Healthcare Providers: Is Your Cloud Phone System HIPAA Compliant?

Posted on May 20, 2018 in Jeff Nolte's Blog

Since 1996, the Health Insurance Portability and Accountability Act (HIPAA) has required healthcare organizations, covered entities, and their related business associates to establish procedures and processes for protecting patient health data against unauthorized access.

This includes protecting patient health data that is stored on Hosted or Cloud Voice services – messaging, call and conference recordings, and voicemail.

The trouble is that many Cloud Voice services do not comply with HIPAA standards, leaving patient information at risk of being accessed without authorization, leaked, ransomed, stolen, and sold despite the best efforts of healthcare organizations to protect their internal IT systems.

HIPAA Compliance Evaluation Criteria for Cloud Voice Services

When choosing a Cloud Voice service, it is essential to evaluate service providers in terms of how closely they comply with HIPAA. Specifically, they must have in place a robust, multi-layer security framework consisting of numerous physical and technical safeguards – such as encryption for web conferencing sessions – re-enforced by stringent administrative policies.

At a minimum, the following selection criteria merit consideration before making a Cloud Voice service procurement decision:

Read the rest of the story here