Phone.com HIPAA Compliant VOIP System
Phone.com is the go-to cloud communications platform for small- to mid-size businesses across the US. With more than 29,000 business customers, clients include legal professionals, non-profits, state and local governments, and health care.
Joel Maloff, Senior Vice President of Strategic Alliances and Chief Compliance Officer at Phone.com, sat down to talk about Phone.com’s journey toward HIPAA compliance.
“About a year ago, I didn’t even know what a Business Associate Agreement was,” said Maloff. Business Associate Agreements (BAAs) are legally mandated contracts that business associates like Phone.com must sign in order to protect sensitive health care data being stored, transferred, or communicated on their systems.
If health care vendors and service providers aren’t HIPAA compliant, they can’t faithfully execute BAAs for their clients. Health care providers are more selective than ever before about finding vendors that will sign a BAA and keep their data safe, especially now that cyber-security incidents are making the headlines week after week.
Joel continued: “I started doing some research and we found a HIPAA consultant. And they were ok–they were able to identify areas that needed improvement, but ultimately we were still on our own to figure out where to start and how to actually become HIPAA compliant.”
Joel realized that Phone.com needed to identify where their systems might be vulnerable to a HIPAA violation, or risk potentially losing out on future health care clients.
“My worst nightmare would have been to encounter a large client who was using our system to transfer health data,” said Joel. “Not only would that have been illegal–it would have put their firm and ours in jeopardy of a HIPAA violation. I knew my fellow executives and I wanted to protect our business and our clients. When you point to the risk that this kind of hypothetical can present, it captures everyone’s attention pretty quickly.”
Based on the earlier consultant, Joel said, “We knew what we should be doing from a security perspective to address HIPAA, but we had no idea how to begin doing all the necessary documentation and related requirements. Becoming HIPAA compliant with Compliancy Group gave us the tools to implement the things we should have had in the first place to improve our underlying infrastructure.”
The Guard Solved the Challenge
Once Joel and his team at Phone.com chose Compliancy Group, they were able to fully address the regulatory requirements necessary to become HIPAA compliant.
The Phone.com team was guided through the implementation process by Compliancy Group’s team of expert Compliance Coaches. “Compliancy Group’s guided process was actually a lot more helpful than something like a consultant service because we were the ones looking into the way our business runs. We created a compliance plan that worked for Phone.com without having to reinvent the wheel.”
Compliancy Group gave Phone.com the tools they needed to address HIPAA, so that they can start signing BAAs with confidence that their business and their clients are safe.
“We wrote a single paragraph in our newsletter to announce that we were now signing BAAs, and immediately received half a dozen emails in response,” said Joel. HIPAA compliance is a proven and effective way to capture new clients in healthcare by speaking directly to their needs. Health care and related specialties is one of the fastest growing sectors of the US economy–and becoming HIPAA compliant is an essential first step toward capturing that growth for your business.
“Before we worked with Compliancy Group, there was a tendency to look at HIPAA as overwhelming,
a huge undertaking–something that was going to be a burden both of cost and time. The lesson we learned?
That’s just not so with Compliancy Group.”