The adoption of VoIP technology and its implications for HIPAA compliance have evolved significantly since the federal government first issued guidance regarding traditional analog phone systems. Today, VoIP phone systems that process or store electronic Protected Health Information (ePHI) are subject to the provisions of the HIPAA Security Rule./p>
Business VoIP use continues to grow rapidly, with the global VoIP market projected to reach $508.7 billion by 2030. As of 2024, approximately 70% of businesses had integrated VoIP into their communications strategies, with small and medium-sized enterprises driving much of this growth.
VoIP converts analog audio signals into digital data transmitted over the Internet. In healthcare settings, this data often includes patient information that constitutes ePHI, falling squarely within HIPAA’s scope. Healthcare providers utilizing VoIP systems must ensure HIPAA compliance to protect patient data during transmission, storage, and access.
Under HIPAA, electronic media include storage devices (e.g., computer hard drives) and transmission media (e.g., the internet). The 2013 Omnibus Rule clarified that certain transmissions, such as paper faxes and traditional telephone voice calls, are not considered electronic transmissions if the information did not exist in electronic form before transmission. However, VoIP calls, particularly when involving voicemail, call recording, or any form of data retention, are treated as ePHI transmissions under HIPAA. Providers of VoIP services that handle stored or recorded data are generally considered Business Associates and must comply with HIPAA’s requirements.
Key implementation specifications under the HIPAA Security Rule that apply to VoIP phone systems include:
The HIPAA Final Omnibus Rule provides limited exceptions for services that act as a “mere conduit” of information, such as traditional telephony providers that only transmit data without storing it. However, HHS has made clear that VoIP services offering features like voicemail and call recording do not qualify as mere conduits. Persistent data storage establishes the provider’s role as a Business Associate, making HIPAA compliance mandatory. Covered entities and their business partners should exercise caution and avoid engaging VoIP providers that claim “mere conduit” status while storing or handling ePHI.
Carolina Digital Phone’s hosted VoIP solution is designed with HIPAA compliance in mind. Customers are responsible for conducting risk assessments, security evaluations, and compliance documentation to meet HIPAA requirements. Carolina Digital takes robust measures to secure the data you store on our servers, ensuring it is accessible only to you and your authorized representatives.
Carolina Digital offers a Sample BAA for review for covered entities and business associates requiring a Business Associate Agreement. This document is a starting template only and is not a binding agreement. After your legal team reviews the sample, Carolina Digital’s management and legal counsel will work with you to tailor a finalized BAA that meets your specific compliance requirements. No PHI should be shared with Carolina Digital until a fully executed BAA is in place.
Carolina Digital Phone complies with all applicable FCC regulations, including 911/E911 service requirements, robocall mitigation protocols, and STIR/SHAKEN call authentication standards, to enhance call security, identity protection, and public safety.
Revised: May 7, 2025
Posted on Google Danielle StoreyTrustindex verifies that the original source of the review is Google. David Martin gave excellent customer service, he updated our phones and he promptly called me back.Posted on Google Travis TaylorTrustindex verifies that the original source of the review is Google. David was very quick to respond and paid attention to the small details when resolving our Algo issue. Keep it up!Posted on Google Patrick MillsTrustindex verifies that the original source of the review is Google. Eric and all of the support engineer specialists are top notch, and speedily correct the very limited issues I've ever had in 4+ years of servicePosted on Google Church AdminTrustindex verifies that the original source of the review is Google. We have had Carolina Digital phones for a couple of years now. The phones work great and we have had no problems at all. Chris in the sales department knew exactly what we needed and got us all set up. She also saved us money. If I have questions about how to use a certain feature, Eric Lyon is my go-to guy. He knows the answer to every question I have about these phones. He is always available by email and answers quickly and kindly. We highly recommend Carolina Digital Phones!Posted on Google Michael DurdinTrustindex verifies that the original source of the review is Google. We love our VOIP phone system from Carolina Digital Phone. The product works like it should and the features are fantastic and easy to use. Also, tech support is top notch. Eric and the support crew help me configure new phones, add and remove users and also troubleshoot any issues I run into. I can't say enough good things about the staff and how quickly they are able to resolve any issues we have had while getting everything up and running. 5 star company! Update 1/10/2024 - We have been with Carolina Digital Phone for almost 5 years and it has been an awesome experience. From the actual hardware to support this company is top notch. I also can’t say enough about the tech support team. They are always on their A game.Posted on Google Ellen HoosickTrustindex verifies that the original source of the review is Google. Always get great service from Carolina Digital. Today was exceptional from David Martin!Posted on Google SANDY MADRETrustindex verifies that the original source of the review is Google. Carolina Digitals' customer support has been exceptional. Eric Lyon's has gone above and beyond to help resolve non-typical issues.Posted on Google Stephen HawkinsTrustindex verifies that the original source of the review is Google. Julius Ratunil gives great customer support.Posted on Google Cody AllenTrustindex verifies that the original source of the review is Google. We are proud to be Carolina Digital customers! Their professionalism, speed, accuracy and willingness to help makes it easy to do business with them. These people go above and beyond any time we need their help. Would definitely recommend them to anyone!