[VoiceOps] HIPAA compliance

Jay Hennigan jay at west.net
Wed Jun 25 00:06:38 EDT 2014


On 6/24/14 8:17 PM, Ujjval Karihaloo wrote:
> Hi Team Voiceops:
> 
>    What is needed for an ITSP to be HIPPA complaint? Sounds like a
> really dark grey area!
> 
> Interesting Article here:
> http://www.linkedin.com/groups/Recommended-HIPAA-Compliant-VoIP-Services-2246364.S.173100271

A lot of this is form-over-substance.  It is far easier to tap an
old-fashioned analog POTS line than to intercept a specific RTP stream
on the fly, but as soon as "The Internet" is mentioned then there's a
panic.

Imagine this (true story):

Specification written for a web-based system for sending messages to
pagers worn by doctors.  Pages and pages about VPN, SSL, triple-DES,
certificates, etc.  When the message is delivered with high-level
encryption and security to the paging terminal, it is then decrypted and
*broadcast over the radio* state-wide in plain text to the pager on the
doctor's belt.

But the transmission over the Internet absolutely positively had to be
ultra-secure against eavesdroppers.

--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV


More information about the VoiceOps mailing list