Identity Management Options: This includes both cloud-based and synchronized identity. And synchronized identity allows for users to have the same password both on-premises and in the cloud, or federated identity which provides single sign-on for both on-premises and in the cloud.
Learn more about Office 365 Authentication at the following location:
https://support.office.com/en-US/article/Understanding-Office-365-identity-and-Azure-Active-Directory-06a189e7-5ec6-4af2-94bf-a22ea225a7a9
Managing Office 365 with Windows PowerShell
IT professionals and power users can use the PowerShell command-line environment as a complement to the Office 365 Admin Center to automate the administration of Office 365.
The most basic part of PowerShell is called a cmdlet (pronounced command-let). Cmdlets allow organizations to use PowerShell for remote administrative tasks such as configuring a large number of users, managing Office 365 license assignments, and identifying inactive mailboxes. Multiple cmdlets can be added together in a text file to create a PowerShell script.
PowerShell capabilities are also available for managing Security & Compliance Center, Skype, SharePoint, and Azure Active Directory settings.
Learn more about Office 365 PowerShell scenarios and scripts at the following locations:
http://powershell.office.com/
http://powershell.office.com/script-samples/
https://technet.microsoft.com/library/dn975125.aspx
https://technet.microsoft.com/library/jj984289(v=exchg.160).aspx
https://technet.microsoft.com/library/dn362795(v=ocs.15).aspx
https://technet.microsoft.com/library/fp161372.aspx
https://msdn.microsoft.com/en-us/library/jj151815.aspx
15
Licensing Considerations
With the launch of Office 365, Microsoft switched from the traditional software installation model to a subscription-based model where organizations pay a monthly fee for each user. Organizations select a subscription tier based on budget and required functionality. Security professionals in healthcare organizations need to evaluate the licensing models that best accommodate available budget and functionality requirements.
Healthcare entities should also perform an analysis to understand which security capabilities provided by Office 365 are already deployed using point security solutions and adjust licensing accordingly.
Review the Office 365 licensing options at the following location:
https://products.office.com/en-us/business/mostsecure-office-in-the-cloud-enterprise-e5
The Enterprise E3 and Enterprise E5 license options include additional security and compliance features:
Email security features including archiving and legal hold capabilities
Data loss prevention (DLP)
Document and email access controls features including Rights Management Services to restrict access to documents and email to specific users
eDiscovery
Enterprise management of apps with Group Policy, Telemetry, and Shared Computer Activation
DLP and encryption across Exchange Online, Skype for Business, and SharePoint Online
The full list of Office 365 Enterprise E3 features can be accessed at the following location:
https://products.office.com/en-us/business/office-365-enterprise-e3-business-software
16
Conclusion
Healthcare entities are faced with increasing pressures to reduce costs while still maintaining robust security protections to address emerging threats, regulatory enforcement activities, and data breach prevention.
Office 365 has a substantive security portfolio that makes the product a viable option for helping to move healthcare data to the cloud in a secure and compliant manner. However, licensing and other costs outlined in this report should be taken into consideration prior to moving forward with any migration to Microsoft’s cloud platforms.
For organizations that have already embarked on the move to Office365, the security recommendations and configurations in this document should be consulted to take advantage of Office 365 security capabilities and maximize security protections through available features and functionality.
Meditology has extensive experience advising healthcare organizations on how to secure cloud-based platforms, including Office 365. Contact our healthcare security professionals to learn more about how we may be able to assist with securing patient information and supporting systems.
About Meditology
Meditology Services LLC is a healthcare-focused advisory services firm with core principles of quality, integrity, loyalty, and value. Our executive team has an average of 15 years of consulting and operational experience in healthcare with provider and payer clients nationally of varying size and complexity. We understand the importance of relationships and derive much of our business from a long list of satisfied clients who value the quality of our work products combined with the professionalism, approach, and innovative solutions we bring to our engagements.
For More Information
Meditology Services LLC 5256 Peachtree Road, Suite 190 Atlanta, GA 30341 [email protected] Tel. (404) 382-7591 www.meditologyservices.com