8x8, Inc. (NASDAQ:EGHT), a provider of cloud-based unified
communications, contact center and collaboration services, today issued
an important reminder to Healthcare Payer and Provider Covered Entities
and Business Associates urging them to examine their communications
infrastructure, including voicemail, eFaxes and SMS, to ensure the
protected health information (PHI) they manage complies with federal
HIPAA Regulatory Law.
The call to action was issued today in support of the Ninth
Annual National Health IT Week, September 15 – 19, a collaborative
forum for public and private healthcare constituents to discuss the
value of health information technology (IT) for the U.S. healthcare
system. Additionally, September 22 is the deadline for all grandfathered
Business Associate Agreements to be updated to satisfy the HIPAA/HITECH
Act and Omnibus Final Rule Regulatory Law requirements put in place last
year. It is the healthcare Payer and Provider Covered Entity’s
responsibility to ensure that the vendors they deal with and the 3rd
parties of those vendors that persistently maintain/store, create,
receive, or transmit PHI have executed an updated Business Associate
Agreement.
According to 8x8 Senior Director of Security and Compliance Mike
McAlpen, "Thousands of healthcare companies in the U.S. are directly
affected by the expanded provisions of HIPAA Regulatory Law that went
into effect last year and many are still unaware of it. Any company that
persistently maintains, stores, creates, receives, or transmits PHI in
their communications infrastructure, directly or indirectly on behalf of
a HIPAA covered entity, or their Business Associates falls under these
relatively new federal laws and could face legal prosecution and
penalties for noncompliance of up to $1.5 million.” McAlpen added,
“State Attorney Generals now also have the authority to prosecute for a
lack of HIPAA Compliance and are, in fact, already doing so in several
states.”
8x8 has taken significant steps, most importantly gaining 3rd
party HIPAA compliance validation from one of the nation’s leading HIPAA
security law authorities and authors, to ensure the cloud communications
solutions and accompanying Business Associate Agreements it provides to
customers are fully up to date and HIPAA compliant. Other measures taken
include data-in-motion encryption with HTTPS for accessing faxes, call
recordings and voicemails along with optional data at rest encryption,
the incorporation of HIPAA compliant administrative controls and
restrictions to protect PHI in eFaxes, recordings and voicemails and the
establishment of comprehensive security and privacy policies,
procedures, standards, training, controls, metrics, monitoring and
governance. Additionally, 8x8 provides its customers with Covered Entity
and Business Associate versions of its updated Business Associate
Agreement written by the same leading legal authority and author on
HIPAA security law.
According to Deborah Sherl, a Legal Nurse Consultant who is certified in
healthcare HIPAA privacy and security, “Many practices have electronic
medical records, practice management software and VOIP communications,
yet most do not have in house IT staff. Under such conditions, striving
to create a new culture of HIPAA Privacy & Security seems to be an
extraordinary effort.” Sherl continued, “Having a business associate
such as 8x8 that is open and welcoming to the need for updating Business
Associate Agreements and working toward a common goal of best practices
for patients is a very positive, yet frequently unusual, experience.”
Cheryl Long, office manager for a 1,000 patient dental practice in
Leonardtown, Maryland, relies on 8x8’s HIPAA compliant cloud
communications services to keep patient interactions and data safe and
secure. “We were advised that if a doctor or dentist communicates over
the Internet or stores information on the Internet, their data security
has to be tighter than a drum,” said Long. “Having a HIPAA Business
Associate Agreement was critical for us. You can install the best phone
system in the world, but if you don’t have a BAA, you are not protected.
I didn’t want to be sweating bullets if we were ever audited for HIPAA
compliance. It’s not worth the risk.”
For additional information regarding 8x8’s HIPAA compliant cloud
communications solutions visit http://www.8x8.com/VoIPBusinessPhoneSystems/ByIndustry/Healthcare.aspx.
About 8x8, Inc.
8x8, Inc. (NASDAQ:EGHT) is the trusted provider of secure and reliable
cloud-based unified communications and virtual contact center solutions
to more than 40,000 small, midsize and distributed enterprise
organizations operating in over 40 countries across six continents.
8x8's out-of-the-box cloud solutions replace traditional on-premise PBX
hardware and software-based systems with a flexible and scalable
Software as a Service (SaaS) alternative, encompassing cloud business
phone service, contact center solutions, and web conferencing. For
additional information, visit www.8x8.com, or
www.8x8.com/UK or connect with 8x8
on Google+, Facebook, LinkedIn and Twitter.
Copyright Business Wire 2014