SightCall HIPAA Guide

HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) provides standards to protect the confidentiality, integrity and availability of protected health information (PHI), including electronic protected health information (ePHI). HIPAA provides guidance for an acceptable level of protection for ePHI while giving healthcare providers access to information necessary to perform their daily business functions.

There are many considerations that a healthcare provider, or other Covered Entity (as defined in HIPAA), must meet in order to satisfy HIPAA guidelines. SightCall has been designed such that healthcare providers and other Covered Entities may use our services for video communication in a manner that is consistent with their HIPAA obligations. We do not have access to identifiable health information, and we protect and encrypt all audio, video, and screen sharing data.


How SightCall Supports HIPAA Compliance

SightCall employs the following additional safeguards to help Covered Entities meet applicable HIPAA technical standards:


Access Control

HIPAA Standard

How SightCall Supports the Standard


Audit Controls

HIPAA Standard

How SightCall Supports the Standard


Integrity

HIPAA Standard

How SightCall Supports the Standard


Integrity Mechanism

HIPAA Standard

How SightCall Supports the Standard


Person or Entity Authentication

HIPAA Standard

How SightCall Supports the Standard


Transmission Security

HIPAA Standard

How SightCall Supports the Standard




Other Security and Privacy Compliance

In addition to supporting healthcare organizations to be HIPAA compliant when using SightCall we also operate the SightCall platform with the following:


Summary

Compliance with all aspects of HIPAA is ultimately the responsibility of the Covered Entity. SightCall partners with our healthcare customers to help them implement our solutions in a manner that will assist Covered Entities in meeting their compliance obligations, including by applying industry standard encryption to the communications channels among endpoint clients and SightCall infrastructure. SightCall does not store or access Protected Health Information for a Covered Entity. These aspects, together with the power and flexibility of the SightCall platform, will allow healthcare customers to implement SightCall in a HIPAA-compliant manner.