HIPAA Compliance and VoIP

Data Security GraphicA common misconception is that HIPAA, the Health Insurance Portability and Accountability Act, applies only within the healthcare industry. In truth, business phone systems that leverage Voice over IP technology may also fall under the HIPAA regulations, even if you are not dealing directly with healthcare industry.

HIPAA requires ongoing compliance management. For instance, if you bought your VoIP phone system five years ago, it is possible that it no longer meets all the necessary HIPAA requirements. This is something that needs to be consistently evaluated and monitored. HIPAA provides security for consumer data and protecting your customers is important for not only compliance but also for the reputation of your business. It shows you care, you are engaged, and your customers’ security is important to you.

Seem overwhelming? Don’t worry, we are here to help. Here is some guidance on maintaining HIPAA compliance with your Voice over IP systems:

Physical Security Measures

  • The technology you are using should be up-to-date. Older VoIP systems may not be able to provide the security that is required under HIPAA. Make sure you are always leveraging the most recent updates to your software, telephone lines, and other information technology structures.

Network Security Measures

  • Keep your VoIP transmissions secure. Leverage technologies like IPSEc, Transport Layer Security, and WPA to make sure the messages being shared across the network are protected. Utilizing authentication for individuals, offices and devices will also ensure security.
  • Encrypt your transmissions. Keep the network secure by having strong password policies, active firewalls, and that the networks security is engaged.
  • Control who can access your system. The advancement of Voice over IP technologies has made voicemail and network access more efficient than ever. However, while this newfound efficiency is great, it can also be dangerous. Make sure that everything is highly protected using secure networks and passwords.

The risk of non-compliance is much too great to make this optional for any business. Proactively evaluating your system, implementing aggressive security policies, and leveraging the services of ICS will keep your business in the clear, your customers safe, and your information secure.