The paramount role of security and protecting patient data in healthcare poses unique concerns for healthcare organizations that transition to cloud-based unified communications (UC). The dilemma: How can we ensure we’re not introducing new vulnerabilities that compromise compliance and introduce risk? The key is to partner with a UC service provider that is focused squarely on healthcare to minimize the possibility of damages.
The inherent security advantage in cloud-based UC
Transitioning to cloud-based UC can inherently improve security, as it eliminates the costly and resource-intensive burden of maintaining a legacy PBX system. When a locally hosted PBX falls behind the latest security standards, it becomes vulnerable to cyberattacks. This is especially risky as, according to a report by the U.S. Department of Health and Human Services, nearly three out of four hospitals do not have a designated security professional on staff.
Partnering with a cloud UC provider shifts the burden of communications security to the UC service provider – an essential first step. By following a few important additional steps, you can ensure that your organization is optimally covered.
Validating the UC provider’s compliance
While many UC providers meet the basic standards of HIPAA compliance, those most dedicated to healthcare undergo third-party HIPAA HITECH assessments. Successfully completing this assessment provides peace of mind that the provider can back up its claims of HIPAA compliance with an impartial, objective review covering a wealth of critical items that include:
Further value: Obtaining a BAA
For additional assurance, you should secure a signed Business Associate Agreement (BAA) with your UC service provider.
BAAs are written contracts between the customer (“covered entity”) and the service provider (“business associate”). The BAA specifies each party’s responsibilities regarding the use and safeguarding of protected health information, and typically specifies a lead role for UC provider participation in any audits. The BAA may also specify that the UC service provider is liable for any damages resulting from data breaches, which transfers risk traditionally incurred by the covered entity to the business associate.
In assessing a UC provider’s BAA, confirm that the provider has signed subcontractor agreements with vendors who will be involved in providing your UC service, which eliminates downstream gaps in liability protection.
Final note: Proactive UC provider defense
The most suitable cloud UC providers go beyond checking the boxes on standard regulation and policy compliance. They monitor trends in cybersecurity threats, and proactively arm your organization against them.
For the highest level of security, look for a UC provider that embraces the healthcare industry’s security challenges as its own. In an age of rampant cybercriminal activity, your healthcare organization deserves nothing less.
Austin Herrington is Vice President of Enterprise Voice Product Management for Windstream Enterprise. He oversees the enterprise product strategy and roadmap where he and his team develop, manage and market advanced products and services offered to customers nationwide, executing programs to help businesses achieve a perpetual state of winning. He was previously Director of Product Management responsible for Windstream’s Internet portfolio and value-added services. Prior to joining Windstream in 2006, Herrington was Director of Product Management for Alltel. He holds an MBA from the University of Arkansas’ Sam M. Walton College of Business.
Browse our categories