Guide to SafeCall Products and HIPAA Compliance

As a provider of Unified Communications as a Service (UCaaS) and Contact Center as a Service (CCaaS) solutions, there are responsibilities involved in providing these services to customers who are required to comply with HIPAA regulations.

What does HIPAA compliance have to do with SafeCall products and services? SafeCall, Inc. provides UCaaS and CCaaS services that can be used to transmit or store electronic protected healthcare information (ePHI). By HIPAA regulations, this sensitive data needs to be safeguarded. Therefore, anyone offering services that transmit or hold this data must be aware of their responsibility and liability in this matter.

Are SafeCall products HIPAA compliant? To ensure our products best support businesses who need to maintain HIPAA compliance, SafeCall, Inc.’s back end provider, Coredial has partnered with an outside company, Layer 8 Security, to conduct regular HIPAA audits and reviews, and to aid in our ability to comply with HIPAA rules and requirements. Upon request SafeCall will provide our customers with Layer 8 Security’s Letter of Attestation as evidence of Coredial and SafeCall’s ongoing HIPAA compliance.

What is a Business Associates Agreement (BAA), and why might I need this? A BAA, or Business Associates Agreement, is a legal document that defines the relationship around the risk shared between SafeCall, the provider of services, and you as a customer that requires HIPAA compliance. A signed BAA may be required with a customer requiring HIPAA compliance. As defined by the US Department of Health and Human Resources, “A “business associate” is a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information. A “business associate” also is a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another business associate.” You can learn more about Business Associate Agreements here: www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.html

Roles and Responsibilities The customer and SafeCall must both do their part to ensure users of SafeCall’s UCaaS and CCaaS services are appropriately protected. These are the roles and responsibilities of each party.

Customer

Ensure the processes by which their employees do work, and how they store ePHI data, meets HIPAA requirements. Pass routine HIPAA Compliance audits deemed necessary by regulators, or by contractual obligations.

SafeCall, Inc.

Ensure that SafeCall and our vendors (referred to as subcontractors) meet HIPAA compliance standards deemed necessary by regulators, or by contractual obligations. If requested, sign a BAA with HIPAA compliant customers showing SafeCall, Inc. will also act responsibly with sensitive data.

Ensure services are constructed and secured in a manner consistent with HHS guidelines in order to properly support businesses who must maintain HIPAA Compliance.

Undergo regular reviews of practices, policies and network infrastructure by a third-party entity and earn a Letter of Attestation stating good standing as it pertains to compliance with HIPAA regulations. Coredial letter of Attestation will be provided upon request.