This is What Telecom Resellers Need to Know About HIPAA Laws


At some point in your life, you’ve probably heard of HIPAA at least once. Most people first encounter the term while signing mandatory healthcare forms at a doctor’s visit. What you might have not known, is that telephone providers for healthcare clients actually share a level of responsibility to remain HIPAA compliant and that a breach in protected data could cost thousands of dollars in federal fines.

What Does HIPAA Have to Do With My UCaaS Business?

Healthcare providers are heavily regulated to ensure they remain HIPAA compliant. Protected confidential information includes data like phone numbers, residential addresses and medical diagnoses. Healthcare professionals need to follow strategic steps to prevent a potential data breach. And since most, if not all, of this protected information is transmitted and stored electronically nowadays, it only adds another layer of complexity to protecting patients’ privacy.

Electronic private healthcare information (ePHI) is what you should be concerned about as a telephone provider in the UCaaS space. Voicemails, recorded phone calls and faxes are a few examples of ePHI that need to be safeguarded because they are not only transmitted but are also stored electronically.

Confidential voicemails and recorded phone calls that are stored on a cloud have the potential to be compromised. Since you are hosting the healthcare provider’s cloud server and have regular, routine access to this, you now become a business associate involved in ensuring HIPAA compliance.

Am I Responsible for All of My Healthcare Client’s Phone Calls?

To an extent. Healthcare professionals have their own set of responsibilities when it comes to ePHI, such as the minimum necessary rule or limiting the length of voicemails. As a phone provider, you are not responsible for factors like that.

Instead, you should be focused on taking the right steps to prevent a data breach, and preparing for the best response plan if a breach unexpectedly occurs. We suggest speaking with our valued partner, Compliancy Group, for a thorough risk assessment and a customized HIPAA compliance plan for your UCaaS company. When you complete training with Compliancy Group, you can even earn a HIPAA Seal of Compliance verification that will let potential healthcare clients know that you (above other telephone providers) have a thorough understanding of their industry needs.

What Can I Do to be HIPAA Compliant—And Are Healthcare Clients Worth the Hassle?

UCaaS technology has significant benefits for healthcare organizations. From the enhanced communication capabilities between hospitals, doctors offices and pharmacies to the major cost in savings, it’s a no-brainer that healthcare professionals are eager to take advantage of all that UCaaS has to offer.  

HIPAA compliancy might sound like a new, complicated set of rules, but a conversation with the Compliancy Group can easily prepare you for ramping up your business. The healthcare industry is huge, and there’s limitless opportunity for any reseller in the UCaaS space if they take time to learn about HIPAA compliance. By understanding the ins and outs of HIPAA and with your willingness to sign an official BAA (Business Associate Agreement) with a healthcare client, you can easily and quickly navigate through the healthcare market.

To learn more about how your business can be HIPAA compliant and secure new opportunities in the healthcare sphere, SkySwitch resellers can register for our upcoming webinar with Compliancy Group on December 18th, 2018.