Provide BAA for <20 user accounts

  • 3
  • 9
  • Idea
  • Updated 2 months ago
In response to compassion8CLE on TWITTER:

60% of med practices have less than 20 employees and your competitors market against your conduit only policy! Give <20 a BAA! @RingCentral
Photo of HootSuite App

HootSuite App

  • 4,732 Points 4k badge 2x thumb

Posted 3 years ago

  • 3
  • 9
Photo of Mike

Mike, Official Rep

  • 94,790 Points 50k badge 2x thumb
Feature Request Template To help our Product Team understand your request and assure it gets more consideration, please include the following details in your request: 
  1. Account type  (U.S., Canada, UK,  AT&T, Telus, BT)
  2. A brief description of the business 
  3. A high level description of the product or feature being requested
  4. A typical use case scenario explaining how your business would use the feature
  5. Benefit of such feature
  6. Include any related case number if applicable
  7. Number of Users and/or Digital Lines

Photo of Solomon Zaraa

Solomon Zaraa

  • 188 Points 100 badge 2x thumb
1) USA

2) private practice outpatient psychiatry office

3) I am requesting a HIPAA BAA based on the industry standard for net-based services for medical practices. A conduit service as provided by ringcentral is wholly inadequate especially given the fact that Ringcentral provides a BAA for premium subscribers with 20+ users but none to those with less than <20 users. However, the HIPAA-compliance issues that a 2 person medical practice experience are identical to a 200 person practice. 

4) We would take the BAA, and put it in a binder with all the other BAA's we have from our scheduling, appointment, online forms, and payment processing vendors. The BAA is only really "used" in the highly unlikely event of an audit or in the event of a data leak.

5) In the even of a HIPAA audit or inadvertent data leak of PHI by either Ringcentral or our organization, it is certainly better for all parties to have a BAA in place.  There are no additional costs, obligations, or commitments with having a BAA. The downsides to not having a BAA in place is severe fines to all parties involved. That would effectively shut down my practice. For Ringcentral, I expect it would cause an exodus of physicians who are <20 users and do not have a BAA. 

From a marketing point of view, your competitors 8x8 and Voiply are actively bad-mouthing your HIPAA Conduit policy on their websites. Their claims are hyperbolic but have a kernal of truth. Your Conduit policy has been around for a few years and I suspect that I'm not the first/only physician to experience apprehension at your lack of a BAA. Ringcentral is unique in that it does market itself to healthcare providers, your salespeople think you can supply a BAA to everybody who needs it, but then after logging in and finding the info on your support pages, we discover that is not accurate.

Physicians like peace of mind especially when it comes to highly sensitive medical information. In the mental health, we're even more conscientious of privacy than most specialties. Other online vendors will auto-generate a boilerplate BAA with their organization and my organization as a PDF readily for download. This is a HUGE advantage you don't have. 

6) N/A
7) 2 lines (for now!)
I'm working with a ring Central rep on this very issue. I can't sign on with ring Central unless I can get a BAA for my one person counseling practice. I hope the policy at ring Central will change.
Photo of Solomon Zaraa

Solomon Zaraa

  • 188 Points 100 badge 2x thumb

Theoretically, you could update your HIPAA Notice of Privacy Practices to include the ONLY exception in your entire practice model and attempt in plain English what a conduit is. On a practical level, RingCentral is the conspicuous outlier. There's no reason for RingCentral subscribers or Ringcentral to assume such a risk! Holding onto data for 30 days is still holding onto data! That's not what a conduit is! It makes no sense that 20 users requires a BAA when 19 does not. or 9. or 1. 

I've got another 3 weeks before my first 30 days runs out with Ringcentral. My rep with RingCentral stopped replying once I brought up this issue. This community post is my last hope to get some attention on this issue. Please keep me posted if you get results. I may have to cancel within the 30 days because of the BAA problem.

I'm trying to hold onto some hope. I love Ringcentral's desktop based platform. It has all the features I want. Except for a BAA. 
May I ask why you didn't go with 8x8 or voiply? I hadn't heard of them til your post. I messaged them and they seem to have all the features I would need.
Photo of Solomon Zaraa

Solomon Zaraa

  • 188 Points 100 badge 2x thumb
Ringcentral's web site clearly explained all the different functions it has. The customer service was also really excellent in getting things started, especially since this is the first time I've looked into phone systems and I'm not sure what really want/need. Voiply is more than 50% cheaper but seems to not have bells and whistles either. 

 I need something portable, feature-rich, can adapt to my needs, and secure/compliant. 

Until I get a BAA, Ringcentral is all the above except secure/compliant. Voiply seems to not be feature rich, but it is compliant.  I might need to call voiply next week and review all their features. 

If this little community post actually results in a publicly-traded corporation modifying it's approach to HIPAA... if they can listen to a single practitioner and act decisively, then they'll have a customer for life. 
Yes, I was happy to see that ring Central had everything I needed and I appreciated the attentiveness of the rep. I'll be disappointed if I can't get the BAA. I'll let you know what my rep says tomorrow
Photo of Kelly Knowles

Kelly Knowles

  • 100 Points 100 badge 2x thumb
I agree with the other comments. The reason I can't go with Ring Central is that they don't provide a BAA for a small or one-person business. Many therapists and other healthcare professionals are solo providers who still need a BAA.
I take it Ring Central is STILL not providing BAA to businesses with <20 user accounts?...
Photo of Jessica - Community Moderator

Jessica - Community Moderator, Official Rep

  • 6,824 Points 5k badge 2x thumb
Hi Rebecca, that's correct. 
Photo of Amy Fuller

Amy Fuller

  • 60 Points
I am surprised. I've been using this for 2 years  thinking I was covered but I only have 12 people in my Ring Central not HIPAA compliant for less than 20 people in an organization?

Photo of Jessica - Community Moderator

Jessica - Community Moderator, Official Rep

  • 11,270 Points 10k badge 2x thumb
Hi Amy, 

The HIPAA setting still applies to accounts with less than 20 users. As you know, RingCentral will not enter a BAA with a customer unless they have more than 20 users. It is also important to note that RingCentral does not claim HIPAA compliance, only that RC provides certain tools that may allow a customer to be HIPPA compliant themselves.
Photo of Tzachi Litov

Tzachi Litov

  • 60 Points
So please help me understand, as this is the primary reason we chose RingCentral. If we have just 2 employees, we cannot receive a BAA and therefore are not HIPAA compliant - despite activation the HIPAA setting on our account?!
Photo of Jessica - Community Moderator

Jessica - Community Moderator, Official Rep

  • 11,270 Points 10k badge 2x thumb
You cannot receive a BAA with less than 20 users.