How can InnerDigital 3CX be used in compliance with HIPAA?
It is important to note that there are no definitive guidelines or certifications that are officially recognized to make a product “HIPAA Secure”. Rather HIPAA simply demands compliance with the general rules within it, specifically the Security Rule, the Privacy Rule and the Breach Notification Rule. InnerDigital supports HIPAA compliance (within the scope of the Business Associate Agreement) but ultimately complying with HIPAA is a shared responsibility between the customer and InnerDigital. That said, there are a number of factors that go into making InnerDigital a HIPAA compliant form of communication that are both logistical and technological in nature:
Logistical
By using the InnerDigital applications, an automatic BAA is put in place which can be accessed here.
Organizations are required to gain documented (dated and time stamped) patient consent to communicate via SMS. Most practices accomplish this through patient consent forms.
InnerDigital was designed specifically for healthcare, so we have built the service with your workflows in mind. We give you the tools to administer users and their access, control who should be notified of new messages, and manage your patient population.
Our staff has completed HIPAA training — we treat your data with respect and care.
Technological
Data is encrypted when in transit. InnerDigital employs TLS RSA with ARIA-256-CBC/SHA-384 for Message Delivery and AES-256 for web service callouts.
Data is encrypted when at rest. InnerDigital hardware is hosted on the East Coast of the United States by Amazon utilizing their EC2 HIPAA compliant service and encrypted using AES-256. InnerDigital and Amazon have an executed BAA in place.
Account management can be handled by client-side Admins and/or by InnerDigital Support. Ability to access and level of access can be managed per user with all users needing unique usernames and passwords.
Conclusion
InnerDigital 3CX is a healthcare communication platform that can be used to text with patients and colleagues. With patient consent, InnerDigital 3CX can be part of a HIPAA compliant approach to patient communication. We have a HIPAA training program ensuring our information/network security approach complies with all HIPAA standards. Have more questions? Feel free to email us: support @ innerdigital.com
Complimentary Consultation
A sales advisor will contact you for a personalized, informative demo on the key features and benefits of our cloud based phone solutions.