support wiki

helpful humans at 423-456-6700

User Tools

Site Tools


Sidebar

System Setup
Getting Started
Setup Wizard
Porting Numbers
Caller ID
Special Projects

Networking
Network Introduction
Recommended Equipment
Ideal Network Setup
Firewall/Network Configuration
  Routers That Should Not Be Used
Switches
Ubiquiti ER X Configs
How To Disable SIP ALG
Networking Disasters
OpenVPN on Grandstream Phones
Port Forwarding / External Remote Phones

Customer Admin Portal
Login
Dashboard
Coms
  Fax
  SMS/Text
  E-Mail
Configuration
  Basic Mode
  Extensions-Adding
  Extensions-Function
  Groups
  Receptionists
  Schedule
  Hold Music
  Advanced Mode
  PA Ring Tone
  Recordings
  Keys
  Tricks
My Services
  Numbers
  Lines
  International Calling
  e911
  Conference
  Backup
  Call Recordings
  Phonebook
My Account
  Overview
  Account Info
  Options
  Payment
  Wallet
  Reports

Functions & Advanced Features
Schedule Override
External Storage: USB
Hold vs Park
Hunt Groups
Paging
Line Emulation
Relay/Door/Alarm Control
Feature Code List
Voicemail
Grandstream Wave
Zoiper

Hardware
Hello Hub V2
Hello Hub Nano - Cloud Connector
Supported Phones (Auto-Config)
Grandstream HT801/802 Tricks
Pairing Instructions for DP750/752
Grandstream WP820
PA Speaker (SIP) Configuration

Deprecated
Hello Hub V1
Hello Hub V1 Battery Removal
Manual Config Phones

Advanced
Troubleshooting
Reliability
Switching Loops
Email Notes

Policies
Payment Policy
Cancellation

System Variants
System & Hardware Variants

Required
Terms and Conditions
Software Licensing

Useful
Blog and Rants
HIPAA
Recording Phone Calls & Conversations

Menu

hipaa

HIPAA COMPLIANCE

A phone system or service is neither HIPAA compliant or not. Like all of your medical office equipment: Policy, procedure, and usage defines it's compliance. Ring-u's Hello Hub and Secure VoIP service is specifically designed and implemented to make HIPAA compliance practical.
Ring-u is neither claiming HIPPA compliance, not denying that it is HIPPA compliant. Such compliance is a mix of technologies that ring-u can control, and procedures and usage that ring-u can not control.

Secure Communications

All VoIP traffic is encoded and encrypted as far in and out of the call as possible. The other end of the call may not be. A call to a standard “POTS” line or mobile telephone will not be encrypted on it's end. Ring-u and it's upstream partner providers use the SRTP (Secure Real Time Protocol) and TLS (Transport Layer Security) protocols for all calls from the Hello Hub to the external networks.

Local Storage

Other than call detail records (CDR) used for billing, ring-u and it's upstream providers do not store any data. Ring-u and its upstream providers do not record phone calls, store faxes, or store voicemail on their systems.
All confidential patient and business data is stored on the Hello Hub at your facility.
If a USB drive is attached, all recorded calls, voicemails, and faxes are stored on the USB drive.
Ring-u staff does not have access to that data at your location.

Voicemail/Fax to E-mail

If the Hello Hub is configured to convert voicemail and faxes to email, the Hello Hub will transport those emails using TLS (Transport Layer Security) v 1.2 to the receiving mail server. If your email server is considered HIPAA compliant, this function is also HIPAA compatible.
If your email server is not using TLS 1.2, or you are not sure, do not configure your Hello Hub to send voicemails or fax via email.
They can be retrieved locally via the phone.

Access/Audit Logs

The ring-u control interface logs all access and what a client does when logged in. These logs are available via the reporting interface. It is the client's responsibility to check those logs and make sure the system access is apropos to the client's policies and procedures.

Addressing Lore

There is no reason VoIP is or is not HIPAA compliant. It is at least as secure as a “POTS” (Plain Old Telephone Service) or any digital (T1/PRI/ISDN) delivery method, and in most cases VoIP is much more secure. This is false lore spread by non-VoIP providers. In 2019+, almost all phone traffic is packetized, digitized, and VoIP in transport over the public internet at some point.

When using a ring-u Hello Hub, all calls in and out of your location are encrypted and spread over random ports. Your end of the connection is as secure as we can make it, and while not impossible to tap, it is much more secure than the typical analog or digital/VoIP phone system. The other end of any phone call is beyond our control.

Fax is not expressly HIPAA compliant. Fax is a 150+ year old analog protocol that on an analog phone line can be recorded, tapped and replayed. Doing fax over VoIP using SRTP and TLS-encrypted T38 digital transport makes it as secure as practical, as far as possible. The other end may be using plain old phone lines.
Password controlled PDF's, encrypted emails and secure web interfaces are much more secure and practical.
If your location has a JCAHO, HHS, or other audit, ring-u staff will gladly assist you with answering your auditor(s)' questions.

References

note - If you have specific questions, please ask. We'd love to help, and if there is a way we can address the technology issues for better HIPPA compliance, we will.

hipaa.txt · Last modified: 2022/06/13 14:44 by jim