Is Nextiva HIPAA Compliant?

July 14, 2021 4 min read

Rae Repanshek

Rae Repanshek

Updated HIPAA compliance information regarding Nextiva

At Nextiva, we know how important it is to safeguard protected health information, especially because healthcare providers that experience data breaches or HIPAA violations face astronomical fines and damaged reputations.
The reality is that healthcare communications are more challenging with remote work and telehealth solutions, making it more complicated to provide care while keeping sensitive interactions and data safe.
For optimal patient privacy and security, Nextiva provides HIPAA-compliant voice, fax, and video services. Read on to find out which VoIP services are HIPAA-compliant.
To familiarize you with our HIPAA-compliant offerings, we’ll cover these essential HIPAA topics:

What is HIPAA?

The Health Insurance Portability and Accountability Act, otherwise known as HIPAA, is a federal law that defines national standards for security and privacy to safeguard protected health information.
There can be protected health information in all communications — from voicemails to virtual consultations — and service providers must collect and protect this information regardless of communication type. Additionally, patients have a reasonable expectation that any private information shared in these communications will be safely stored and only used for health-related purposes.
The goal of HIPAA is to ensure health information is properly protected, while allowing the flow of health information needed to provide and promote high-quality healthcare and to protect the public’s health and well-being.

What does it mean to be HIPAA-compliant?

All healthcare service providers must be HIPAA-compliant. It’s their responsibility to protect all medical records and health-related information, so it’s incredibly important for these healthcare service providers to use HIPAA-compliant communications solutions that ensure protected health information is transmitted securely.

“Ensuring that we were on a secure, HIPAA-compliant platform that was tested and validated was the highest priority. Knowing that the system you communicate on has that security just makes our business much more efficient.”

Joseph Berardo, CEO, Concordia Care

Joseph Berardo, CEO, Concordia Care

What falls under protected health information according to HIPAA?

Protected health information includes individually identifiable health information that is transmitted or maintained in any form or medium (electronic, oral, or paper) by a covered entity or its business associates, excluding certain educational and employment records.
For example:

  • A patient’s name, address, birth date, and social security number
  • An individual’s physical or mental health condition
  • Any care provided to an individual
  • Information about the payment for the care given

How does Nextiva maintain HIPAA-compliance?

Nextiva provides secure and reliable communications to every customer regardless of their industry. For HIPAA-compliant accounts, we limit some functionality to protect private patient data. Doing so helps businesses stay in compliance without any changes on their part.
We’ve adjusted the following features:

  • Visual voicemail: Disabled.
  • Nextiva App: Disabled listening to voicemails.
  • Voicemail to email or text: Disabled.
  • vFAX: Disabled sending faxes from an email. View incoming faxes using a secure email link or logging into your portal.

Nextiva also executes a Business Associate Agreement (BAA) that addresses our covered services and states the privacy, security, and breach notification rules required for business associates under HIPAA.

Related: Healthcare Call Center Best Practices for Better Patient Care

Which Nextiva products and services are HIPAA-compliant?

Nextiva offers cloud-based, unified communications solutions that are HIPAA-compliant, including phone service, virtual fax, and video conferencing.
Any business can use our services, but when we partner with organizations in the healthcare industry we add security measures to ensure protected patient information isn’t shared.
For example, we won’t attach a fax to an email so that only the correct parties can access the fax, and the document or a link cannot be shared with unauthorized parties.
See the table below for more information.

FEATURES STANDARD HIPAA-COMPLIANT
Phone service
Auto attendant
Call recording
Advanced call recording
Voicemail-to-email
Voicemail transcript
Visual voicemail
SMS
vFAX
CRM
Chat
Surveys
VIDEO CONFERENCING
1:1 video conferencing
Team video conferencing
Audio-only conferencing
ADD-ONS
Advanced IVR 1
Go Integrator (Skype for Business, CTI, and CRM integrations)
SECURITY
SSAE 16-certified data centers
Redundant call network path
Eight points of presence throughout the U.S.
Business Associate Agreement (BAA)2

1 Except for SMS
2 Nextiva requires that customers using its HIPAA products sign a comprehensive Business Associate Agreement (BAA) that addresses covered services and states the privacy, security, and breach notification rules required for business associates under HIPAA.

Nextiva offers healthcare service providers unified communications solutions that provide the extra monitoring required to be HIPAA-compliant.
The Nextiva core platform, NextOS, resides in data centers across North America with the highest security protocols. For maximum reliability, they are connected with dual OC48 (2.5 Gbps) rings to create redundant call paths.
We also deploy best-of-breed equipment that protects our network from security breaches. The data centers are SSAE 16-certified, SOC II audited, and offer PCI-DSS certification. Each data center has a dedicated power grid with sophisticated energy consumption to deliver 100% uptime.
Most NextOS services are covered by the HIPAA-compliant offering, including phone service, virtual fax, and video conferencing.
Request a demo with one of our experts to see how easy (and compliant) business communications can be.

Related: What Is VoIP? The Newbie’s Guide to Voice over IP

Rae Repanshek

ABOUT THE AUTHOR

Rae Repanshek

Rae Repanshek was a product marketing manager at Nextiva. She loves sharing stories about how we make it easy for businesses to serve their customers. Her goal is to create accessible product content while keeping everyone informed about innovations happening behind the scenes. A huge customer advocate, she works with the product teams to ensure…

Posts from this author
Call badge icon