The Road to HIPAA-compliant Business VoIP and Unified Communications

Business VoIP: road trip with HIPAA guideFor most people, starting a road trip comes with an emotional mix of excitement and anxiety. Excitement about escaping the daily routine, and the thought of all the great new experiences ahead. Anxiety about all the possibilities of what might go wrong, in unfamiliar places.

The Right Business VoIP Provider Makes the Road to HIPAA Compliance Easier

The road to HIPAA compliance can be easier—IF you pick the right traveling companions to be your business associates. While 8x8, Inc. is a unified communications vendor and not in the business of providing legal advice on making your business HIPAA compliant, we have undertaken our own compliance journey and have established a level of credibility and competence along the way that other business VoIP providers envy. Here’s some of what we learned on the way to developing our own internal business culture of compliance, in business VoIP and beyond.

Starting the Journey—Does Your Business Need to Comply?

In early 2013, the U.S. Department of Health and Human Services issued the latest version of the HIPAA/HITECH Omnibus Rule. The rule is now in full force and the scope of businesses covered by HIPAA has expanded considerably from the previous 2010 iteration.

Your business could be a HIPAA-regulated company that needs to comply with HIPAA, and you might not even know it, because the rules have been broadened fairly recently.

Companies come under HIPAA regulations several ways. You might be a ”covered entity” such as a healthcare provider, health plan administrator, or healthcare clearinghouse. You might also be a “business associate,” which HIPAA rules define as a party to whom a covered entity discloses protected health information. For example, many personnel departments receive such information relating to the health plan coverage that their organizations offer to employees.

A Common Tourist Trap on the Road to Compliance

Or—and this is where lots of companies fall under HIPAA regulations—you might be a sub-contractor to a covered entity or business associate that is involved with creating, receiving, maintaining or transmitting individually identifiable health information. In that case, you might not even know you need to comply.

Or maybe you’re already concerned with ensuring your business is HIPAA compliant. However, you may not know what you need to do to get started on that journey, or you may not be confident in your ability, as a business, to continue down the path of compliance. You might not even realize that your business VoIP or unified communications provider must also be HIPAA compliant for your company to achieve or remain compliant.

“Trip Insurance”—A Business Associate Agreement from Your Business VoIP Provider

As you try to put in place your compliance plan, don’t forget to ensure that your unified communications services—phones, fax, collaboration software, and call center software—all comply. 8x8 is one of the few major business VoIP and unified communications providers that is HIPAA compliant. As such, we are in a position to offer our customers a written Business Associate Agreement, which you can use to support your own quest for compliance.

Get It in Writing from Your Business VoIP Provider

While a BAA can’t make you compliant if you aren’t already, what it CAN do is document that your business VoIP communications solution—or even your call or contact center solution—complies with HIPAA regulations, when used as recommended. This means that your unified communications provider won’t put you at risk of being non-compliant, and if you’re already compliant in all other regards, you don’t have to worry that your unified communications provider’s compliance—or lack of it—will jeopardize yours. Think of it as similar to airline insurance, which helps protect your vacation from one big potential problem.

Let 8x8 Illuminate Your Journey to Compliant Unified Communications

We can also provide guidance on how to configure your 8x8-provided cloud services to be HIPAA-compliant. 8x8 has also published special reports on compliance, security and reliability, as well as several special reports specifically on VoIP provider HIPAA compliance. We also offer webinars to help you better understand HIPAA and your company’s obligations.

A Few Business VoIP Compliance ‘Travel Brochures’

As an additional convenience for you, we have collected a list of useful resources to ensure you can quickly find information that will assist you on your journey to HIPAA-compliance.

Why HIPAA Compliance Should Scare You

The Elephant Herd in the Room: Why VoIP Providers Won’t Talk About Compliance, Security and Reliability


U.S. Dept. of Health & Human Services OCR

Building a Culture of Compliance Video

8x8, Inc. Information Security & Compliance

HIPAA 411 Group on LinkedIn

Help With the Unified Communications Leg of your Journey

Getting your business to HIPAA compliance is not a destination, but a journey. It requires many continuing steps. The end result is that you will be better prepared to protect the personal health information of your patients, or your business partners’ data, which includes this HIPAA-covered protected health information. This, in turn, will shield your business from the expensive fines and litigation that are plaguing an increasing number of respectable healthcare-related organizations and their partners. We want you to enjoy the journey, and arrive with confidence.

David Leach


David is the Product Evangelist at 8x8. David enjoys the opportunity he gets to help business owners and technology professionals discover new ways that they can work smarter and conduct business anywhere, anytime. [...] Read More >

  • icon-gray-linkedin.png