View all news

8x8 Sends HIPAA Compliance Reminder to Healthcare Providers and Business Associates in Support of National Health IT Week

Sep 16, 2014

Over 400 Covered Entities Now Benefit From 8x8's HIPAA Compliant Cloud Communications Services; Penalties for Noncompliance Can Be as High as $1.5 Million

SAN JOSE, Calif.--(BUSINESS WIRE)-- 8x8, Inc. (NASDAQ:EGHT), a provider of cloud-based unified communications, contact center and collaboration services, today issued an important reminder to Healthcare Payer and Provider Covered Entities and Business Associates urging them to examine their communications infrastructure, including voicemail, eFaxes and SMS, to ensure the protected health information (PHI) they manage complies with federal HIPAA Regulatory Law.

The call to action was issued today in support of the Ninth Annual National Health IT Week, September 15 - 19, a collaborative forum for public and private healthcare constituents to discuss the value of health information technology (IT) for the U.S. healthcare system. Additionally, September 22 is the deadline for all grandfathered Business Associate Agreements to be updated to satisfy the HIPAA/HITECH Act and Omnibus Final Rule Regulatory Law requirements put in place last year. It is the healthcare Payer and Provider Covered Entity's responsibility to ensure that the vendors they deal with and the 3rd parties of those vendors that persistently maintain/store, create, receive, or transmit PHI have executed an updated Business Associate Agreement.

According to 8x8 Senior Director of Security and Compliance Mike McAlpen, "Thousands of healthcare companies in the U.S. are directly affected by the expanded provisions of HIPAA Regulatory Law that went into effect last year and many are still unaware of it. Any company that persistently maintains, stores, creates, receives, or transmits PHI in their communications infrastructure, directly or indirectly on behalf of a HIPAA covered entity, or their Business Associates falls under these relatively new federal laws and could face legal prosecution and penalties for noncompliance of up to $1.5 million." McAlpen added, "State Attorney Generals now also have the authority to prosecute for a lack of HIPAA Compliance and are, in fact, already doing so in several states."

8x8 has taken significant steps, most importantly gaining 3rd party HIPAA compliance validation from one of the nation's leading HIPAA security law authorities and authors, to ensure the cloud communications solutions and accompanying Business Associate Agreements it provides to customers are fully up to date and HIPAA compliant. Other measures taken include data-in-motion encryption with HTTPS for accessing faxes, call recordings and voicemails along with optional data at rest encryption, the incorporation of HIPAA compliant administrative controls and restrictions to protect PHI in eFaxes, recordings and voicemails and the establishment of comprehensive security and privacy policies, procedures, standards, training, controls, metrics, monitoring and governance. Additionally, 8x8 provides its customers with Covered Entity and Business Associate versions of its updated Business Associate Agreement written by the same leading legal authority and author on HIPAA security law.

According to Deborah Sherl, a Legal Nurse Consultant who is certified in healthcare HIPAA privacy and security, "Many practices have electronic medical records, practice management software and VOIP communications, yet most do not have in house IT staff. Under such conditions, striving to create a new culture of HIPAA Privacy & Security seems to be an extraordinary effort." Sherl continued, "Having a business associate such as 8x8 that is open and welcoming to the need for updating Business Associate Agreements and working toward a common goal of best practices for patients is a very positive, yet frequently unusual, experience."

Cheryl Long, office manager for a 1,000 patient dental practice in Leonardtown, Maryland, relies on 8x8's HIPAA compliant cloud communications services to keep patient interactions and data safe and secure. "We were advised that if a doctor or dentist communicates over the Internet or stores information on the Internet, their data security has to be tighter than a drum," said Long. "Having a HIPAA Business Associate Agreement was critical for us. You can install the best phone system in the world, but if you don't have a BAA, you are not protected. I didn't want to be sweating bullets if we were ever audited for HIPAA compliance. It's not worth the risk."

For additional information regarding 8x8's HIPAA compliant cloud communications solutions visit

About 8x8, Inc.

8x8, Inc. (NASDAQ:EGHT) is the trusted provider of secure and reliable cloud-based unified communications and virtual contact center solutions to more than 40,000 small, midsize and distributed enterprise organizations operating in over 40 countries across six continents. 8x8's out-of-the-box cloud solutions replace traditional on-premise PBX hardware and software-based systems with a flexible and scalable Software as a Service (SaaS) alternative, encompassing cloud business phone service, contact center solutions, and web conferencing. For additional information, visit, or or connect with 8x8 on Google+FacebookLinkedIn and Twitter.

8x8, Inc.
Tim Polakowski, 408-883-8434

Source: 8x8

News Provided by Acquire Media

Categories: Press Releases
View all news