Intermedia is a cloud communications company that helps organizations connect better through voice, video conferencing, and chat. Many healthcare organizations use these solutions to communicate with employees, patients, and other healthcare providers. However, to do so, they need to work with companies that are HIPAA compliant.
In the healthcare industry, sensitive protected health information (PHI) must be safeguarded under HIPAA. A major part of this compliance is working with vendors who will sign a business associate agreement (BAA) and ensure the security of PHI. Intermedia says it is willing to sign a BAA with its customers and can be used as a HIPAA compliant hosting solution.
What is Intermedia?
Intermedia is considered a one-stop shop for organizations that want to connect more effectively to customers, employees, and other organizations. The company provides intelligent tools for organizations to stay better informed, connected, and productive. Communication, workforce optimization, file sharing, and file backup work together in a single application to provide a seamless solution and a more secure platform.
For healthcare organizations, that means managing appointments, patient data, and behind-the-scenes needs in one location. HIPAA compliant hosting caters specifically to healthcare organizations by ensuring compliance and safeguarding PHI.
LEARN ABOUT: What is HIPAA compliant hosting?
Is Intermedia a business associate?
HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates (i.e., vendors) of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
A BAA is a written contract between a covered entity and a business associate. It outlines the responsibilities and obligations of each party regarding the handling of PHI. Typical provisions within a BAA include:
- Permitted uses and disclosures of PHI
- Safeguards for protecting PHI
- Reporting and mitigation of security incidents
- Compliance with HIPAA regulations
- Dispute resolution and termination clauses
The agreement is required by law for HIPAA compliance and is considered the primary item to consider when it comes to Intermedia and its ability to be HIPAA compliant. Intermedia is a business associate of a healthcare organization if it is storing, processing, or transmitting PHI on or through its platform.
RELATED: How to know if you're a business associate
Intermedia and the BAA
Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA. We checked the Intermedia website in 2019 for mention of a BAA and found a web page about HIPAA compliance. The web page is still available and still states that the company will sign a BAA upon request.
The BAA covers PHI stored in Intermedia systems for all provided Office in the Cloud services.
Intermedia, cloud hosting, and data security
While HIPAA doesn't explicitly mention cloud services, it does impose rules for protecting sensitive patient data. In 2023, we created a HIPAA compliant checklist for cloud services to address its increasing use within healthcare. The cloud offers flexibility and convenience but also increases an organization's attack surface. Many cloud tools are available, but not all meet HIPAA requirements of encryption, data backup, and access controls.
The Intermedia HIPAA web page provides four important questions that healthcare organizations should ask any cloud provider. Besides a BAA, the questions focus on risk analysis and audits as well as HIPAA compliant services. According to the page, Intermedia’s services “are designed to meet the privacy and security requirements for [PHI]. Our policies, procedures, technologies and services are audited by a third-party to validate conformance with HIPAA privacy and security requirements.”
In a HIPAA whitepaper, Intermedia further states that it offers strong access controls on email and voice services, automatic scanning, encryption, backup, tracking and reporting, and archiving, along with the BAA.
Is Intermedia HIPAA compliant?
The BAA is a necessary component of HIPAA compliance and Intermedia will sign a BAA if one is requested.
Conclusion: Intermedia can be used as a HIPAA compliant hosting solution.
Understanding HIPAA compliance
Healthcare providers know that clear and efficient communication with patients is necessary to run a successful practice. When evaluating a platform’s HIPAA compliance, especially on the cloud, consider the following security needs beyond a BAA:
- Technical safeguards: Mitigate risks associated with cyber threats, hacking, malware, and other security incidents with strong technical safeguards. Such tools as perimeter defenses (e.g., firewalls) and HIPAA compliant email are equally vital for extra protection.
- Employee training: Ensure all staff members have up-to-date knowledge of HIPAA regulations and best practices. Regular training sessions can help prevent unintentional, employee-related breaches.
- Regular audits: Perform periodic assessments of all systems and processes to ensure that they remain compliant. Adapt to any changes in regulations or technology.
- Data access controls: Implement stringent controls, such as multifactor authentication, on who can access PHI and under what circumstances.
Kapua Iao
