inContact has many customers in the health care industry and the health care industry has many applications for contact centers. Consequently, I often get questions about HIPAA compliance and inContact.
HIPAA stands for the Health Insurance Portability & Accountability Act of 1996. It is designed to protect the privacy rights of individuals with regard to their confidential medical records and it imposes rules regarding the dissemination and transmittal of personal patient information and, as is the case for all regulations, failure to comply with HIPAA policies or breaches in customer data security, can be expensive for all parties.
What entities need to be HIPAA compliant?
According to the U.S. Department of Health & Human Services. HIPAA applies to any entity that is:
- a health care provider that conducts certain transactions in electronic form (called here a "covered health care provider")
- a health care clearinghouse
- a health plan
Because inContact is not a health care provider, a health plan or a health care clearinghouse, inContact is not directly subject to HIPAA. That is why you will not find anything on our web site that says we are HIPAA certified. Even though inContact is not subject to HIPAA, we understand that HIPAA compliance is critical to those in the health care industry, and as a partner in providing contact center services, inContact has the tools a business needs to develop HIPAA compliant call center solutions. Let’s talk a little about how inContact can provide “reasonable safeguards” in the following categories:
Administrative: inContact maintains appropriate and necessary policies on Privacy, Ethics, and Computer Network Security as well as security awareness and Customer Network Proprietary Information (CPNI) training.
Physical: inContact maintains a SAS70 on its network data centers that attests to the controls we have in place to ensure the security and operational integrity of our data centers.
Technical: inContact has a host of application tools that enable our customers to build safe, reliable contact center solutions. They include roles based access controls, encryption of data transmissions and a powerful scripting language to collect, transfer and process customer data without the need to store it within the inContact system, thereby minimizing the storage footprint of sensitive information. HIPAA compliance is not a trivial process, and with inContact, you will have the tools to solve your contact center problems and keep your customers' personal health information safe. We have many customers in the health care industry using our solution to handle their contact center needs and we have a skilled Professional Services team that can build and implement solutions that will keep your calls flowing and your customers safe.