VoIP Phones and HIPAA Compliance

hippa_complianceMany years ago, the federal government issued guidance that clarified that traditional analog phone systems are NOT subject to the HIPAA Security rule provisions.

So, what about your VoIP phone system? Many companies, schools and government agencies have moved to VoIP service. It is estimated that by 2017 that more than 50% of the calls that will be make in the United States will be over a VoIP based system.  VoIP is a method for taking analog audio signals and turning them into digital data that can be transmitted over the internet instead of traditional analog phone lines. Does patient information stored and processed by these phone systems constitute electronic Protected Health Information?

By definition, electronic Patient Health Information (ePHI) is data which is transmitted or maintained on electronic media. Electronic media is defined as either:

  1. Electronic storage material, which includes, for example, computer hard drives, or
  2. Transmission media, which includes, for example, the internet.

Read more