Need HIPAA Compliant VoIP? Make Sure You Have a Signed BAA

Date:

Share:


Since 1996, HIPAA has served as a legal means of protecting sensitive patient details. With the rapid increase of tech-based recordkeeping and communication, HIPAA regulations continue to ensure easy access to patient information while maintaining personal privacy.

Many VoIP providers, including Nextiva and RingCentral, are themselves HIPAA compliant, but that’s not necessarily enough to guarantee your business has all the required elements in place.

There’s one additional critical step you must take in order to have fully HIPAA compliant VoIP — a business associate agreement that upholds the vendor to the highest level of privacy and security protocols.

DOWNLOAD: This HIPAA Policy from TechRepublic Premium

What to include in a BAA for HIPAA compliant VoIP

Sometimes also called a business associate contract, a BAA is required by the Department of Health and Human Services (DHHS) for all communication between medical professionals and their business associates — including VoIP vendors.

According to the DHHS, this contract must include terms that require the vendor to:

  • Establish how and when it may lawfully use or disclose protected information.
  • Take necessary steps to prevent unlawful access to personal health information (PHI), whether electronic or otherwise.
  • Report to you any potential or actual security breaches.
  • Comply with your PHI requests on behalf of a patient or regulatory entity.
  • Comply with all DHHS requests regarding its internal practices, accounting, and records relating to HIPAA regulations.
  • Return or destroy all PHI related to your business, should you terminate the BAA.
  • Hold all subcontractors to the terms of the BAA.
  • Allow you to terminate your contract if any BAA terms are violated.

When HIPAA rights have been violated, the DHHS takes into account whether or not your business knew about any potential risks or non-compliance. So, having a BAA in place shows that you have taken all necessary steps to ensure vendor compliance.

If you experience a PHI breach due to a VoIP provider’s mistake and you haven’t signed a BAA, then you can be held legally responsible.

Depending on the specific violation and your degree of accountability, the DHHS Office for Civil Rights can impose fines as high as $1.9M with possible jail time. Additionally, you may face the possibility of lawsuits from any patients who were affected by the breach.

To help simplify the process of establishing a BAA with vendors and other entities, the DHHS provides a sample contract you can use as a guideline.

What else is required for HIPAA compliant VoIP?

As technology continues to evolve, the DHHS has implemented further HIPAA protections to safeguard all types of PHI, including electronic documents and genetic information.

The department has issued stipulations requiring all entities — including business associates, vendors, and others — to notify affected parties about any security breaches, along with a tiered system for imposing penalties.

In light of these changes, every HIPAA compliant VoIP vendor should follow modern best-practice protocols in addition to signing a BAA.

When it comes to maintaining maximum security and privacy while preventing potential PHI breaches, aspects to look for include:

  • End-to-end data encryption that ensures any intercepted PHI cannot be readily deciphered.
  • Restricted access and additional authentication measures ensure that only trained, designated personnel can view sensitive information.
  • Call logs and/or call analytics that track user data in an effort to uphold the confidentiality, integrity, and security of electronic PHI.

If your VoIP vendor has taken all of the above measures, no additional steps are required in order to ensure HIPAA compliance for video, call recording, or telehealth-related services.

However, as telehealth becomes a more frequent practice, you and your patients may want to consider additional security features such as automatic session termination or lock out after a period of inactivity.

HIPAA-compliant VoIP providers

HIPAA compliance is an asset to many of today’s VoIP customers, so most providers take the necessary steps to ensure they meet the requirements.

Nextiva and RingCentral are two of my favorites, but I encourage you to check out our full VoIP buyer’s guide for more information on all of the top vendors on the market — most of which offer HIPAA compliant VoIP solutions.



Source link

━ more like this

Star Wars: Skeleton Crew review: a wondrous space pirate adventure

“Based on its first three episodes, Star Wars: Skeleton Crew has the potential to be the exciting, fun new space adventure that fans...

NASA’s skywatching tips for December include a meteor shower

What's Up: December 2024 Skywatching Tips from NASA Table of Contents Table of Contents Planets Stars Meteors NASA’s back with its monthly update on what to look out for...

How to Write a Call Center Business Plan in 7 Steps

Writing a call center business plan helps you stay organized and forces you to think through your business model, financials, and company structure. You’ll...

The best Cyber Monday deals from Apple, Amazon, Target, Walmart, Best Buy and others

Cyber Monday 2024 is nearly over, but there are plenty of tech deals to consider if you’re looking for a few things for...

Peacock Cyber Monday streaming deal: Last chance to get a one-year subscription for only $20

Streaming deals are hard to come by nowadays, especially after all of the price hikes that have happened in recent months. But Cyber...
spot_img