Clinicians who wish to comply with the Health Insurance Portability and Accountability Act (HIPAA) guidelines on the use of telecommunications in a clinic setting must adhere to rigorous standards for such communications to be deemed compliant.
The HIPAA guidelines on using telecommunications in a clinic setting are contained within the HIPAA Security Rule and stipulate the following:
1. Only authorized users should have access to electronic protected health information (ePHI).
2. A system of secure communication should be implemented to protect the integrity of ePHI.
3. A system of monitoring communications containing ePHI should be implemented to prevent accidental or malicious breaches.
In regards to the use of RingCentral on behalf of UTHSC, a covered entity under HIPAA, those in a clinic setting or regularly accessing ePHI:
- should limit the exposure of ePHI to the RingCentral communications system
- should obtain consent to create, receive, maintain, or transmit PHI through RingCentral from the person with whom they are communicating
- should disable the RingCentral functionality that sends voicemails as an attachment to your email (NOTE: This functionality is enabled by default, so you will need to disable it.)
- should NOT access or download RingCentral messages (calls, voicemails, faxes, and text) potentially containing ePHI outside RingCentral
- should NOT enable the RingCentral functionality that sends voicemail transcriptions, faxes, and/or text messages to email
- should NOT enable call recordings nor record any calls through RingCentral
- should NOT enable email notifications for any RC message types (calls, voicemails, faxes, and text)