Keatings Communications; HIPAA Compliance In today’s world, Health Insurance Portability and Accountability Act (HIPAA) is a requirement that many businesses, in various industries, have to fulfill. Communication companies, like Keatings Communication, in particular have to give out Business Associate Agreements (BAA) to their customers in order to remain HIPAA compliant. However, before we understand how we remain compliant, we need to understand what exactly HIPAA entails.
Health Insurance Portability and Accountability Act (HIPAA) HIPAA is an act that was passed by the government in regards to the protection of patient and customer data. You would assume that this means not many companies have to be HIPAA compliant but the reality is quite different. Companies that have protected health information on patients are required, by law, to be HIPAA compliant along with those businesses partners that have access to the information –like internet service providers, telecommunication companies, insurance companies and the like. Even offering your employees health insurance would require you to become HIPAA compliant. Throughout the years, the importance of data protection has increased dramatically thus resulting in laws like these being passed.
Is the telecommunication industry exempt from being HIPAA compliant? There are many businesses that question the relevancy of being HIPAA compliant when it comes to the industry they operate within. Additionally, according to HIPAA law, transfer of information through paper, fax and telephone is not considered wrong because there is no traceable electronic copy. In contrast when information is transferred through the cloud of electronic devices, there is a trace that can be followed. So the general assumption that follows is, do telecommunication and fax providers need to be HIPAA compliant? While this is a logical conclusion to come to, in reality it is incorrect. The reason why is because of the changing nature of communication technology. The nature VoIP is such that it encompasses services broader than simple voice calls and fax; in today’s age we have voice recordings, voice mails and emails. These platforms, more often than not, are places where information is stored as backup in your cloud or computer files. Since the information becomes traceable and venerable to access by others, VoIP service providers, like Keatings Communications, become liable to HIPAA compliance under the law. So, if the telecommunication industry only encompassed simple phone calls and fax as means of communications, they would not have to deal with HIPAA compliance. However, now that the industry has evolved, there are certain measures that need to be taken in order to protect the customer’s data and to give them assurance of security.
What happens if you violate HIPAA laws? Under the ambit of HIPAA laws, there are serious repercussions of not being HIPAA compliant –especially if you are a company that is required to be due to the nature of your business. Depending on who breaks the rules, there are certain punishments that are imposed by the relevant authorities. Civil penalties for breaking HIPAA rules can be fines starting from 25,000 dollars to 1,500,000 dollars annually. This would be accompanied by invasive investigations within your company and code of conduct of the employees. For criminal penalties, individuals can be punished with a prison sentence of up to a year if they neglected HIPAA. If the private information is taken and read, then a prison sentence of up to 5 years can be authorized. Lastly, if individuals gain access to private information with a malevolent intent, like identity theft, then they can be ordered to serve up to 10 years in prison, with 2 years being mandatory.
Where do VoIP provider companies stand? Any company that becomes an associate to a HIPAA compliant business has to sign a Business Associates Agreement (BAA) so that they become reliable as well. This is particularly important for VoIP provider because otherwise, even unintentional data storage can spell disaster. So in any dealing with hospital, dentists, physicians, insurance companies and the like, extra precaution needs to be taken. This will not only ensure that you stay out of harm’s way but also that patient feel like they are fully secure. Their information remains as private as possible since all associates and contractors have become HIPAA compliant by law.
What is a Business Associates Agreement (BAA)? A BAA is a contract that is signed between a contractor and the relevant company. There exist so that all parties involved can follow the HIPAA regulations and become liable to one another –employees and the business as a whole. If any party violates the BAA, then legal action can be taken against them. The one thing that ensures that both parties follow this contract to the tea is that if caught breaking HIPAA rules, everyone is subject to legal action by the FDA and HIPAA authorities. The long process of investigations and court hearings is one that can drain both businesses out immediately. Thus, this idea of mutual disadvantage is something that keeps all parties HIPAA compliant.
What about those VoIP providers that offer conduit services without signing any BAAs? According to the exception highlighted by the HIPAA regarding simple phone calls and fax, a conduit service would be if why VoIP provider only allowed information to pass through. This would entail there is no storage and that information is simply being exchanged. If VoIP only provided that service, then it would be the exception to the law.
Whether you are locate in Jacksonville, Orlando, Tampa or have offices nationwide Keatings Communications has solutions designed right for you
