The Road to HIPAA-compliant Business VoIP and Unified Communications
For most people, starting a road trip comes with an emotional mix of excitement and anxiety. Excitement about escaping the daily routine, and the thought of all the great new experiences ahead. Anxiety about all the possibilities of what might go wrong, in unfamiliar places.
The Right Business VoIP Provider Makes the Road to HIPAA Compliance Easier
The road to HIPAA compliance can be easier—IF you pick the right traveling companions to be your business associates. While 8x8, Inc. is a unified communications vendor and not in the business of providing legal advice on making your business HIPAA compliant, we have undertaken our own compliance journey and have established a level of credibility and competence along the way that other business VoIP providers envy. Here’s some of what we learned on the way to developing our own internal business culture of compliance, in business VoIP and beyond.
Starting the Journey—Does Your Business Need to Comply?
In early 2013, the U.S. Department of Health and Human Services issued the latest version of the HIPAA/HITECH Omnibus Rule. The rule is now in full force and the scope of businesses covered by HIPAA has expanded considerably from the previous 2010 iteration.
Your business could be a HIPAA-regulated company that needs to comply with HIPAA, and you might not even know it, because the rules have been broadened fairly recently.
Companies come under HIPAA regulations several ways. You might be a ”covered entity” such as a healthcare provider, health plan administrator, or healthcare clearinghouse. You might also be a “business associate,” which HIPAA rules define as a party to whom a covered entity discloses protected health information. For example, many personnel departments receive such information relating to the health plan coverage that their organizations offer to employees.
A Common Tourist Trap on the Road to Compliance
Or—and this is where lots of companies fall under HIPAA regulations—you might be a sub-contractor to a covered entity or business associate that is involved with creating, receiving, maintaining or transmitting individually identifiable health information. In that case, you might not even know you need to comply.
Or maybe you’re already concerned with ensuring your business is HIPAA compliant. However, you may not know what you need to do to get started on that journey, or you may not be confident in your ability, as a business, to continue down the path of compliance. You might not even realize that your business VoIP or unified communications provider must also be HIPAA compliant for your company to achieve or remain compliant.
“Trip Insurance”—A Business Associate Agreement from Your Business VoIP Provider
As you try to put in place your compliance plan, don’t forget to ensure that your unified communications services—phones, fax, collaboration software, and call center software—all comply. 8x8 is one of the few major business VoIP and unified communications providers that is HIPAA compliant. As such, we are in a position to offer our customers a written Business Associate Agreement, which you can use to support your own quest for compliance.
Get It in Writing from Your Business VoIP Provider
While a BAA can’t make you compliant if you aren’t already, what it CAN do is document that your business VoIP communications solution—or even your call or contact center solution—complies with HIPAA regulations, when used as recommended. This means that your unified communications provider won’t put you at risk of being non-compliant, and if you’re already compliant in all other regards, you don’t have to worry that your unified communications provider’s compliance—or lack of it—will jeopardize yours. Think of it as similar to airline insurance, which helps protect your vacation from one big potential problem.
Let 8x8 Illuminate Your Journey to Compliant Unified Communications
We can also provide guidance on how to configure your 8x8-provided cloud services to be HIPAA-compliant. 8x8 has also published special reports on compliance, security and reliability, as well as several special reports specifically on VoIP provider HIPAA compliance. We also offer webinars to help you better understand HIPAA and your company’s obligations.
A Few Business VoIP Compliance ‘Travel Brochures’
As an additional convenience for you, we have collected a list of useful resources to ensure you can quickly find information that will assist you on your journey to HIPAA-compliance.
Help With the Unified Communications Leg of your Journey
Getting your business to HIPAA compliance is not a destination, but a journey. It requires many continuing steps. The end result is that you will be better prepared to protect the personal health information of your patients, or your business partners’ data, which includes this HIPAA-covered protected health information. This, in turn, will shield your business from the expensive fines and litigation that are plaguing an increasing number of respectable healthcare-related organizations and their partners. We want you to enjoy the journey, and arrive with confidence.