Table of Contents
HIPAA COMPLIANCE
A phone system or service is neither HIPAA compliant or not. Like all of your medical office equipment: Policy, procedure, and usage defines it's compliance. Ring-u's Hello Hub and Secure VoIP service is specifically designed and implemented to make HIPAA compliance practical.
Ring-u is neither claiming HIPPA compliance, not denying that it is HIPPA compliant. Such compliance is a mix of technologies that ring-u can control, and procedures and usage that ring-u can not control.
As with our upstream provider, it is our position that we fall under a “conduit exception” as further detailed here: https://support.telnyx.com/en/articles/3347891-hipaa-baas-and-the-conduit-exception
Secure Communications
All VoIP traffic is encoded and encrypted as far in and out of the call as possible. The other end of the call may not be. A call to a standard “POTS” line or mobile telephone will not be encrypted on it's end. Ring-u and it's upstream partner providers use the SRTP (Secure Real Time Protocol) and TLS (Transport Layer Security) protocols for all calls from the Hello Hub to the external networks.
Local Storage
Other than call detail records (CDR) used for billing, ring-u and it's upstream providers do not store any data. Ring-u and its upstream providers do not record phone calls, store faxes, or store voicemail on their systems.
All confidential patient and business data is stored on the Hello Hub at your facility.
If a USB drive is attached, all recorded calls, voicemails, and faxes are stored on the USB drive.
Ring-u staff does not have access to that data at your location.
Voicemail/Fax to E-mail
If the Hello Hub is configured to convert voicemail and faxes to email, the Hello Hub will transport those emails using TLS (Transport Layer Security) v 1.2 to the receiving mail server. If your email server is considered HIPAA compliant, this function is also HIPAA compatible.
If your email server is not using TLS 1.2, or you are not sure, do not configure your Hello Hub to send voicemails or fax via email.
They can be retrieved locally via the phone.
Access/Audit Logs
The ring-u control interface logs all access and what a client does when logged in. These logs are available via the reporting interface. It is the client's responsibility to check those logs and make sure the system access is apropos to the client's policies and procedures.
Addressing Lore
There is no reason VoIP is or is not HIPAA compliant. It is at least as secure as a “POTS” (Plain Old Telephone Service) or any digital (T1/PRI/ISDN) delivery method, and in most cases VoIP is much more secure. This is false lore spread by non-VoIP providers. In 2019+, almost all phone traffic is packetized, digitized, and VoIP in transport over the public internet at some point.
When using a ring-u Hello Hub, all calls in and out of your location are encrypted and spread over random ports. Your end of the connection is as secure as we can make it, and while not impossible to tap, it is much more secure than the typical analog or digital/VoIP phone system. The other end of any phone call is beyond our control.
Fax is not expressly HIPAA compliant. Fax is a 150+ year old analog protocol that on an analog phone line can be recorded, tapped and replayed. Doing fax over VoIP using SRTP and TLS-encrypted T38 digital transport makes it as secure as practical, as far as possible. The other end may be using plain old phone lines.
Password controlled PDF's, encrypted emails and secure web interfaces are much more secure and practical.
If your location has a JCAHO, HHS, or other audit, ring-u staff will gladly assist you with answering your auditor(s)' questions.
References
note - If you have specific questions, please ask. We'd love to help, and if there is a way we can address the technology issues for better HIPPA compliance, we will.