Is Grasshopper HIPAA Compliant?
Grasshopper is not HIPAA compliant because its virtual phone system communicates with users’ devices via existing communication services over which Grasshopper has no control. Consequently, Grasshopper is unable to comply with the Security Rule standards necessary to provide a HIPAA compliant service as a business associate.
Grasshopper is a vendor of virtual phone numbers that individuals and businesses can use to add a second phone number to an existing device or to operate a separate phone number from a desktop app. Grasshopper can be a really useful service for professionals constantly on the move or who require a second phone number to isolate business communications from personal communications.
With regards to using Grasshopper in the healthcare industry, phone calls made and received via a virtual phone system are permitted by the HIPAA Privacy Rule subject to certain conditions and provided they comply with FCC Guidelines. These include phones call in which Protected Health Information (PHI) is disclosed if the recipient of the phone call has given their consent to be contacted by phone.
However, because the Grasshopper service also includes text messaging, an electronic fax service, and “read your voicemail” capabilities, it would have to comply with the HIPAA Security Rule if it is used to receive, maintain, or transmit PHI electronically. Because of the way in which Grasshopper works, it is not possible for the service to comply with the Security Rule standards necessary to provide a HIPAA compliant service.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
How the Grasshopper Virtual Phone System Works
The Grasshopper virtual phone system works by providing customers with a virtual phone number. Incoming phone calls, texts, faxes, voicemails, etc. to the virtual phone number are received by Grasshopper and forwarded to the customer via the customer’s existing cellular service. The virtual number also has a call forwarding capability that enables customers to route incoming communications to another team member via the cellular service.
Alternatively, if a customer downloads a mobile app and activates the Wi-Fi calling service, communications are sent and received by the device’s mobile network. If a customer downloads the desktop app, communications are sent and received via a VoIP service using the customer’s Internet service. It is necessary to understand how Grasshopper works to appreciate why it is not possible to make Grasshopper HIPAA compliant.
Why is it Not Possible to Make Grasshopper HIPAA Compliant?
It is not possible to make Grasshopper HIPAA compliant because the service uses customers’ existing communication services to connect to virtual phone numbers. In order for Grasshopper to be HIPAA compliant, it would be necessary for each of the existing communication services to be HIPAA compliant and for Grasshopper to enter into a Business Associate Agreement with each one.
As this is not feasible because many cellular, mobile, and VoIP are not HIPAA compliant, Grasshopper refers individuals and businesses looking for a HIPAA compliant alternative to its parent company GoTo.com. GoTo.com does not offer a virtual phone service identical to Grasshopper because its cloud phone service only works through mobile and desktop apps (i.e., not cellular connections).
However, the GoToConnect and GoToMeeting services both support HIPAA compliance subject to the services being configured in compliance with the Security Rule and a Business Associate Agreement being in place. Individuals and business looking for more information about these services and how they comply with HIPAA are advised to review GoTo’s Healthcare web page or speak with an independent compliance advisor.
