A secure and reliable phone system is required for healthcare providers to run operations smoothly. But some phone systems violate HIPAA guidelines surrounding protected health information (PHI).
Let’s determine if CallHippo is HIPAA compliant.
CallHippo is a cloud-based voice over Internet protocol (VoIP) service provider. Since it is a VoIP service, you don’t need a physical landline or SIM card to use it. You only need an Internet connection to make and receive calls.
CallHippo and business associate agreements
VoIP services are considered a business associate when electronic data like voice messages and recorded calls involve PHI. CallHippo needs to sign a business associate agreement (BAA) with covered entities to be HIPAA compliant.
CallHippo doesn’t mention offering BAAs on its website.
CallHippo and PHI
The biggest compliance issue facing VoIP is the security of the data it collects. CallHippo doesn’t mention protecting PHI directly on its website, but you can find a few potential security issues in the features.
A healthcare provider chatting on the phone won’t necessarily create electronic patient data (i.e. ePH), but it will if the call is recorded.
CallHippo offers call recordings. Even though it stores data in the cloud, it’s not immediately apparent if the information is encrypted.
CallHippo lets you receive voicemails in an email and play them directly from your inbox. You could also forward these voicemail messages to other team members.
The voicemail feature is a significant security issue since your email could get hacked, or messages could be sent to unauthorized people, and thus any PHI in a voicemail could get compromised.
VoIP systems need an Internet connection to work, so you want to ensure that your WiFi networks are secured and encrypted to keep your phone system safe.
Is CallHippo HIPAA compliant?
The biggest issue is the lack of a BAA. Since CallHippo won’t sign one, it is not HIPAA compliant.
The company also doesn’t provide information on its website about the encryption or storing of PHI securely in the cloud.
Consider HIPAA compliant email
Phone calls are an easy way to communicate with patients, but not every phone solution is HIPAA compliant.
HIPAA compliant email allows you to send emails with PHI without becoming a security risk.
Paubox Email Suite seamlessly encrypts your email by default and gives you the ability to communicate with your patients without fear of a HIPAA violation. Customer data is stored in a cloud-based and encrypted infrastructure in U.S. data centers.