Blog

Blog

Yes, even VoIP phone systems and apps need to be HIPAA compliant.

By: C Spire on Feb 12, 2024 11:49:29 AM

VoIP phone systems and apps are game-changers for the healthcare industry’s communication landscape, allowing for quicker, more reliable communication. Unfortunately, they also bring a multitude of HIPAA concerns that can be confusing for healthcare professionals to navigate.

“VoIP is a wonderful tool until it’s not set up correctly and costs a company thousands in HIPAA fines,” says Robbie Morris, senior manager, security at C Spire.

Learn more about C Spire's IT healthcare solutions >>

Some of VoIP’s most commonly used features are call recording, voicemail transcription, fax to email - all of which create electronic data of patient information. “When electronic data containing confidential patient information is created and stored on the VoIP system, it is subject to HIPAA compliance,” says Robbie. “There’s no need to be alarmed, as long as your VoIP provider is experienced with HIPAA compliance for VoIP.”

Unfortunately, some VoIP providers simply don't know how to make VoIP HIPAA compliant. Their solution? Avoid the HIPAA concerns completely by simply turning off the features that could create electronic data. “Hiding from these features that you paid for is not a good solution and dramatically reduces the usefulness of VoIP as a communication tool. If you have partnered with a smart and experienced hosted voice provider, they can advise you on common HIPAA compliance issues,” says Robbie.

Here are the most common ways in which VoIP creates electronic patient data:

Voicemail transcription turns VoIP voice messages info texts and then sends the data via email or text.

Fax to email. Traditional faxing doesn’t create electronic data, but fax to email can create stored electronic patient data.

Voicemail. These electronic messages are stored in a VoIP phone system.

Call recording. Talking on the phone doesn’t create electronic data, but it can if VoIP is used to record the conversation.

Unified communication apps. When VoIP is paired with mobile VoIP technology called unified communication applications, features such as instant messaging can be enabled. Stored chat histories are considered electronic data.

READY FOR VoIP? >>

Protecting electronic data

Experienced VoIP providers know how to effectively protect data and avoid HIPAA violations. Unfortunately, it's not always clear which providers you can trust. Here are the most important steps a VoIP provider should take to ensure compliance:

VoIP phones must be authenticated with a unique ID. This ensures only authorized users have access.

Pro tip: Ask a potential provider if each VoIP phone will be assigned a username and password. If not, it's likely not authenticated.

Stored data such as call recording and chat logs should be encrypted.

Business Associate Agreement. This agreement essentially says the VoIP provider agrees to work with you to help your VoIP system meets HIPAA compliance.

Implementation. Secure implementation of a VoIP solution is key. Your provider should ensure the system was setup correctly from the beginning.

Training. A provider should also offer customers regular training on VoIP features, ensuring the system is being used safely and fully.

Reporting: A VoIP system can pull customized activity reports, which are important for HIPAA documentation efforts.

With HIPAA regulations, getting every piece of your VoIP properly installed and setup is vital. Learn more about C Spire's secure VoIP solution here.
 
 

 

Topics: HIPAA, Voice & collaboration


C Spire Business is a privately-held telecommunications and technology company driven to deliver the best experiences in wireless, fiber internet, and business IT solutions such as internet, VoIP, cloud and managed services. Read more news releases and announcements at cspire.com/news. For more information, visit cspire.com or find us on Facebook, Twitter or Instagram.

The information contained in this site is provided for informational purposes only, and should not be construed as legal advice on any subject matter.

Sign up for our monthly newsletter.

For the latest in technology trends, industry news, and C Spire updates.

Recent Posts

Sign up for our monthly newsletter

For the latest in technology trends, industry news, and C Spire updates.