The Health Insurance Portability And Accountability Act (HIPPA) law was passed in 1996 and regulations have been defined continuously over the years. GPhone is a fully HIPAA-compliant unified communications Voice over IP (VoIP) provider that supplies its customers with HIPAA compliant security. HIPAA is a set of patient privacy regulations. It affects many companies. Companies that must comply with HIPAA include health insurance providers, personnel departments of companies with health coverage, and healthcare-related businesses. In addition, any of the subcontractors or partners of businesses that significantly touch protected health information are also regulated under HIPAA, expanding the number of covered businesses to hundreds of thousands.
Why VoIP Providers Need to Comply
As of January 2013, HIPAA covers not only the traditional entities such as medical providers and payers but any of the entire chain of third parties that create, receive, maintain or transmit patient records. In other words, the scope of the regulations are broader and now cover many more people and businesses than before. The law requires all of these entities to safeguard the confidentiality, integrity and availability of this private information through a variety of means, such as encrypting patient record or insurance information stored or transmitted by computers. HIPAA compliance used to be something that mostly affected healthcare and directly related businesses. Now, any company that creates, receives, maintains or transmits patient data must comply. This includes business phone service providers, including VoIP services. VoIP services can generate voicemail, voicemail to email, fax records, call records and other data that can compromise patient information. Understanding how that data is stored and transmitted and providing the tools to enforce security is the responsibility of the VoIP provider. A secure business phone system ensures HIPAA compliance and protects your office from penalties and criminal prosecution. So how do you know the phone system you use in-house is HIPAA compliant?
Features Provided by Gphone for HIPPA compliance
Among other rules, HIPAA standards require:
- Access control
- Audit controls
- Person or office authentication
- Transmission security
- Workstation security
- Device and media controls
- Security management process
Using Your Phone System Properly
When it comes to adhering to guidelines, it’s less about the actual business phone system and more about the behavior around transmitting data through voice communications. It’s been said that “technology itself can’t be HIPAA compliant; hospitals, clinics, and other healthcare-related businesses must be HIPAA compliant.”
First, it’s important to note that your phone must be in a secure location that prevents unauthorized access. You must also assure that any voicemail where sensitive information could be stored has access restrictions, ensuring a secure password and a policy around retention of the voice message.
You should also have a plan or policy around recording voice conversations. Installing such a recording system ensures sufficient accountability in terms of tracking and accessing information. These systems can store audio files electronically to be accessed in the future by the proper personnel.
Automatic forwarding of messages to email as an attachment is disabled.
- RingCentral Contact Center data will not be automatically deleted.
- Automatically delete the following types of data after 30 days:
- RingCentral Office data
• RingCentral Fax data
• RingCentral Professional account data
• Voice recordings
• Short Message Service (SMS)
• Multimedia Message Service (MMS)
• Glip data including content, time and date of messages, text messages, tasks, notes, images, links, events, call activities, and/or posts from 3rd-party integrated applications.
- Session Timer – Automatically log out the account access if it has been idle.
- Secure Voice – TLS/SRTP secure call on desk phones, RingCentral Phone, and RingCentral Phone or Mobile.