Small businesses often find it tough to remain HIPAA compliant. A compliance department or office finds it tough to track their operations due to their small size. Additional compliance burden is shouldered by a few communications providers. This has made it more important for these businesses to pick the right communications provider.
A good communications provider will always help you to remain HIPAA compliant. Communication providers like Broadconnect have succeeded in drawing much of their target audience by offering distance office services and smooth video conferencing. In your attempt to pick the right kind of communications provider, you’ll need to ask the right questions involving communication modes like fax, business phone and customer support units.
- Am I dealing with a business associate who follows HIPAA compliance norms?
By using the services of some business you’re actually going to jeopardize your business, since they aren’t actually saying HIPAA compliant.
- Has your company taken any steps for ensuring compliance?
Compliance is a continual and extensive process for telecom service providers. Besides abiding by the compliance norms, they ought to inquire if their business associate chain is compliant or not.
- Have any independent expert assessed your HIPAA compliance?
In order to protect the compliance of your company it’s important for you to seek third party verification. Seek independent confirmation in this regard. Regulators prefer independent assessments than assessments performed within the company.
- Is the communication provider of your business serving you with the immensely important HIPAA Business Associated Agreement?
Your cloud-based service provider actually needs to be an associated of your business. A service provider is bound to remain compliant when he arrives at an associate agreement with the business owner. His commitment needs to be mentioned in writing and this needs to highlight his responsibilities towards maintaining the security and privacy controls. A business associate agreement is also necessary when a business opts for a vendor that maintains PHI on behalf of it. The service needs to be avoided if they don’t put their signature. Things tend to look better when you have everything in writing. A business should also avoid communications providers that restrict it from using their service to preserve information pertaining to health.
- Can you help staying compliant by suggesting any specific system configurations?
In order to ensure that you remain compliant, service providers often provide you with suggestions and expertise. For providers that consider compliance to be a top priority, a compliance office is assigned with the task of explaining the nature of their services and how things can actually benefit you when you stay compliant.
- Can “data at rest” and “data in motion” be encrypted by your firm?
Data in motion has to satisfy encryption norms during transmission of information through voice modes of communication. Likewise, it needs to undergo another set of protection encryption when it’s stored in the form of voicemails and faxes. Although a few of the service providers can provide you with both forms of encryption, all of them can’t.
Make sure your business associates are abiding by the compliance norms if you wish to avoid paying fines worth up to 1.5 million USD every year.
