Blog

Blog

What makes a VoIP phone system HIPAA compliant?

By: C Spire on Aug 16, 2021 8:11:00 AM

VoIP HIPAA blogVoIP is a game-changer for the healthcare industry’s communication landscape, allowing for quicker, more reliable communication. It also brings a multitude of HIPAA concerns that can be confusing for healthcare professionals to navigate.

“VoIP is a wonderful tool until it’s not set up correctly and costs a company thousands in HIPAA fines,” says Robbie Morris, a C Spire risk and compliance expert.

[Get the Guide: Four Criteria for Choosing a VoIP Provider]

Some of VoIP’s most commonly used features are call recording, voicemail transcription, fax to email - all of which create electronic data of patient information. “When electronic data containing confidential patient information is created and stored on the VoIP system, it is subject to HIPAA compliance,” says Robbie. “There’s no need to be alarmed, as long as your VoIP provider is experienced with HIPAA compliance for VoIP.”

Unfortunately, some VoIP providers simply don't know how to make VoIP HIPAA compliant. Their solution? Avoid the HIPAA concerns completely by simply turning off the features that could created electronic data. “Hiding from these features that you likely paid for is not a good solution and dramatically reduces the usefulness of VoIP as a communication tool. If you have partnered with a smart and experienced hosted voice provider, they can advise you on common HIPAA compliance issues,” says Robbie.

Here are the most common ways in which VoIP creates electronic patient data:

Voicemail transcription turns VoIP voice messages info texts and then sends the data via email or text.

Fax to email. Traditional faxing doesn’t create electronic data, but fax to email can create stored electronic patient data.

Voicemail. These electronic messages are stored in a VoIP phone system.

Call recording. Talking on the phone doesn’t create electronic data, but it can if VoIP is used to record the conversation.

Unified communications. When VoIP is paired with mobile VoIP technology called unified communications, features such as instant messaging can be enabled. Stored chat histories are considered electronic data.

Protecting electronic data

Experienced VoIP providers know how to effectively protect data and avoid HIPAA violations. Unfortunately, it's not always clear which providers you can trust. Here are the most important steps a VoIP provider should take to ensure compliance:

VoIP phones must be authenticated with a unique ID. This ensures only authorized users have access.

Pro tip: Ask a potential provider if each VoIP phone will be assigned a username and password. If not, it's likely not authenticated.

Stored data such as call recording and chat logs should be encrypted.

Business Associate Agreement. This agreement essentially says the VoIP provider agrees to work with you to help your VoIP system meets HIPAA compliance.

Implementation. Secure implementation of a VoIP solution is key. Your provider should ensure the system was setup correctly from the beginning.

Training. A provider should also offer customers regular training on VoIP features, ensuring the system is being used safely and fully.

Reporting: A VoIP system can pull customized activity reports, which are important for HIPAA documentation efforts.

 

FREE RESOURCE

VoIP guide cover image4 Criteria for Choosing a VoIP Provider

VoIP technology is a powerful tool, but only in the right provider’s hands. Choose the wrong provider, and you could miss out on the technology’s high productivity and reliability values. And you could also face thousands lost to  HIPAA compliance fines.

In this guide, you’ll learn:

  • ways VoIP providers most commonly fail their clients.
  • four criteria for selecting a provider who will make your success a priority.
  • how a provider should train your team and ensure adoption.
GET THE  GUIDE

 

Topics: VoIP


C Spire Business is a privately-held telecommunications and technology company driven to deliver the best experiences in wireless, fiber internet, and business IT solutions such as internet, VoIP, cloud and managed services. Read more news releases and announcements at cspire.com/news. For more information, visit cspire.com or find us on Facebook, Twitter or Instagram.

The information contained in this site is provided for informational purposes only, and should not be construed as legal advice on any subject matter.

Sign up for our monthly newsletter.

For the latest in technology trends, industry news, and C Spire updates.

C Spire Cares Same-Day Delivery Now Available in Select Locations
New call-to-action

Sign up for our monthly newsletter

For the latest in technology trends, industry news, and C Spire updates.

Recent Posts