HIPAA-compliant phone service for healthcare

HIPAA-compliant phone service must adhere to all regulations for protecting patients’ protected health information (PHI). The Privacy and Security Rules detail the requirements for safeguarding electronic PHI.

A phone service that claims that it is HIPAA-compliant must consider all sources of electronic protected health information, including: 

Call recording. Telephone conversations are not considered protected information, but recordings may contain protected health information.

Caller ID information. Even if a call is not recorded, the call log may link an individual to the healthcare practice and the types of services they provide.

Voicemail. Anywhere there are communications stored, there is potential for protected personal health information.

Voicemail transcription. Transcribing voice messages into text accessible via email or SMS is convenient, but it also creates another source of data.

Text Messaging. Texts are convenient and useful, yet offer another channel that may contain personal data.

Electronic fax. Old-fashioned paper faxing doesn’t create stored records data, but electronic faxing does.

Video conferencing. The video session itself may contain protected health information, as may any video recordings or transcripts.

A Business Associate Agreement (BAA) is a contract between a technology provider (considered a Business Associate) and another party that may be a Covered Entity like a hospital or doctor’s office, or it may be another Business Associate, like an insurance company, accounting firm, or IT contractor.

Any reputable VoIP provider that claims to be HIPAA compliant will enter into a Business Associate Agreement with you. This ensures that the vendor takes seriously their responsibility for the HIPAA compliance of the platform. It is required by law for HIPAA compliance.

Yes, VoIP phones can be HIPAA compliant, but they must meet the following requirements.

Business Associate Agreement: As we described above, there must be a contract governing HIPAA compliance between the healthcare provider and the VoIP phone provider.

Authentication: Every phone must be able to present a unique ID.

Encryption: Transport Layer Security (TLS), virtual private networks (VPN), and other encryption technologies should be in place to safeguard data.

Video-based healthcare is an increasingly significant part of the healthcare industry. Nearly all states offer Medicaid reimbursement for telemedicine, and the majority of states mandate that insurance companies cover telehealth for provider reimbursement.

HIPAA-compliant video conferencing provides protection against this risk. The transmission of protected health information and electronic protected health information in telehealth services carries a risk of data compromise. HIPAA-compliant video conferencing offers a safeguard against this potential vulnerability.

Phone.com provides a secure, cloud-based business communication system through a partnership with a top HIPAA-compliance consultant. This consultant, comprised of former auditors and privacy specialists, ensures a worry-free experience.

Phone.com secures its Pro and Plus video plans with triple DES encryption to prevent unauthorized access and “ZOOM bombing.” Protected health information (PHI), including voicemails with personal medical details, is encrypted at rest on Phone.com servers.

Phone.com undergoes annual HIPAA audits, and all employees complete yearly HIPAA training. Our physical sites and data centers have security measures to prevent unauthorized entry.