Get in touch

 VoIP and HIPAA – Are You Compliant?

 VoIP and HIPAA – Are You Compliant?

There are many reasons why it pays to bring VoIP technology into your practice.

  • It can give you greater flexibility in how you operate
  • It can lower your costs
  • It can give you faster, more reliable communication

It can also give you a HIPAA violation. That can mean thousands of dollars in fines, and a loss of reputation among your community.


One of the reasons VoIP makes a good addition to your practice is because of the rich features that come with a VoIP system. Voice messages can be transcribed and emailed, allowing you to easily attach the data and send it quickly to wherever you need it. Want to include it in a patient’s file? Want to forward it to a colleague? It’s a simple process.

However, what gives VoIP it’s power to be a useful tool in your practice, also puts you at risk for violation.

HIPAA regulation states:

Certain transmissions, including of paper, via facsimile, and of voice, via telephone, are not considered to be transmissions via electronic media if the information being exchanged did not exist in electronic form immediately before the transmission.

VoIP isn’t just regular voice communications. Imagine a patient calls in and leaves a message. They include PHI, including things like name and health information.

That data is converted into electronic media so it can be transferred and stored, which makes it automatically a part of the HIPAA electronic media clause. Several features of a VoIP system can create electronic patient data, including:

  • Transcriptions for voicemail to be included in email or text correspondence
  • Fax to email to allow patient data to flow right into their files
  • Voicemail messages that are permanently stored on the VoIP system
  • Call recording for storing or sharing with others
  • Stored chat histories

While some practices simply turn off the features that produce potential problems with HIPAA compliance, there’s a better way.

  • Authenticate phones with a unique ID. This means each phone will have a unique username and password.
  • Encrypt all electronic data produced through VoIP communication.
  • Create access logs of all call data.
  • Create an access control system to provide different categories of users.
  • Have a HIPAA Business Associate Agreement in place if it’s a cloud-based system.

Doing these few things can ensure you VoIP adds value to your practice, and gives you a way to be more efficient in every communication task you perform.

For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.