HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

How Phone.com Started as a HIPAA Business Associate

Getting started as a business associate and entering into the healthcare sphere can be a major challenge, but the potential rewards are considerable, as Phone.com discovered.

Breaking into the Healthcare Industry

Companies that provide services and products to healthcare clients that require contact with protected health information (PHI) are considered business associates under Health Insurance Portability and Accountability Act (HIPAA) Rules. As such, they must implement policies and procedures to ensure they comply with HIPAA Rules, sign business associate agreements with HIPAA-covered entities, and need to ensure safeguards are implemented to ensure the confidentiality, integrity, and availability of any ePHI that they are provided with.

For many businesses, having to comply with HIPAA stops them from expanding into this potentially very lucrative market. Not only is it necessary to commit resources to compliance, any failures could result in a considerable financial penalty. The HHS’ Office for Civil Rights has recently confirmed that there are 10 aspects of HIPAA Rules which can, if violated by a business associate, result in a financial penalty.

Benefits of HIPAA Compliance for Vendors

While the healthcare industry is one of the fastest growing markets in the United States, and with so many medical specialties and sub-verticals, it is easy for companies to find a niche in which to operate and thrive.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

One company that made the decision to develop a HIPAA compliance program to enable it to expand into the healthcare market is Phone.com, a provider of collaborative VOIP services for small businesses.

While the potential for growth in the healthcare sector was appreciated, when Phone.com started its HIPAA compliance program the extent to which the company would grow as a result was majorly underestimated.

Since becoming HIPAA compliant 18 month ago, the company has signed more than 700 business associate agreements with HIPAA covered entities and a large percentage of those clients are entirely new to Phone.com.

Not only has becoming HIPAA compliant allowed Phone.com to work directly with healthcare companies, it has also allowed the company to work with business associates of HIPAA-covered entities.

“Our success and responsiveness with health care vendors is well beyond what I expected. There is a real need for HIPAA compliant vendors in the market today – it’s a strong and concrete differentiator,” said Joel Maloff, SVP of Strategic Alliances and Chief Compliance Officer at Phone.com.

Assistance with HIPAA Compliance

Phone.com’s HIPAA compliance journey was aided by The Compliancy Group, offers compliance coaches to guide businesses through all requirements of HIPAA and provides solutions that include HIPAA policies and procedures, business associate agreements, risk analysis assistance, verification of compliance, and HIPAA audit support.

“When we first considered if we should become HIPAA compliant, one of the first things we did was a simple search through our existing clients who could potentially be in health care or touch health care data. We found 600 in our database alone, and that became a huge driver for seeking out Compliancy Group’s help,” explained Maloff. “Compliancy Group gives us the flexibility to execute BAAs that competitors simply don’t have the time or capacity to complete. We’ve been able to directly attribute substantial growth in monthly recurring revenue (MRR) to just Compliancy Group’s BAAs alone.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.