Since Paubox is a Business Associate to thousands of customers, we’ve been wondering if they are able to use Ooma in a HIPAA compliant manner.
In fact, we’ve noticed more vendors, customers, and prospects asking about HIPAA compliant services.
This is especially true now as we see an accelerated, long overdue adoption of digital transformation in healthcare.
We know the HIPAA industry is vast, so we can empathize with just how many people need to use cloud services in this sector.
Today we will determine if Ooma offers HIPAA compliant phone service or not.
Ooma is a Voice over IP (VOIP) provider for small business, home, and mobile users.
Ooma was founded in 2003 by Jamie Yukes in Silicon Valley. It went public in 2015.
What is a Business Associate?
A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a Covered Entity.
Read full article: What does it mean to be a Business Associate?
Business Associate Agreement provisions
If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement (BAA) must be in place.
A BAA is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance.
At a minimum, a Business Associate Agreement contains 10 provisions.
Read full article: Business Associate Agreement Provisions
Ooma and the Business Associate Agreement
We checked the Ooma site for mention of their ability to sign a Business Associate Agreement (BAA).
We found the following pages:
On those pages, we can see that:
- Ooma specifically states: “OOMA SPECIFICALLY MAKES NO REPRESENTATION, WARRANTY, OR GUARANTEE THAT THE SERVICES, THE ACCOUNT(S), OR THE OOMA EQUIPMENT (OR THE USE OF ANY OF THE FOREGOING BY ANY PARTY) COMPLIES OR WILL COMPLY WITH HIPAA OR ANY OTHER LAW OR WILL RENDER ANY PARTY COMPLIANT WITH HIPAA OR ANY OTHER LAW.”
- The Ooma Enterprise plan is also not HIPAA compliant
Does Ooma offer HIPAA Compliant Service?
The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate.
We were able to learn the following about Ooma about their ability to be considered a HIPAA compliant solution:
- Ooma explicitly states they are not HIPAA compliant
Conclusion: Ooma is not a HIPAA compliant phone service.