RingCentral is a cloud-based service that offers phone, messaging, video, and fax solutions for businesses. The use of cloud-based applications for these services, allows customers to have access to their systems from anywhere. This is particularly important in today’s remote working environment. Many businesses have transitioned to working remotely, including businesses in the healthcare industry. However, for businesses working in healthcare, the cloud service providers they use must be HIPAA compliant. This begs the question, is RingCentral HIPAA compliant?
Is RingCentral HIPAA Compliant: Security Measures
HIPAA compliant software services must ensure the confidentiality, integrity, and availability of protected health information (PHI). On RingCentral’s website, they boast their “seven layers of security” securing the data transmitted through their service. The seven layers are physical, network, host, data, application, business processes, and enterprise level security measures.
These security measures are enabled through:
◈ Transmission Security: RingCentral utilizes Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP) encryption between endpoints. That means that data at rest (stored data) and data in motion (transmitted data) is encrypted. Encryption masks sensitive data, making it unreadable without a decryption key.
◈ Infrastructure Security: is enabled through firewalls, vulnerability scans, intrusion detection, and user authentication.
◈ Physical and Environmental Security: RingCentral’s data centers are protected with electronic prevention systems, security guards, and onsite engineering specialists.
◈ Proactive Fraud Mitigation: is enabled through detection and access controls. Data access is monitored so that unauthorized access can be quickly detected.
◈ SOC II Type 2: RingCentral is audited by a third party to ensure the effectiveness of their operating controls to ensure adherence to the standards set forth by the American Institute of Certified Public Accountants (AICPA).
Is RingCentral HIPAA Compliant: Business Associate Agreement
Under HIPAA law, RingCentral is considered a business associate (BA). As a HIPAA business associate, for organizations working in healthcare to utilize RingCentral’s services, they need to sign a business associate agreement (BAA).
A BAA is a legal agreement that dictates the protections that are required for HIPAA compliance. A BAA limits the liability for each signing party, as each party is responsible for monitoring and maintaining their own compliance.
Although RingCentral will not sign a customer’s BAA, they do have their own BAA available. To sign RingCentral’s BAA, users must request the agreement from their RingCentral representative.
Is RingCentral HIPAA Compliant?
Yes, RingCentral is HIPAA compliant. Provided that the organization implements the proper security measures, trains employees on how to use the platform, and has a signed business associate agreement, RingCentral can be used for HIPAA compliant communication.