At Nextiva, we know how important it is to safeguard protected health information, especially because healthcare providers that experience data breaches or HIPAA violations face astronomical fines and damaged reputations.
The reality is that healthcare communications are more challenging with remote work and telehealth solutions, making it more complicated to provide care while keeping sensitive interactions and data safe.
For optimal patient privacy and security, Nextiva provides HIPAA-compliant voice, fax, and video services. Read on to find out which VoIP services are HIPAA-compliant.
To familiarize you with our HIPAA-compliant offerings, we’ll cover these essential HIPAA topics:
- What is HIPAA?
- What does it mean to be HIPAA-compliant?
- What falls under protected health information?
- How does Nextiva maintain HIPAA-compliance?
- Which Nextiva products and services are HIPAA-compliant?
What is HIPAA?
The Health Insurance Portability and Accountability Act, otherwise known as HIPAA, is a federal law that defines national standards for security and privacy to safeguard protected health information.
There can be protected health information in all communications — from voicemails to virtual consultations — and service providers must collect and protect this information regardless of communication type. Additionally, patients have a reasonable expectation that any private information shared in these communications will be safely stored and only used for health-related purposes.
The goal of HIPAA is to ensure health information is properly protected, while allowing the flow of health information needed to provide and promote high-quality healthcare and to protect the public’s health and well-being.
What does it mean to be HIPAA-compliant?
All healthcare service providers must be HIPAA-compliant. It’s their responsibility to protect all medical records and health-related information, so it’s incredibly important for these healthcare service providers to use HIPAA-compliant communications solutions that ensure protected health information is transmitted securely.
“Ensuring that we were on a secure, HIPAA-compliant platform that was tested and validated was the highest priority. Knowing that the system you communicate on has that security just makes our business much more efficient.”
Joseph Berardo, CEO, Concordia CareJoseph Berardo, CEO, Concordia Care
What falls under protected health information according to HIPAA?
Protected health information includes individually identifiable health information that is transmitted or maintained in any form or medium (electronic, oral, or paper) by a covered entity or its business associates, excluding certain educational and employment records.
- A patient’s name, address, birth date, and social security number
- An individual’s physical or mental health condition
- Any care provided to an individual
- Information about the payment for the care given
How does Nextiva maintain HIPAA-compliance?
Nextiva provides secure and reliable communications to every customer regardless of their industry. For HIPAA-compliant accounts, we limit some functionality to protect private patient data. Doing so helps businesses stay in compliance without any changes on their part.
We’ve adjusted the following features:
- Visual voicemail: Disabled.
- Nextiva App: Disabled listening to voicemails.
- Voicemail to email or text: Disabled.
- vFAX: Disabled sending faxes from an email. View incoming faxes using a secure email link or logging into your portal.
Nextiva also executes a Business Associate Agreement (BAA) that addresses our covered services and states the privacy, security, and breach notification rules required for business associates under HIPAA.
Which Nextiva products and services are HIPAA-compliant?
Nextiva offers cloud-based, unified communications solutions that are HIPAA-compliant, including phone service, virtual fax, and video conferencing.
Any business can use our services, but when we partner with organizations in the healthcare industry we add security measures to ensure protected patient information isn’t shared.
For example, we won’t attach a fax to an email so that only the correct parties can access the fax, and the document or a link cannot be shared with unauthorized parties.
See the table below for more information.
|Advanced call recording||✓|
|1:1 video conferencing||✓||✓|
|Team video conferencing||✓||✓|
|Go Integrator (Skype for Business, CTI, and CRM integrations)||✓||✓|
|SSAE 16-certified data centers||✓||✓|
|Redundant call network path||✓||✓|
|Eight points of presence throughout the U.S.||✓||✓|
|Business Associate Agreement (BAA)2||✓|
1 Except for SMS
2 Nextiva requires that customers using its HIPAA products sign a comprehensive Business Associate Agreement (BAA) that addresses covered services and states the privacy, security, and breach notification rules required for business associates under HIPAA.
Nextiva offers healthcare service providers unified communications solutions that provide the extra monitoring required to be HIPAA-compliant.
The Nextiva core platform, NextOS, resides in data centers across North America with the highest security protocols. For maximum reliability, they are connected with dual OC48 (2.5 Gbps) rings to create redundant call paths.
We also deploy best-of-breed equipment that protects our network from security breaches. The data centers are SSAE 16-certified, SOC II audited, and offer PCI-DSS certification. Each data center has a dedicated power grid with sophisticated energy consumption to deliver 100% uptime.
Most NextOS services are covered by the HIPAA-compliant offering, including phone service, virtual fax, and video conferencing.
Request a demo with one of our experts to see how easy (and compliant) business communications can be.