Broadcast United

REPORT YOUR STORY HERE !

logo space

Reading: Need HIPAA-Compliant VoIP? Make sure you have a signed BAA
REGISTER
  • Loading stock data...
AD PLACEMENT

UPLOAD YOUR STORY HERE

LOGO SPACE

  • Loading stock data...
AD PLACEMENT
United States Minor Outlying Islands

Need HIPAA-Compliant VoIP? Make sure you have a signed BAA

Broadcast United News Desk
Broadcast United News Desk
Need HIPAA-Compliant VoIP? Make sure you have a signed BAA
Need HIPAA-Compliant VoIP? Make sure you have a signed BAA

[ad_1]

Contents
What to Include in a BAA for HIPAA-Compliant VoIPMore information about VoIPWhat else is needed for HIPAA-compliant VoIP?HIPAA Compliant VoIP Providers

HIPAA has been the legal means of protecting sensitive patient information since 1996. With the rapid growth of technology-based record keeping and communications, HIPAA regulations continue to ensure easy access to patient information while protecting individual privacy.

Many VoIP providers, including Nextiva and RingCentral, are HIPAA-compliant themselves, but that’s not necessarily enough to guarantee that your business has all the necessary elements.

In order to have fully HIPAA-compliant VoIP, you must also take one critical step—a business associate agreement that ensures the vendor adheres to the highest levels of privacy and security protocols.

Download: This HIPAA Policy From TechRepublic Premium

What to Include in a BAA for HIPAA-Compliant VoIP

A BAA is sometimes referred to as a business associate agreement, and the US Department of Health and Human Services (DHHS) requires that all communications between healthcare professionals and their business associates, including VoIP providers, be signed by a BAA.

According to the Department of Health and Human Services, the contract must include provisions requiring the provider to:

  • Determine how and when protected information may be lawfully used or disclosed.
  • Take necessary steps to prevent unauthorized access to personal health information (PHI), whether electronic or otherwise.
  • Report any potential or actual security breaches to you.
  • Comply with your PHI request on behalf of a patient or regulatory entity.
  • Comply with all DHHS requirements regarding its internal practices, accounting, and records related to HIPAA regulations.
  • If you terminate the BAA, return or destroy all PHI related to your business.
  • Require all subcontractors to comply with the terms of the BAA.
  • Allows you to terminate the contract if any of the BAA terms are violated.

When HIPAA rights are violated, DHHS considers whether your business knew about any potential risks or noncompliance. Therefore, having a BAA in place demonstrates that you have taken all necessary steps to ensure vendor compliance.

If you experience a PHI breach due to a VoIP provider’s error and you have not signed a BAA, you could be legally liable.

Depending on the specific violation and your level of responsibility, the Department of Health and Human Services’ Office for Civil Rights can impose fines of up to $1.9 million and possible prison time. In addition, you may face lawsuits from any patients affected by the violation.

To help streamline the process of establishing BAAs with suppliers and other entities, DHHS provides sample contracts You can use this as a guideline.

What else is needed for HIPAA-compliant VoIP?

As technology continues to evolve, the Department of Health and Human Services has implemented Further HIPAA Protections Protect all types of PHI, including electronic documents and genetic information.

The department has issued regulations requiring all entities, including business partners, suppliers, and others, to notify affected parties of any security breaches and establishing a graduated system of penalties.

In light of these changes, every HIPAA-compliant VoIP vendor should follow modern best practice agreements in addition to signing a BAA.

Areas to consider when preventing potential PHI breaches while maintaining the highest levels of security and privacy include:

  • End-to-end data encryption ensures that any intercepted PHI cannot be easily deciphered.
  • Restricted access and additional authentication measures ensure that only designated, trained personnel can view sensitive information.
  • Call recording and/or call analytics track user data to maintain the confidentiality, integrity, and security of electronic PHI.

If your VoIP provider has taken all of the steps listed above, no additional steps are necessary to ensure that video, call recording, or telehealth-related services are HIPAA-compliant.

However, as telehealth becomes more frequent, you and your patients may want to consider additional security features, such as automatic session termination or locking after a period of inactivity.

HIPAA Compliant VoIP Providers

HIPAA compliance is an asset to many of today’s VoIP customers, so most providers take the necessary steps to ensure they meet the requirements.

Nextiva and RingCentral are two of my favorites, but I encourage you to check out our full VoIP Buyer’s Guide Learn more about all of the top vendors on the market—most of which offer HIPAA-compliant VoIP solutions.

[ad_2]

Source link

Share This Article
Previous Article Exclusive: Johnson & Johnson to disclose support for talc settlement Exclusive: Johnson & Johnson to disclose support for talc settlement
Next Article CFB fans are engaged in a heated online debate over whether to skip the wedding and watch the Oct. 12 schedule instead | News, Scores, Highlights, Stats and Rumors CFB fans are engaged in a heated online debate over whether to skip the wedding and watch the Oct. 12 schedule instead | News, Scores, Highlights, Stats and Rumors
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *