Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
HIPAA Compliance in Cloud Phone Systems

HIPAA Compliance in Cloud Phone Systems

By Zoltán G.Zoltán G. Verified by Adam B.Adam B. Last updated: November 25, 2024 (0)

There are plenty of reasons why anyone would chose to use a cloud phone system. Many people say it’s the low deployment and maintenance costs. Others would say it’s the set of enterprise-grade features. Then there are those who would highlight scalability as the greatest advantage. While all of these attributes are important in virtual phone systems, whenever a business engages in any kind of medical activity, they also have to take into consideration another even more crucial element: HIPAA compliance. And while cloud technology is more than capable of handling confidential patient data without accidentally disclosing it to strangers, it needs special attention from users and VoIP providers alike to call a phone system fully HIPAA-compliant.

Why does HIPAA compliance matter?

HIPAA is the abbreviation of Health Insurance Portability and Accountability Act, a law that requires businesses in the healthcare industry to ensure the privacy and security of any personal medical record transmitted from one place to another. Translated to the world of VoIP, this means that any phone call or text message exchanged between patients and doctors that involves confidential medical information must be protected from being disclosed – inadvertently or otherwise – at all costs. As such for VoIP systems to be considered fully HIPAA-compliant must meet the following requirements:

  • Voice/video calls and text messages receive end-to-end encryption to prevent third-party interception.
  • The forwarding of call recordings, voicemails, and SMS/chat messages to email addresses is disabled.
  • Calls and messages are automatically deleted from the phone system manager after 30 calendar days or less.
  • A business associate agreement is offered on request.

Failure to comply with any of these requirements automatically disqualifies the VoIP provider from being HIPAA-compliant and, therefore, it cannot legally be used for transmitting and storing medical data. In fact, users who intend to handle such highly sensitive information via a VoIP system that isn’t HIPAA compliant are risking tens of thousands if not millions of dollars in fines.

False friends

Admittedly, the vast majority of VoIP providers already meet the requirements of HIPAA. Not only do all calls and messages receive end-to-end encryption, but they are also stored on secure servers where not even the VoIP service provider can decode them. Then there is the fact that the entire system is password protected, whether that’s the admin console that handles everything to do with the service or just a virtual extension. Voicemail forwarding also has to be activated manually by users, making it HIPAA-compliant by default.

So, if all these settings make VoIP solutions natively HIPAA compliant, what is the problem? Why isn’t it enough for these security features to be available by default or that special settings to disable anything that may prevent the system from complying with HIPAA regulations are available? The answer seemingly lies in the least significant detail: the business associate agreement. That agreement, or BAA for short, is a must to confirm that the chosen VoIP service provider meets the required HIPAA standards and to clearly outline each contracting party’s rights and obligations. If the provider doesn’t provide a BAA, it shouldn’t be used for handling confidential medical information at all.

VoIP services that are fully HIPAA-compliant

Not providing a BAA already narrows down the list of VoIP solution providers that meet HIPAA’s standards, but that doesn’t mean there aren’t any. RingCentral, for instance, has a specific HIPAA setting in its admin console that disables the email forwarding feature as well as altering the settings to delete all recorded calls, voicemails, chats, SMSs, and faxes after 30 days. In addition to that, the company also implements extra security features like a session timer to log you out of accounts after a certain period of inactivity and it also equips calls with TLS/SRTP encryption. It’s worth adding that although RingCentral does offer BAAs to its subscribers, the only businesses that are entitled to receive them are those that have at least 20 users and are on either the Premium or Ultimate plan.

Up to 33% off RingCentral subscriptions
RingCentral logo
Subscribe to a yearly RingCentral plan and save up to 33% off the regular price.
Save 33% on RingCentral

Another provider, Phone.com, has a different approach. Firstly, no settings that could potentially violate HIPAA-compliance – such as call recording, voicemail to email, voicemail transcription etc – are enabled by default or are only available as extra, pay-only features. And secondly, it offers the necessary BAA documents for users on request regardless of the subscription plan that they are on.


Best VoIP systems of 2024

Editors' choice
RingCentral logo
Editor's rating:
(4.5)
Versatile, advanced call handling features
Huge number of integrations
Unlimited domestic calls and texts
Extensive analytics
Small businesses
Nextiva logo
Editor's rating:
(4.5)
Comprehensive software
Built-in CRM
Free team collaboration platform
30-day money-back guarantee
International calling
VoiPLy logo
Editor's rating:
(4)
No contracts
Unlimited minutes
Vast array of features
Live chat
SMS texting
800.com logo
Editor's rating:
(4)
SMS campaigns
Comprehensive array of features
Broad number selection
30-day money-back guarantee
Growing businesses
Talkroute logo
Editor's rating:
(4.5)
Highly customizable
Multiple device compatibility
Unlimited multi-digit extensions
Extensive reporting
Start-ups
GoTo Connect logo
Editor's rating:
(4)
Unlimited international calling
Extensive phone system management tools
Reliable web conferencing and team messaging
User-friendly
User Feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2024 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us