Compliance
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that seeks to improve the efficiency and effectiveness of the healthcare care system, while also establishing national standards for privacy and security protections for health information. The following information regarding HIPAA is not legal advice and is provided for information purposes only. Axion Communications encourages you to seek legal advice from an attorney to obtain specific guidance-related compliance with HIPAA and the requirements applicable to your business.
HIPAA includes three primary rules:
The Privacy Rule
The Security Rule
The Breach Notification Rule
HIPAA generally applies to health plans, health care clearinghouses, and to most healthcare providers. These are referred to as “covered entities.” Additionally, persons or entities (like Axion Communications) who perform functions or activities on behalf of a covered entity that involve access to PHI may also be considered “business associates” subject to certain HIPAA standards.
You can learn more about HIPAA requirements from the Department of Health and Human Services (HHS).
It’s important to know that HHS does not endorse or recognize private organizations’ HIPAA “certifications”. Some service providers may claim that they or their systems are “HIPAA compliant” or “HIPAA certified”. These claims are misleading, as compliance with HIPAA and other applicable laws and regulations will depend on your particular use case and context.
Axion Communications is committed to protecting your data, including the PHI of your patients. Axion Communication’s UCaaS solutions have been designed with features to support you in complying with HIPAA, while also enabling you to make the most of your communications with patients. However, primary responsibility for compliance with HIPAA rests with you. You are responsible for your use of the Axion Communications service and for ensuring that your use of the Axion Communications service complies with HIPAA and other applicable laws.
- Taking your own steps to maintain appropriate security and privacy protections, including properly limiting access to the Axion Communications service.
- Ensuring that all communications sent through the Axion Communications service comply with the HIPAA Privacy and Security Rules, including calls, texts, faxes and email marketing messages.
- Notifying Axion Communications of any of your policies, agreements or restrictions to which you have agreed that may affect Axion Communications performance of services, and any changes in, or revocation of, permission by an individual to use or disclose PHI, to the extent that such changes may affect Axion Communications use or disclosure of PHI.
Our legal, compliance, and security teams work across the company and alongside our customers to understand and meet customer needs. Axion Communications has implemented the following safeguards to meet HIPAA requirements:
- Axion Communications has implemented administrative, technical, and physical safeguards for protecting PHI. Axion Communications regularly reviews and enhances safeguards based on risk assessments. Safeguards in place include:
- Axion Communications has established and implemented policies governing the protection and use of PHI.
- Logical and physical access controls are employed to ensure that only authorized personnel access PHI.
- Encryption of data in-transit and at rest. Axion Communications employs industry standard TLS 1.2+ and HTTPS encryption when transferring data between subscribers and Axion Communications infrastructure. All subscriber data is encrypted at rest using AES-128-bit symmetric encryption keys or better.
- Incident detection and response capability to detect and respond to security incidents and appropriately report any unauthorized access or use of PHI.
- Data is regularly backed up and replicated to geographically dispersed locations, which allows us to quickly recover and restore data and systems in the case of data corruption or loss.
- Axion Communications privacy and security safeguards are reviewed and assessed by independent advisors.
- Axion Communications has established a standard business associate agreement (BAA), which is an addendum to our standard Terms of Service. Our Terms of Service and BAA, together with our Privacy Policy, are designed to address Axion Communications commitments for protection and use of personal information and PHI, per HIPAA, and other applicable privacy laws and regulations. Axion Communications only uses your data to provide the Axion Communications service to you, except with your prior written consent or as otherwise expressly permitted under the Terms of Service or BAA.
- Axion Communications ensures that its subcontractors and personnel authorized to access PHI are bound by appropriate obligations of confidentiality or a BAA.
Below is additional information of which you should be aware and that will help you comply with HIPAA when communicating through the Axion Communications service:
Team Chat
Messages
Fax
Call Recordings
Keep in mind, Axion Communications cannot give you legal advice. Compliance with HIPAA and other applicable laws and regulations will depend on your particular use case and context. This information should not be relied upon as legal advice or to determine how legal requirements apply to your use of the Axion Communications service. Axion Communications encourages you to seek guidance from your legal counsel regarding the requirements of HIPAA and other relevant laws and regulations to ensure compliance.