In the exercise of providing services to healthcare customers, LinkedIP and all its solutions including Foncentrix and XCALLY along with all its add-ons enable HIPAA compliance to covered entities. In provisioning and operating LinkedIP’s unified and omni-channel communication solutions LinkedIP complies with the provisions of HIPAA Security Rule that are required and applicable to it in its capacity as a business associate.
LinkedIP is responsible for enforcing the administrative, technical and physical safeguards to prevent any unauthorized access to or disclosure of protected health information (PHI) in Foncentrix and XCALLY environments.
The following table demonstrates how LinkedIP supports HIPAA compliance based on the HIPAA Security Rule published in the Federal Register on February 20, 2003 (45 CFR Parts 160, 163 and Health Insurance Reform: Security Standards; Final Rule).
HIPAA Standard |
How LinkedIP Supports the Standard? |
Access Control |
|
Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to authorized persons or software.
Unique User Identification: Assign a unique name and/or number for identifying and tracking user identity.
Emergency Access Procedure: Establish (and implement as needed) procedures for obtaining necessary electronic health information during an emergency.
Automatic logout: Implement electronic procedures that terminate an electronic session. After a predetermined time of inactivity.
Encryption and Decryption: Implement a mechanism to encrypt and decrypt electronic protected health information. |
All the data traversing our cloud is encrypted at the application layer using Advanced Encryption Standards (AES).
Multi-layer access control for owner, admin and members.
Web and application access are protected by verified email address and password with multi factor authentication mechanisms.
Customers do not share a public cloud. Customers are deployed on private, exclusive and dedicated instances.
Customers may opt for additional redundancy and distributed architecture to obtain a higher level of availability and redundancy.
Customers may select a data center region for data in motion. Calls and video are encrypted. |
Audit Controls |
|
Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use protected health information. |
Data in motion traverse Foncentrix and XCALLY secured and distributed architecture.
Platform connections and activity are logged for quality of service and audit purposes.
Account admins have secured access to manage agents, users and supervisors. |
Integrity |
|
Implement policies and procedures to protect electronic health information from Improper alteration or destruction |
Multilayer integration protection is designed to protect both data and service layers.
Controls are in place to protect and encrypt voice calls and messages. |
Integrity Mechanism |
|
Mechanism to authenticate electronic protected health information.
Implemented methods to corroborate that information has not been destroyed or altered. |
Web and application access are protected by verified email address and password.
Data connections leverage TLS 1.2 encryption and PKI Certificates issued by a trusted commercial certificate authority. |
Person or Entity Authentication |
|
Verify that the person or entity seeking access is the one claimed. |
Web and application access are protected by verified email and password.
Multifactor Authentication (MFA) allows for user verification. |
Transmission Security |
|
Protect electronic health information that is stored on the platform.
Integrity controls: Ensure that protected health information is not improperly modified without detection. Encryption: Encrypt protected health information. |
Foncentrix and XCALLY employ 256-bit AES-GCM for data to protect health information. Recordings are encrypted. End to end encryption. |
Comments
0 comments
Please sign in to leave a comment.