User Responsibility in Using RingCentral in a HIPAA-Compliant Manner in a Clinic Setting

Summary

Rules to follow to ensure HIPAA compliance when communicating via RingCentral in a clinic setting

Body

Clinicians who wish to comply with the Health Insurance Portability and Accountability Act (HIPAA) guidelines on the use of telecommunications in a clinic setting must adhere to rigorous standards for such communications to be deemed compliant.

The HIPAA guidelines on using telecommunications in a clinic setting are contained within the HIPAA Security Rule and stipulate the following:

1. Only authorized users should have access to electronic protected health information (ePHI).
2. A system of secure communication should be implemented to protect the integrity of ePHI.
3. A system of monitoring communications containing ePHI should be implemented to prevent accidental or malicious breaches.

In regards to the use of RingCentral on behalf of UTHSC, a covered entity under HIPAA, those in a clinic setting or regularly accessing ePHI:

  • should limit the exposure of ePHI to the RingCentral communications system
  • should obtain consent to create, receive, maintain, or transmit PHI through RingCentral from the person with whom they are communicating
  • should disable the RingCentral functionality that sends voicemails as an attachment to your email (NOTE: This functionality is enabled by default, so you will need to disable it.)
  • should NOT access or download RingCentral messages (calls, voicemails, faxes, and text) potentially containing ePHI outside RingCentral
  • should NOT enable the RingCentral functionality that sends voicemail transcriptions, faxes, and/or text messages to email
  • should NOT enable call recordings nor record any calls through RingCentral
  • should NOT enable email notifications for any RC message types (calls, voicemails, faxes, and text)

Details

Details

Article ID: 140532
Created
Mon 7/18/22 1:37 PM
Modified
Tue 11/26/24 11:32 AM