HIPAA Compliance with Phone.com Products and Services

Is Your Practice Compliant?

Find Out More

Get More Informtion

Enhance your patient-provider communications and collaboration

Your medical practice needs to be connected, but also needs to be secure. So when you're looking for the right phone service provider, HIPAA compliance is a top priority.

What is HIPAA?

The Health Insurance Portbility And Accountability Act (HIPAA) was signed into law in the year 1996. It is a piece of legislation which provides security provisions and data privacy, in order to keep patients’ medical information safe. The act contains five titles:

HIPAA Title I aims to protect coverage of health insurance for those who have changed or lost their jobs. It prevents group health plans from refusing to cover individuals who have pre-existing diseases or conditions, and prohibits them from setting limits for lifetime coverage. HIPAA Title II aims to direct the United States Department Of Human Services and Health in order to standardize the processing of electronic healthcare transactions nation-wide. It requires the organizations to implement safe electronic access to the patients’ health data, remaining in compliance with the privacy regulations which were set by the HHS.

HIPAA Title III is related to provisions which are tax-related, as well as general medical care guidelines.

HIPAA Title IV
defines a further reform in health insurance, including provisions for those who have pre-existing diseases or conditions, and individuals who are seeking continued coverage.
HIPAA Title V includes provisions associated with company-owned insurance, and treatment of those who lost their citizenship for income tax reasons.

What is HITECH?

Health Information Technology for Economic and Clinical Health Act is part of the American Recovery and Reinvestment Act of 2009. This was designed to hasten the call to converting to electronic protected health records (EHR). HITECH increased the number of penalties for repeated HIPAA violations and expand data breach notifications, etc.

What is BAA?

A BAA is a Business Associate Agreement. The HIPAA regulations call it a Business Associate Contract. They’re really the same thing. BAAs satisfy HIPAA regulations, and create a bond of liability that binds two parties. If one member violates a BAA, the other has legal recourse. If there’s no BAA or it’s incomplete, or if it gets violated, then both associates may find themselves i trouble with HIPAA and other FDA regulations.

HIPAA Compliance Includes Wireless Devices

What is a Covered Entity?

A covered entity (CE) is an organization or individual who is practicing HIPAA compliance in order to protect individuals’ health information.

What is PHI?

Protected Health Information is an individual’s health data created, received, stored, transmitted by HIPAA-covered entities and their business associates. This includes information about patients, billing, etc.

What is a Business Associate?

A business associate is an individual, organization or entity, whose operations or functions involve distribution, services for, or contact with PHI for covered entities. This includes phone service providers, third-party claims processing, attorneys who interact with PHI, medical transcriptionist, etc.

Phone.com has partnered with the Compliancy Group to ensure their VoIP business phone systems are complaint with HIPAA and HITECH for healthcare professionals.

Healthcare professionals are required to safeguard patient medical information and a compliant secure phone system is one part of that requirement.

With a growing number of healthcare providers, from sole practitioners to major hospitals, looking to ditch traditional phone companies and their high rates, adding HIPAA and HITECH compliance allows Phone.com to be a top choice in the field.

78% of Healthcare Workers Lack Data Privacy, Security Preparedness

How can Phone.com help your medical business?

Phone.com’s lightweight APIs make it easy for small businesses to extend UC services into EHRs, third-party portals, middleware, and CRM platforms, provide the flexibility to create new applications for specific use-cases with custom integrations, and remove interoperability issues that complicate and delay workflows.

Phone service providers and other entities responsible for HIPAA and HITECH compliance mustensure the same privacy and security measures are taken with interoperability-exchanged data, aswith all other sensitive data.

To deal with data and demand for interoperability between provider systems, HIPAA-covered entities will benefit from partnerships with other organizations to guarantee asset security. These partnerships are known as Business Associate Agreements (BAAs).

The population health and accountable care initiatives will benefit when subject to improved interoperability, and also having health data be more readily available.

For the information to be made available, it will be exchanged across a murky landscape that has differing degrees and various levels of privacy and security rules and regulations. This opens up organizations to infractions, violations, and even costly fines.

Who puts PHI at risk?

In Q2 of 2018, 29.71% of privacy violations were repeat offenders. This evidence indicates health systems accumulate risk that compounds over time if proper reporting and education do not occur. On average, if an individual healthcare employee breaches patient privacy once, over 30% will probably do so again in three months, and over 66% will perhaps do so again in a year. In other words, even minor privacy violations that are not promptly detected and mitigated, have the potential to compound risk over time.
 
Routine training and education are instrumental in preparing healthcare employees to prevent common threats to patient privacy. A study conducted in early 2018 found that 78% of staff lacked proper data privacy and security awareness. Resources provided to healthcare organizations are pivotal in reducing the number of breach incidents. Educating and retraining workforce members on data privacy and security policy and procedures can reduce the frequency of repeat offenders within the organization.

Every Detail Counts

HIPAA compliance in a post-GDPR digital age creates hot button issues with gray area criteria.
Even if management teams are currently passing all HIPAA checks, patient information shared
by voicemail, MMS or text message in the past may pose delinquency and security risks.
Many times, these risks can come from poor governance of employee-patient communications
and termination.
Compare Phones