Phone.com Addresses the Growing Need for HIPAA Compliance
Health care technology is changing. As caregivers and their business associates embark on their digital transformations, they’re adopting new ways of communicating with patients, insurance companies, pharmacies and other stakeholders. Although these techniques are convenient and cost-effective, they’re often relatively novel from a HIPAA standpoint. In other words, using these technologies can have unexpected ramifications in terms of privacy and security.
Joel Maloff, senior vice president of strategic alliances and chief compliance officer at Phone.com, provided us with detailed insight on how health care companies are starting to cope, knowledge gaps, pain points, repeat offenders (users) and what MSPs should know.
Phone.com, which just announced that nearly 500 solutions providers have joined its growing channel partner program and that more than 30,000 businesses across the United States and Canada currently use its cloud-based unified communications and collaboration (UC&C) services platform, works with companies to earn the seal of HIPAA compliance.
Ahh HIPAA. It’s no secret that HIPAA compliance in a post-GDPR digital age is getting increasingly complex. A gosh darn headache, to be frank. Data from The U.S. Department of Health and Human Services (HHS) says that 70% of the health care market is not HIPAA compliant. This is practically screaming for support from channel partners, cloud and managed IT services providers, resellers and agents. But more on that later.
Communication in health care is changing in some pretty big ways. Maloff describes these changes as occurring along two axes — technological and regulatory. In many ways, the technological axis is what’s driving the regulatory axis.
“The widespread adoption of SIP trunking is one example of note; experts forecast SIP trunking utilization in health care to grow exponentially in the coming years,” says Maloff. “SIP trunking is a way of running voice calls over the internet — VoIP — as opposed to TDM phone lines. This saves health care companies time and money. There’s less overall equipment to maintain, and IT staff only need to spend time maintaining their internet infrastructure, as opposed to internet plus TDM equipment. As a result, they’re saving up to 50% on their telecom costs.”
Here’s the thing, though — traditional analog phone lines aren’t covered under HIPAA.
So, in essence, the switch to SIP trunking, and VoIP in general, as opposed to TDM, is really punching up the emphasis on HIPAA. All VoIP phone systems include voicemail, which means that every time a patient calls and leaves a message, it gets recorded on a server. And that means that the phone call becomes personal health information (PHI).
It doesn’t stop there.
“Most companies do not have the time, effort or expertise necessary to build a full-featured SIP trunking phone system themselves — and they definitely don’t have the time to run it” says Maloff. “As a result, most organizations look forward a channel partner or managed services provider to run their VoIP implementation. If they’re a health care company, it means that their service provider needs to sign a Business Associate’s Agreement.”
There are other ways in which new technology adoption is affecting regulation. It can become a bee nest of a situation when it comes to something as simple as making a phone call.
Pharmacies are now texting SMS reminders to their customers, doctors are texting patients, etc. It’s a simple, fast and effective way to …