Need Help? Call (562) 236-4000

Vendor-Compliant Certified Explained

July 22nd, 2021
by Don Preski
0 420
Whether you work in a multi-hospital healthcare system or a private credit union, protecting patient, client and customer data is required by compliance institutions like HIPAA, NIST, and PCI. Businesses that fail to meet compliance can even be held responsible for stolen data. This may not be new news, but there is a twist that many businesses do not anticipate.

Any business that uses cloud applications to run software, transmit information, and store client data, should (and in some cases must) work with voice and data vendors who are vendor compliant certified.

Compliance Basics

Compliance regulations require healthcare and financial providers and their vendors establish three types of controls when handling custom data: administrative, physical and technical.
  • Policies and procedures are examples of administrative controls.  
  • Protecting hardware is a physical control. 
  • Implementing data encryption is an administrative control. 

Covered entities need technical vendors that offer multi-layer security frameworks with physical and technical safeguards enforced by stringent administrative policies. They should be certified compliant and offer something like a Business Associate Agreement (BAA). Thus, as a best practice, it’s a good idea to work with vendors who offer compliant solutions like MiCloud Connect, built on Google Cloud.

Vendor-Compliant Certified

The law is clear when it comes to the responsibility of third-party vendors like cloud providers providing even voice and video services to mandatory-compliant organizations. In the case of healthcare providers, 3rd party vendors are required to show proof of the following as mandated by the Guidance on HIPAA & Cloud Computing.
  • “When a covered entity engages the services of a CSP [cloud service provider] to create, receive, maintain, or transmit ePHI (such as to process and/or store ePHI), on its behalf, the CSP is a business associate under HIPAA. Further, when a business associate subcontracts with a CSP to create, receive, maintain, or transmit ePHI on its behalf, the CSP subcontractor itself is a business associate.
  • “As a result, the covered entity (or business associate) and the CSP must enter into a HIPAA-compliant business associate agreement (BAA), and the CSP is...directly liable for compliance with the applicable requirements of the HIPAA Rules.
  • “If a covered entity (or business associate) uses a CSP to maintain (e.g., to process or store) electronic protected health information (ePHI) without entering into a BAA with the CSP, the covered entity (or business associate) is in violation of the HIPAA Rules.”

The bottom line: Any vendor you choose to host the transmitting and storage of customer data must provide a BAA that spells out in detail each party’s responsibilities. The agreement can specify how the data will be used, stored, protected and transmitted; what will happen in case of a security breach or natural disaster; disposition of data at termination of contract; and any other requirements or conditions the covered entity deems important.

In addition to the BAA, clients can include provisions in a Service Level Agreement (SLA) to address compliance concerns, such as backup and data recovery. Use the SLA to specify the vendor’s security responsibilities.

Many regulatory agencies will require that both covered entities and business associates abide by the Security Rule. Even when clients control access to the data via encryption, vendors still must be compliant certified.

Mitel Connect - Vendor Compliant Certified

Mitel Connect is a certified compliant unified communications vendor enabling businesses to protect sensitive client data (on the phone, email, video, etc.) on a secure platform.  Mitel MiCloud Connect is also are:

  • Certified SOC 2 Compliant
  • Equipped with automatic data encryption in transit and while at rest
  • Proactively monitored with automated infrastructure scanning and end-to-end encryption

About KTS Networks

At the end of the day, anyone can install a telephone system. Our only mission is to present the voice and collaboration option and deliver everything you need to get the most out of that investment. Of course, we are here for any questions or issues, and we offer free training and virtual seminars to share what we know with you. Your confidence and expertise in managing your own unified communication system is our ultimate goal at KTS Networks.
Posted in Business Phone Solutions, Compliance
Tagged with Vendor Certification, Vendor Compliant, Vendor Compliant Certified

No Comments


Add Your Comment
Submit

Recent

16 Reasons to Choose KTS for Mitel/ShoreTel Phone Support
May 25th, 2023
SD-WAN Explained
January 26th, 2023
Wait! Major Considerations When Migrating from Mitel to RingCentral
September 1st, 2022
Is RingCentral the Best Solution for Mitel Customers?
July 13th, 2022
Experiencing Buyer's Remorse? Critical Questions to Ask Before You Switch Phone Systems (Again)
April 20th, 2022

Archive

 2023
 January
SD-WAN Explained
 May
16 Reasons to Choose KTS for Mitel/ShoreTel Phone Support
 2022
 January
Most Frequently Asked Mitel Connect Upgrade QuestionsAdding Business Voice to Microsoft Teams
 February
KTS Networks Adds Award-Winning Cloud Communications and Contact Center Platform to its Portfolio
 March
Why Migrate Voice and Collaboration to the Cloud? Hybrid Communication Alternative
 April
100% Managed Business Phone System - Why or Why Not?Experiencing Buyer's Remorse? Critical Questions to Ask Before You Switch Phone Systems (Again)
 July
Is RingCentral the Best Solution for Mitel Customers?
 September
Wait! Major Considerations When Migrating from Mitel to RingCentral
 2021
 February
KTS Networks and Maya Global Solutions Announce Strategic Partnership
 March
3 Use Cases When Touchless Tech Improves Customer Experience
 April
New Phone Technology - Prevents Virus & Bacteria Spread by 99.9%
 June
Communication Challenges Across Multiple Locations from an IT Director Perspective
 July
Get that Voice Monkey Off My Back!Vendor-Compliant Certified Explained
 August
Top 5 Mitel Connect Feature Time Savers
 December
Rewinding the Mitel Announcement to Partner with Ring CentralCustomer Loyalty Hinges on Exceptional Service Delivered Remote
 2020
 November
4 Common Business Communications Challenges – And How to Remove Those Barriers with Cloud UCOvercoming the 3 Fears of Not Managing Your Own Infrastructure
 December
In a pandemic, Business Videoconferencing Keeps It Personal

Categories

8x8 Cloud Voice
8x8 Communications
Advanced Phone Equipment
Business Phone Solutions
Cloud Communication
Cloud-based Business Voice
Compliance
Contact Center
Hybrid Phone Systems
MiCloud Connect
Mitel / ShoreTel Support
Mitel / ShoreTel Upgrade
Mitel Connect
Mitel Flex
MiVoice Connect
Press Release
RingCentral
SD-WAN
Tax Deduction
Tipsy Tech

Tags

8x8 Anit-COVID Technology BioCote Phones Business Communication Cloud Communication Cloud Phones Colo Data Center Flex Hybrid KTS Data Center Medical MiCloud Connect MiCloud MiVoice Business Subscription Mitel - Ring Central Mitel 6920 Mitel 6930 Mitel Announcement Mitel Connect Flex Mitel Connect Upgrade Mitel Connect Mitel Flex Mitel Subscription Mitel Support Mitel Upgrade Mitel New way of work Remote Work RingCentral Migration ShoreTel 14.2 Upgrade ShoreTel Support ShoreTel Upgrade ShoreTel Subscription Service Tax Tipsy Tech UCaaS Vendor Certification Vendor Compliant Certified Vendor Compliant Video Conferencing cloud hybrid business systems hybrid cloud hybrid phones write-off