
HIPAA Compliance
The Health Insurance Portability and Accountability Act (HIPAA) became United States law on August 21, 1996. Its main purpose is to improve the portability of health insurance coverage by ensuring employees

retain health insurance coverage when between jobs. Its secondary focus is to protect Americans' electronic medical information from being improperly stored, copied or stolen. For those not familiar with the basics of HIPAA and how it affects healthcare businesses, keep in mind any entity or individual who transmits and/or stores electronic Personal Health Information (ePHI) via: Email, Voice Conversations, Recordings, Faxes, Transcriptions or other methods must do so on a HIPAA compliant system to ensure that the data is safe and secure. If not, these businesses or people are instantly in violation of HIPAA regulations and subject to civil and criminal fines, imprisonment or both. While these penalties have been around for years, the enforcement side has always been very lax until now. Examples of healthcare businesses requiring HIPAA compliance are Doctors, Psychologists, Dentists, Chiropractors, Nursing Homes, Pharmacies, Insurance Companies, Labs, Mental Health Facilities, Hospitals, etc.
Under HIPAA, VoIP providers like PrimeVOX are categorized as Business Associates if any of their customers transmit or store ePHI on their phone system. As Business Associates, VoIP providers are forced to share liability with their healthcare customers and must adhere to the following:

-
Specific Safety Protocols
-
Audit Controls
-
Person or Office Authentication
-
Transmission Security / Encryption
-
Workstation Security
-
Device and Media Controls
-
Security Management Process
All Business Associates need to sign a Business Associate Agreement (BAA) with covered entities to ensure the Business Associate is aware of their need to become or remain compliant with all HIPAA requirements as it relates to protecting the ePHI. Please note very few VoIP providers are willing to sign a BAA or take the necessary steps to ensure ePHI protection. Therefore, it is essential for businesses who work with ePHI to choose a VoIP provider that meets or exceeds HIPAA requirements and is willing to sign a BAA.
Please Note: PrimeVOX is always happy to sign a BAA with any of our healthcare customers.
The Health and Human Services Office of Civil Rights (responsible for HIPAA enforcement) does not have a department for verifying/certifying an organization’s HIPAA compliance. Reliance comes down to two options: self-governance or very expensive 3rd party verification. With self-governance, it is the word of the business saying it is HIPAA compliant. There is not an expert to verify or confirm this. Customers must simply take their word for it. With 3rd party verification, there is the peace of mind in knowing a company who specializes in HIPAA compliancy has looked at the business’s inner workings, vetted them and deemed them to be fully HIPAA compliant.
​
PrimeVOX is 3rd party HIPAA compliant as verified by the Compliancy Group, the largest 3rd party HIPAA compliance verifier in the United States.