The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare providers and their vendors to establish three types of controls when handling Protected Health Information (“PHI”) (or Electronic Protected Health Information (“ePHI”): administrative, physical and technical. Policies and procedures are examples of administrative controls. Protecting hardware is a physical control. Implementing data encryption is an administrative control. This applies to both phone and fax communications. PHI not only must be protected wherever it is stored, it also must be secured wherever it is transmitted. Many VoIP telephone services do not offer this protection, enabling PHI telephone calls and faxes to be intercepted “in the middle” as they travel across the internet. This can violate HIPAA.
Our HIPAA-compliant services provide the data encryption for both phone and fax as your administrative control.
Business Associate Agreement (BAA)
According to HIPAA privacy experts, a lack of Business Associate Agreements is a common violation.
If your current vendor doesn’t provide you with a BAA, you may be in violation.
We will provide you with a Business Associate Agreement (BAA).