VOIP, PBX, Telcom HIPAA Compliance Guide

Next Generation Voice and HIPAA compliance

What is HIPAA?

HIPAA is the acronym for the Health Insurance Portability and Accountability Act, a U.S. law passed in 1996 to create national standards for electronic health care transactions, among other purposes. The provisions of HIPAA apply to all “individually identifiable health information,” also known as protected health information (PHI). HIPAA Privacy and Security Rules set the U.S. national standard for protecting PHI, including patients’ medical records and other health information provided to health care providers in electronic health care transactions.

To whom does HIPAA apply?

What s a business associate agreement?

Each entity covered by HIPAA is required to have a signed agreement (also called “Business Associate Agreement”) with any person or entity considered a “business associate.” The Business Associate Agreement lists the obligations and responsibilities of both organizations pertaining to the protection and use of the protected health information.

HIPAA covered entities may be issued a non-disclosure for business purposes, but should not be considered under HIPAA regulations as a "Business Associate Agreement". In cases where Magoo & Associates maintains or accesses protected information, a "Business Associate Agreement" may be issues. Generally under the context of VOIP or related services, this is not required.

What is the impact in the context of Cloud Hosted VOIP?

Anyone providing health care services that electronically transmit PHI, any health plans and health care clearing house, as well as any service provider to any of these entities which services involve the use or disclosure of PHI should follow the HIPAA rules when using cloud services, making use of electronic PHI and other regulated data for business processes to protect sensitive data that transit in the cloud. Before undertaking a cloud-based solution, be sure to consult a legal advisor to understand the HIPAA rules applicable to your business, potential enforcement and liabilities.

Is Magoo & Associates a business associate under HIPAA in the context of Cloud Hosted VOIP?

No, Magoo & Associates is not a business associate within the definition of HIPAA in respect to VOIP, or Next Generation Voice Services..

In the context of Cloud PBX Services, Magoo & Associates does not create, receive, maintain, access, process, nor view PHI on behalf of its customers. The data transmission conducted in the course of the services does not require access to protected health information on a routine basis. Therefore, Magoo & Associates is not a business associate in the context of the VOIP, Next Generation Voice Services and customers do not need to sign a Business Associate Agreement with Magoo & Associates in the context of the Cloud PBX Services.

How can you ensure HIPAA compliance with your VOIP phone system/ PBX?

Magoo & Associates values customer security and data privacy. The Magoo & Associates Cloud VOIP/ PBX platform is hosted in North American data centers and meets the highest security standards. We deploy the best equipment that protects our network from security breaches and our service is covered by a 99.999% SLA.

As part of its business, Magoo & Associates does not store any PHI and restricts access to voicemails, voice accounts and administrative management to authorized users. It is the customer’s responsibility to keep its credentials secured. Cloud PBX customers are responsible for ensuring that the following functionalities have been disabled to maintain their HIPAA compliance:

A covered entity could technically be in violation to HIPAA if any caller left PHI in a voicemail that was transmitted to an email.

Again, it is always the customer’s responsibility to ensure full compliance with applicable regulations. Make sure to consult your legal advisor if you have any concerns or questions regarding your compliance with HIPPA.

The above compliance guide is strictly for Cloud VOIP, PBX, and Next Generation Voice Services. Customers are encouraged to speak with their sales engineer regarding instances of on-premis PBX or similar configurations to ensure comliance on a routine bases.

Article ID: 127
Last updated: 16 Jan, 2020
Revision: 1
Next Generation Voice Service -> Introduction -> VOIP, PBX, Telcom HIPAA Compliance Guide