UC Solutions Can Help Organizations Maintain HIPAA Compliance
September 06, 2016
By Laura Stotler
TMCnet Contributing Editor
It’s been 20 years since the Health Insurance Portability and Accountability Act (HIPAA) became law, and organizations are still scrambling to achieve and maintain compliance. HIPAA mandates extend well beyond the purview of healthcare providers, covering software developers, service providers, data warehouses and other entities that handle sensitive patient data in some way.
Fortunately, unified communications (UC) solutions can help offset some of the pressure, providing valuable security features and other functionality to aid businesses as they struggle with HIPAA. A recent blog post from ISI Telemanagement Solutions (News - Alert), a company specializing in UC and call accounting and reporting solutions, outlines some of the potential pitfalls organizations need to avoid to stay in compliance.
Mobility is one of today’s key technology drivers, enabling effortless synergy among a broad range of devices. But the plethora of mobile devices in use in the business landscape creates the potential for trouble in the form of breaches and theft. Vulnerable devices containing sensitive data can easily cause a HIPAA violation, and a massive headache for the associated organization.
The prevalence of social media applications is another potential weak point, and something as simple as photographs or videos taken in or around a hospital or medical facility and posted on social media can create a violation. Organizations can circumvent this by developing a strict social media policy for workers, patients and visitors. Another potential point of failure is when organizations fail to review their HIPAA compliance measures. Performing risk analysis on a regular basis is absolutely critical to maintaining compliance based on the number of new applications, technologies and services continuously flowing in and out of the healthcare field.
Thankfully, UC solutions that include valuable features like call recording and accounting can go a long way toward offsetting risk of HIPAA violations. A HIPAA compliant call recording solution should include access and audit controls, authentication and transmission security. Auditing will be able to track events like password updates, logins and logouts and recordings marked for playback or deletion. These features go a long way toward ensuring workers and practices remain in compliance with HIPAA.
According to ISI, private practices, general hospitals, outpatient facilities, pharmacies and health plans and insurance issuers are among the organizations most frequently involved in correcting HIPAA violations. The Office for Civil Rights has collected more than $37 million in fines due to violations, making HIPAA compliance a must for any organizations dealing with sensitive patient data.
Edited by Alicia Young