ChannelVision Magazine

By Joel Maloff In 2016 (the most recent numbers available), healthcare spending in the United States was $3.3 trillion – nearly 18 percent of our country’s gross domestic product (GDP), ac- cording to the Centers for Medicare and Medicaid Services. To cash in on this huge opportunity, however, communica- tions services must comply with Federal regulations covered by HIPAA and HITECH. Partnering with a voice and video solutions service provider that has invested the time and effort to become HIPAA compliant can speed your time to market and generate immediate returns. Some have asked why voice or video services even need to be HIPAA compliant. After all, we are a phone company or service provider. We never interact with the patients of our medical customers. That is actually not true. There are a few definitions that must first be clarified. Firstly, protected health information (PHI) is anything that can identify someone but moreover their diagnoses, treatments, etc. Medical professionals create PHI via their charts and records, examinations, pre- scriptions, notes, and even communications with patients. These professionals are referred to as covered entities (CE) because they are covered by HIPAA requirements. Organizations that work with CEs, do not create PHI but may be exposed to PHI are referred to as business associ- ates (BA). Business associates also are covered under HIPAA requirements and, along with the covered entity, may also be responsible for breaches of PHI, and therefore are subject to substantial fines for failing to comply. So, where does a VoIP company handle PHI? Voice- mails, voicemail to e-mail, fax, SMS text messaging – all of these can potentially contain PHI when they are “at rest” within the company’s servers. HIPAA requirements include ensuring that all such information is both encrypted and secured via stringent access controls and access logging. The effort required to becoming fully HIPAA compliant (there is no formal certification process today) is substan- tial. It requires fully evaluating all technical systems and ensuring that they are properly protected. It involves train- ing every employee on the policies, processes and pro- cedures that are part of HIPAA and HITECH. It involves having a clearly defined role of responsibility for ensuring compliance and renewing each area annually. Despite the vast size of the healthcare marketplace in the United States, it is made up of many subsegments. Some of these – such as large hospitals, clinics, nursing homes or research facilities – may be of interest to MSPs and other channel sales teams because of their size and complexity. VoIP may not have been considered by these customers because it was not thought to be HIPAA com- pliant. With the right partner, that is no longer an issue. On the other side, there are many smaller healthcare- related practices that have simply accepted that they will be paying for landlines. They do not know VoIP and pre- sume it is not viable for them. These include dentists, chi- ropractors, mental health professionals, family medicine and many more. Are these a viable target for you? Healthcare is huge marketplace that is only now becoming aware of unified communications, video and other enhanced communications services. Channel partners and MSPs that want to focus on this market will either need to become fully HIPAA compliant themselves or partner with a voice and video service provider that has already taken that step. The choice is yours. The opportunity is real. o Joel Maloff is senior vice president/chief compliance officer for Phone.com. He can be reached at jmaloff@phone.com. TheHIPAA Opportunity C hannel partners and managed solutions providers (MSPs), as with all organizations focused on sales, are always looking for new ways to grow revenue without significant and unbudgeted expenses. Cashing in on the healthcare communications marketplace Core Communications Channel Vision | March - April, 2018 10