We have taken the necessary steps to ensure that our policies and procedures for data handling meet HIPAA standards. If you need a HIPAA compliant service, first, contact us for the account setup. Once we set up the account, you will then have to configure your Comm100 account as below:
Only agents from authorized IP or IP range can access Control Panel and Agent Console. Enable this from My Account>Security> IP Restriction.
If agents are inactive, meaning they don’t have any mouse or keyboard input for a certain time, system will automatically sign them out of the Agent Console. This is to prevent unwanted access when the App is left open on a device. Set this for each your agents on the Agent Console Preference> General>
After switching off the Send Transcription option on visitor side, visitors will lose the access to request for chat transcript being sent to their email address(es).
There are some features that your team can use, but they are not HIPAA compliant. To ensure your account abides by the HIPAA standards, advise your team against using them or use only after proper configuration.
Agent Chat enables agents to have 1-1 chats with each other. Although the chat communication is among your team, not your clients, we are not able to avoid agents sharing any PHI information in it.
Social and SMS allow your visitors to reach you via channels of Facebook, Twitter, WeChat and SMS. This feature requires you to integrate your Social or SMS accounts with Comm100 system. Comm100 implemented security & privacy controls to ensure all the systems meet HIPAA compliance requirements. But the fact is that, for an SMS to be HIPAA compliant, both the sender and the recipient should be authorized users of a secure messaging system which enables them to access and transmit ePHI as required. However, currently, almost all SMS messaging platforms aren’t HIPAA Compliant. Most SMS messages are not encrypted, can’t be recalled when delivered to the incorrect recipient, and maybe intercepted when using public or open Wi-Fi networks. The same reasons apply to Facebook, Twitter and WeChat.
Co-browsing allows you to view and interact with your visitor’s web browser in real-time. To guarantee the security and privacy of PHI, any PHI on the visitor’s browser required to be masked. Contact us so that we could help mask the data.
Ticket system provides you with a convenient way of client communication. This service requires you to integrate email accounts with Comm100 system. Communications between you and your clients are done by emails which may contain ePHI. For each email, it may cross the Internet multiple times and it’s stored on at least four different machines (sender’s workstation, sender’s email server, recipient’s email server and recipient’s workstation), which makes it quite difficult to properly secure it.
Generally, free and internet-based webmail services (Gmail, Hotmail, AOL) are not secure for the transmission of ePHI, so you should not use these services. You should use business email platforms like G Suite and Office 365. If you are determined to use an internet-based email service, ensure to sign a BAA with them. For your recipients, only if they confirm that they want the unencrypted email (after you inform them their email client may not be secure), you can send it via a secure email service.