User Responsibility in Using RingCentral in a HIPAA-Compliant Manner in a Clinic Setting

Clinicians who wish to comply with the Health Insurance Portability and Accountability Act (HIPAA) guidelines on the use of telecommunications in a clinic setting must adhere to rigorous standards for such communications to be deemed compliant.

The HIPAA guidelines on using telecommunications in a clinic setting are contained within the HIPAA Security Rule and stipulate the following:

1. Only authorized users should have access to electronic protected health information (ePHI).
2. A system of secure communication should be implemented to protect the integrity of ePHI.
3. A system of monitoring communications containing ePHI should be implemented to prevent accidental or malicious breaches.

In regards to the use of RingCentral on behalf of UTHSC, a covered entity under HIPAA, those in a clinic setting or regularly accessing ePHI:

  • should limit the exposure of ePHI to the RingCentral communications system
  • should obtain consent to create, receive, maintain, or transmit PHI through RingCentral from the person with whom they are communicating
  • should disable the RingCentral functionality that sends voicemails as an attachment to your email (NOTE: This functionality is enabled by default, so you will need to disable it.)
  • should NOT access or download RingCentral messages (calls, voicemails, faxes, and text) potentially containing ePHI outside RingCentral
  • should NOT enable the RingCentral functionality that sends voicemail transcriptions, faxes, and/or text messages to email
  • should NOT enable call recordings nor record any calls through RingCentral
  • should NOT enable email notifications for any RC message types (calls, voicemails, faxes, and text)


Article ID: 140532
Mon 7/18/22 12:37 PM
Mon 8/22/22 8:37 AM