1. What is Health Information Portability and Accountability Act (HIPAA)?
The Office for Civil Rights enforces:
• the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information
• the HIPAA Security Rule, which sets national standards for the security of electronic protected health information
• and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety
2. What is HIPAA Compliance?
HIPAA sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.
This includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment or operations. Subcontractors, or business associates of business associates, must also be in compliance.
The HIPAA Privacy Rule addresses the saving, accessing and sharing of medical and personal information of any individual, while the HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI).
A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules. fThe HITECH Act was formed in response to health technology development and increased use, storage and transmittal of electronic health information.
And the HIPAA/HITECH Act Omnibus Rule from 2013 which amended the HIPAA/HITECH Act Privacy, Security, Breach Notification, and Enforcement Rules.
RingCentral’s HIPAA-compliant solution ensures that customer calls and messages are secure with encryption in transit and at-rest, along with other features, protecting patient data and guarding against unauthorized access to protected health information.
3. Can a covered entity or business associate use the RingCentral e-fax services and remain HIPAA compliant?
No, if the CE or BA transmits or receives ePHI through calls, voicemails, faxes, or text messages or stores such information in call recordings. A CE or BA cannot use our service for these purposes and remain compliant with HIPAA. Examples of these uses include receiving or sending patient health information through faxes, receiving patient health information through voicemails, and recording phone calls in which patient health information is discussed.
On the other hand, if a CE or BA will not transmit, receive, or store any ePHI using our service at any time, it may use our service and remain compliant with HIPAA if they are already HIPAA compliant. Our service will not impact a customer’s HIPAA compliance if that customer is not using our service to transmit, receive, or store any ePHI at any time.
Please consult with an attorney as to whether your use of our service may involve the transmission, receipt, or storage of ePHI. This article is for informational purposes only and is not intended to provide legal advice.
HIPAA Compliant RingCentral Services and Features