HIPAA Truth or Scare: What You Don’t Know Might Hurt You
How many times have you walked into a doctor’s office and been asked to sign a HIPAA form for the upteenth time? While this may seem like an annoyingly redundant request, all that HIPAA encompasses is more than an admission ticket for a physician visit. What many do not know is that the arm of HIPAA reaches beyond this customary 2-page consent form. Third-party companies, including telephony and Internet service providers, can be detrimental to HIPAA compliance.
What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 obligates all healthcare providers or payers to safeguard patient privacy and integrity of personal health information (PHI). It’s an umbrella of protection that covers not only securing digital files, but also maintaining physical space in line between waiting customers and customers being served at a drugstore counter. HIPAA is also what mandates that hard copy patient records be securely stored out of reach from unauthorized personnel. With the evolution of technology, including digital voice and video, HIPAA compliance is essential when choosing telephony and Internet service providers, as well.
How important is HIPAA in terms of telephony and ISP?
Regarded in many industries over price and packaging, HIPAA compliance is less often available among hosted VoIP providers. This is another example of how RingLeader has taken the necessary steps to provide the best possible product to its current and future clients. Knowing the gravity of patient privacy, RingLeader spares no expense in performing the work necessary to maintain this high level of protection for its clients.
What does HIPAA compliance mean?
To achieve HIPAA compliance, RingLeader improved its policies and procedures to a HIPAA standard requiring ongoing employee training, documentation, and systems monitoring. As a HIPAA compliant service provider, RingLeader also implements physical security audits as part of its continuous commitment for compliance.
The Department of Health & Human Services summarizes this level of commitment as follows: “The HIPAA Rules generally require that covered entities and business associates enter into contracts with their business associates to ensure that the business associates will appropriately safeguard protected health information.”
Despite the vast amount of information available on HIPAA standards and processes, there remains some misconceptions that can lead health-related companies to unexpected violations and liabilities in this arena.
Clarity on misleading facts about HIPAA
- Phone calls are not governed under HIPAA so our office doesn’t need to worry about it. FALSE. While it is true that phone calls are not considered digital media because the information being exchanged does not originate in electronic format prior to transmission http://www.hipaasurvivalguide.com/hipaa-requirements.php, an insecure phone system is a recipe for disaster. In the absence of controls that limit access to calls, a business can unwittingly provide criminals the opportunity to record calls. When the information recorded is covered by HIPAA, the violation of privacy falls straight on the faulty network’s lap.
- HIPAA certification guarantees my information is secure. FALSE. It is possible for a service provider claiming to be “HIPAA Certified” to NOT provide the necessary technology, training, and processes. The HIPAA Journal points out that there is no official legally recognized HIPAA compliance certification or accreditation, and for good reason. “HIPAA compliance is an ongoing process. An organization may be determined to be in compliance with HIPAA Rules today, but that does not mean that they will be tomorrow or at some point in the future.”
My mobile carrier’s encryption is sufficient for HIPAA. Around 80% of healthcare professionals use a mobile device to help them manage their workflows. This move from unencrypted laptops to smartphones and tablets can have serious consequences for the flow of communication in a healthcare organization. Mobile carriers lack in the level of encryption necessary for HIPAA compliance. However, RingLeader’s secure messaging platform complies with HIPAA encryption by encrypting PHI both at rest and in transit. Messages transmitted via RingLeader are rendered unreadable and undecipherable to the criminal laying in wait to intercept without authorization. “Secure messaging solutions not only meet HIPAA email encryption requirements, they also meet the requirements for access control, audit controls, integrity controls, and ID authentication,” assures the HIPAA Journal.
Michael Darling RingLeader, Inc. Manager of Marketing
VoIP Blogger, Crowdvoicing Expert, SIP Industry Marketing, DC native and Washington Capitals fan.