3 min read
GoTo Connect is a cloud-based phone service system and virtual meeting platform. Many healthcare organizations use such solutions to connect and communicate with employees, patients, and other healthcare providers. To do so, however, those within the healthcare industry need to work with companies that are HIPAA compliant.
In the healthcare industry, sensitive protected health information (PHI) must be safeguarded under HIPAA. A major part of this compliance is working with vendors who will sign a business associate agreement (BAA) and ensure the security of PHI. GoTo Connect says that it is willing to sign a BAA with its healthcare customers and may be HIPAA compliant.
What is GoTo Connect?
GoTo Connect is a market-leading cloud phone system, virtual meeting platform, and customer engagement software. The idea behind the company is to help organizations update and centralize how they communicate and collaborate. It offers virtual receptionists, virtual voicemail, and phone and video conferencing. Moreover, GoTo Connect integrates with several apps, including Zendesk and Salesforce, among others. For healthcare customers, GoTo Connect offers GoTo Meeting for Healthcare, which offers more built-in protections.
LEARN ABOUT: VoIP Providers and HIPAA Compliance: The Ultimate Guide
Is GoTo Connect a business associate?
HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates (i.e., vendors) of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
A BAA is a written contract between a covered entity and a business associate. It outlines the responsibilities and obligations of each party regarding the handling of PHI. Typical provisions within a BAA include:
- Permitted uses and disclosures of PHI
- Safeguards for protecting PHI
- Reporting and mitigation of security incidents
- Compliance with HIPAA regulations
- Dispute resolution and termination clauses
The agreement is required by law for HIPAA compliance and is considered the primary item to consider when it comes to GoTo Connect and its ability to be HIPAA compliant. GoTo Connect is a business associate of a healthcare organization if it is storing, processing, or transmitting PHI, such as a name.
RELATED: How to know if you're a business associate
GoTo Connect and the BAA
Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA. We checked the GoTo Connect website in 2021 and found that the company was willing to sign a BAA. Currently, its BAA is viewable on its website; healthcare organizations can request a BAA through the GoTo Legal Team.
GoTo Connect and data security
Covered entities must consider the administrative, physical, and technical safeguards that a vendor utilizes to protect PHI. To accurately provide a phone and conference system, such platforms must have access to personal information to facilitate communication. With the increasing importance of data privacy and security, all healthcare business associates who collect, store, or process PHI are subject to HIPAA regulations.
Many phone providers are available, but not all meet HIPAA requirements for encryption, data backup, and access controls. GoTo Connect takes its healthcare security seriously and includes several web pages directed to healthcare organizations on its website. According to one such page, besides the BAA, GoTo Connect data is kept private with AES 256-bit encrypted video conferencing and data at rest.
Other general data security measures the company lists involve:
- Access controls (e.g., one-time passwords, meeting locks, and disabled recordings)
- Endpoint security
- Perimeter defenses (e.g., firewalls and proxies)
Accordingly, GoTo Connect also states that it is dedicated to monitoring and continuously improving its security features.
Is GoTo Connect HIPAA compliant?
The BAA is a necessary component of HIPAA compliance and GoTo Connect will sign a BAA for its healthcare customers. Conclusion: GoTo Connect may be HIPAA compliant.
Understanding HIPAA compliance
Healthcare providers know that clear and efficient communication with patients is necessary to run a successful practice. When evaluating a platform’s HIPAA compliance, especially on the cloud, consider the following security needs beyond a BAA:
- Technical safeguards: Mitigate risks associated with cyber threats, hacking, malware, and other security incidents with strong technical safeguards. Such tools as perimeter defenses (e.g., firewalls) and HIPAA compliant email are equally vital for extra protection.
- Employee training: Ensure all staff members have up-to-date knowledge of HIPAA regulations and best practices. Regular training sessions can help prevent unintentional, employee-related breaches.
- Regular audits: Perform periodic assessments of all systems and processes to ensure that they remain compliant. Adapt to any changes in regulations or technology.
- Data access controls: Implement stringent controls, such as multifactor authentication, on who can access PHI and under what circumstances.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.