Is Your Business VoIP System HIPAA Compliant?
October 8th, 2013 by admin
The Health Insurance Portability and Accountability Act (HIPAA) sets the privacy standards and expectations that the healthcare industry must meet to ensure they’re protecting sensitive data, but did you know that these HIPAA rules apply to many business phone systems as well? While balancing a business phone system with HIPAA standards is a challenge, it is certainly possible with VoIP providers.
Aside from obeying the law, benefits of ensuring that your Allworx and Avaya IP Office VOIP systems are HIPAA compliant include:
- High Level of Professionalism. By taking the time and resources to ensure that your VoIP System is following HIPAA guidelines, you’re showing your dedication to your clients and to professionalism. Furthermore, automated voicemail features add professionalism and are courteous to anyone trying to contact you.
- Access Efficiency. When it comes to managing your VoIP system, efficiency and the ability to access your voicemail are of the utmost importance. With the latest systems that are HIPAA compliant, you have advanced forwarding options so that you can access voicemails anywhere, including your email address.
- Protection. The lack of HIPAA compliance comes with heavy fees and legal fines. By staying on the right side of the law, you can protect your business from having to pay the dues of breaking the rules. Investing in a new, or upgrading your existing, VoIP system is an excellent way to remain compliant.
Even if your VoIP system was HIPAA compliant when you purchased it, that doesn’t necessarily mean that it’s still compliant today. Remember, technology evolves at neck-breaking speed, which means that older phone systems that aren’t updated with newer software versions are not compliant. Either invest in a new system or ensure that you get the latest software version available.
Making VoIP Compliant
Ultimately, HIPAA compliance is all about providing security, especially when it comes to sensitive consumer data. There are two main types of phone system requirements for compliance: physical and network security measures.
The standards embraced in HIPAA were created in part to nullify the dangers of the typical medical office scenario: the secretary on the phone takes the patient’s information over the line, writing it down on a piece of note paper, which can easily get lost, stolen, or misplaced. See the security risks?
Thus, a phone system that’s compliant and protects your office and your clients requires:
- Access control. While an updated VoIP system can make it easier to access voicemails from anywhere, it should also make access more difficult. Through passwords and a secure network, you can ensure that only the intended recipient of the message hears the voicemail.
- Transmission security. This ensures that the messages being transferred over the phone are safe and aren’t being heard by dangerous ears. Person or office authentications are part of this process as well as device and media controls. Though IPSEc, Transport Layer Security, WPA, and similar methods, you can ensure that your transmissions are encrypted as necessary.
- Security management. While VoIP line encryption isn’t necessarily needed, as certain transmissions don’t exist in electronic form before being sent, you still need to ensure that your network provider is providing technical and administrative controls. Even the most compliant VoIP system may falter if the network itself is vulnerable with insufficient physical access. Complex passwords and password policies will strengthen your security management. Also ensure that any VoIP-aware firewalls are engaged.
- Disabled services. Don’t need a service? Then turn it off and focus the rest of your VoIP services on a hardened operating system. Furthermore, be sure to engage in the logical separation of your voice and data networks to maintain security and privacy.
- Staying up to date. By simply implementing the latest software version available, you can ensure that your VoIP system is up-to-date and is HIPAA compliant. Remember, just as technology changes, the compliance standards change as well. By including VoIP compliance as part of your organization’s periodic risk assessment, you can ensure that your systems are as secure as possible.
The Dangers of Not Staying Compliant
Whether it’s financial fraud, disasters in environmental health, or product safety recalls, there are many situations that have highlighted the importance of HIPAA compliance. While there’s hardly any talk about VoIP, the rules and regulations still apply and it’s important to ensure that you abide by them. Some standards are clear, such as “Use strong cryptography and security such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.”
By staying on top of the latest HIPAA standards, your business can avoid the four categories of violations and increasing levels of liability. Remaining HIPAA compliant will keep you from facing the consequences from the Secretary of the Department of Health and Human Services.
Invest in the latest VoIP telephone system technology today!