- 12 Nov 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Dialpad + HIPAA
- Updated on 12 Nov 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Curious about using Dialpad for healthcare telecommunication?
Great news, once a Business Associate Agreement (BAA) is signed, all Dialpad products can be used compliantly by healthcare industry customers.
Let’s dive into the details of how Dialpad keeps communications HIPAA-compliant.
Rigorous security risk assessment
Dialpad is certified to SOC2 Type 2 and ISO 27001, 27017, and 27018, and has completed the Cloud Security Alliance’s Consensus Assessment Initiative Questionnaire which addresses the controls listed in the HIPAA Security and Privacy Rule and meets the needs of the HIPAA Security Risk Assessment.
You can view the results and learn more about Dialpad’s security features at trust.dialpad.com.
Business Associate Agreements (BAA)
Dialpad, as a Business Associate, provides contractual assurance to implement HIPAA safeguards protecting ePHI.
This also ensures that any subcontractors partnered with Dialpad will also follow these safeguards.
Ready to get started? You can sign a BAA right from the Dialpad app.
Customizable retention policy
Dialpad’s customizable retention policy is a standard feature across all account sizes. Use it to ensure you retain the for as long as you need it, no more, no less.
Additional security practices at Dialpad
Dialpad also provides several additional security practices to keep your data safe.
Google Cloud platform
Dialpad websites, web apps, smartphone back-end, and customer sensitive data is processed and stored using Google Cloud Platform services.
Failovers and backups
Automatic backups are built into our system. Every aspect of our system has been designed with redundancy in mind so that in the event of a failure, there’s always an alternative to take its place immediately.
24/7 emergency response
Dialpad’s team is available 24/7/365 and employs a “follow the sun” support model so that no matter where you are, Dialpad is available when you need us.
Identity and authentication
User authorization of Dialpad services are communicated over HTTPs and are secured under the administrators choice of OAuth2.0, SAML 2.0, or by email and password combination that is stored and encrypted using a secure cryptographic one-way hash function of the salted password.
Encryption in transit and at rest
Dialpad utilizes Transport Layer Security (TLS) for data being transferred within the applications.
For the telephony network, Dialpad uses Secure Real-Time Transport Protocol (SRTP) for the transfer of phone calls and video during real-time data transfer.
Data at rest is encrypted with AES 256-bit ciphers and the encryption keys are managed using Google’s encryption management with 90-day key rotations.
Proactive logs and monitoring
We monitor log access to sensitive information and systems and have event monitoring in place, complete with staff who are trained to proactively identify unusual activity.