HIPAA Compliance Policy

Description:

This article will explain:

  • HIPAA compliance

Methods:

HIPAA Compliance is a broad term that covers the protection of patient privacy rights and encompasses a number of different acts including both the HIPAA and HITECH Acts.  To be covered, we subscribe to the following. 

The actual voice call itself (or fax transmission) does NOT need to be encrypted (http://greenwirehealthcare.com/hipaa/is-voip-hipaa-compliant/), but there are a few things that need to happen to make sure compliance is met.  In theory, the law basically states that VoIP providers must make every reasonable effort to prevent HIPAA protected information, but that can mean different things.  In practice, our policy requires the following:

  1. Electronic Fax must only be accessed via Audian’s web portal or installed agent (they must not be emailed as unsecured PDF files)
  2. Voicemail to email may NOT be used (email is considered unsecured)
  3. Voicemail’s must be saved to a secured local server or to a HIPAA secured cloud based location.
  4. Voicemail inboxes must all use passwords for access to the messages.
  5. Call Recordings must be saved to a secured local server or to a HIPAA secured cloud based location.
  6. Call recordings must be in password protected locations.

Call Barge and Whisper must be disabled (so that a protected conversation is not overheard)