Cisco Spark Achieves HIPAA Compliance
Today marks another big step in the forward progress of Cisco Spark for its adoption in enterprises worldwide. Cisco Spark is now ready for use in healthcare consistent with customer needs for HIPAA compliance!
The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. healthcare law that establishes requirements for the use, disclosure, and safeguarding of individually identifiable health information. It applies to doctors’ offices, hospitals, health insurers, and other healthcare companies with access to patients’ protected health information (PHI). It also, as a byproduct, applies to companies that provide B2B services to these healthcare providers — such as cloud service providers like Cisco Spark.
The law regulates the use and dissemination of PHI in four areas — privacy, security, identifiers, and rules for usage of information in transactions like insurance claims and payments.
Ultimately compliance with HIPAA is the responsibility of the healthcare provider. As a B2B provider to healthcare companies, Cisco helps by providing them information they need on how to use Cisco Spark while meeting their compliance obligations.
We’ve performed a self-assessment using a fairly stringent compliance questionnaire — the HHS Security Risk Assessment tool. The results of our assessment — a voluminous 61-page treatise — indicate that Cisco Spark can be used by healthcare providers in a way that meets their HIPAA obligations. This assessment has been reviewed and accepted by a large healthcare customer.
A big part of the compliance requirements are enforcement of policies around sharing of PHI. Our integration with Cisco’s own Cloudlock product goes a long way in helping healthcare customers meet those requirements. For example, a common requirement is to make sure customer social security numbers are not communicated in inappropriate channels. Through our integration with Cisco Cloudlock, healthcare customers can create policies that look for social security numbers and delete them should they show up in the wrong communication channel.
Our HIPAA self-assessment is available to customers under Non-Disclosure Agreement.