Provide BAA for <20 user accounts

  • 3
  • 9
  • Idea
  • Updated 4 months ago
In response to compassion8CLE on TWITTER:

60% of med practices have less than 20 employees and your competitors market against your conduit only policy! Give <20 a BAA! @RingCentral
Photo of HootSuite App

HootSuite App

  • 4,792 Points 4k badge 2x thumb

Posted 3 years ago

  • 3
  • 9
Photo of Solomon Zaraa

Solomon Zaraa

  • 188 Points 100 badge 2x thumb
1) USA

2) private practice outpatient psychiatry office

3) I am requesting a HIPAA BAA based on the industry standard for net-based services for medical practices. A conduit service as provided by ringcentral is wholly inadequate especially given the fact that Ringcentral provides a BAA for premium subscribers with 20+ users but none to those with less than <20 users. However, the HIPAA-compliance issues that a 2 person medical practice experience are identical to a 200 person practice. 

4) We would take the BAA, and put it in a binder with all the other BAA's we have from our scheduling, appointment, online forms, and payment processing vendors. The BAA is only really "used" in the highly unlikely event of an audit or in the event of a data leak.

5) In the even of a HIPAA audit or inadvertent data leak of PHI by either Ringcentral or our organization, it is certainly better for all parties to have a BAA in place.  There are no additional costs, obligations, or commitments with having a BAA. The downsides to not having a BAA in place is severe fines to all parties involved. That would effectively shut down my practice. For Ringcentral, I expect it would cause an exodus of physicians who are <20 users and do not have a BAA. 

From a marketing point of view, your competitors 8x8 and Voiply are actively bad-mouthing your HIPAA Conduit policy on their websites. Their claims are hyperbolic but have a kernal of truth. Your Conduit policy has been around for a few years and I suspect that I'm not the first/only physician to experience apprehension at your lack of a BAA. Ringcentral is unique in that it does market itself to healthcare providers, your salespeople think you can supply a BAA to everybody who needs it, but then after logging in and finding the info on your support pages, we discover that is not accurate.

Physicians like peace of mind especially when it comes to highly sensitive medical information. In the mental health, we're even more conscientious of privacy than most specialties. Other online vendors will auto-generate a boilerplate BAA with their organization and my organization as a PDF readily for download. This is a HUGE advantage you don't have. 

6) N/A
7) 2 lines (for now!)