Your Health Information is Protected
Vocanta is fully committed to protecting the privacy and security of your Protected Health Information (PHI). We comply with all requirements of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the HITECH Act of 2009. This notice describes how medical information about you may be used and disclosed and how you can get access to this information.
Our Commitment to HIPAA
As a Business Associate to healthcare providers, Vocanta takes our HIPAA obligations seriously. We have implemented comprehensive policies, procedures, and technical safeguards to ensure the confidentiality, integrity, and availability of all Protected Health Information (PHI) we handle.
Privacy Rule Compliance
We limit PHI use and disclosure to the minimum necessary for treatment, payment, and healthcare operations.
Security Rule Compliance
We implement administrative, physical, and technical safeguards to protect electronic PHI.
Breach Notification
We have procedures to detect, contain, and report any breach of unsecured PHI within required timeframes.
Patient Rights
We support patient rights to access, amend, and receive accounting of disclosures of their PHI.
Designated Privacy Officer: Vocanta has appointed a Privacy Officer responsible for overseeing HIPAA compliance, handling privacy complaints, and ensuring our workforce is trained on HIPAA requirements.
Technical Safeguards
We implement robust technical measures to protect electronic Protected Health Information (ePHI) as required by the HIPAA Security Rule.
Access Controls
- Unique user identification for all system users
- Automatic logoff after period of inactivity
- Emergency access procedures for PHI retrieval
- Role-based access controls (RBAC)
Audit Controls
- Comprehensive logging of all PHI access
- Real-time monitoring of system activities
- Automated alerts for suspicious behavior
- Audit trail retention for 6+ years
Transmission Security
- TLS 1.3 encryption for data in transit
- End-to-end encryption for voice calls
- Secure API communications with mTLS
- VPN access for administrative functions
Encryption
- AES-256 encryption for data at rest
- Hardware Security Modules (HSM) for key management
- Encrypted database connections
- Secure key rotation policies
Administrative Safeguards
Our administrative policies and procedures ensure that our workforce understands and follows HIPAA requirements.
Security Management
- Comprehensive risk analysis and management
- Security policies and procedures documentation
- Regular policy review and updates
- Sanction policy for workforce violations
Workforce Security
- Background checks for all employees
- Security awareness training (annual)
- HIPAA-specific training for relevant staff
- Confidentiality agreements for all personnel
Information Access Management
- Minimum necessary access principle
- Access authorization procedures
- Access modification and termination protocols
- Regular access reviews and audits
Contingency Planning
- Data backup procedures (continuous)
- Disaster recovery plan
- Business continuity planning
- Emergency mode operation procedures
Physical Safeguards
We maintain physical security measures to protect our systems and the data they contain.
Facility Access Controls
- SOC 2 Type II certified data centers
- 24/7 security personnel and surveillance
- Biometric access controls
- Visitor management and escort policies
Workstation Security
- Remote work security policies
- Encrypted workstations and devices
- Screen lock enforcement
- Clean desk policy
Device Controls
- Mobile device management (MDM)
- Hardware inventory tracking
- Secure media disposal procedures
- Equipment reuse and disposal protocols
Data Center Security
Vocanta uses enterprise-grade cloud infrastructure providers that maintain SOC 2 Type II certification and HIPAA compliance. Our data centers feature:
Business Associate Agreements
Vocanta executes Business Associate Agreements (BAAs) with all covered entities we work with, as well as with our own subcontractors who may have access to PHI. Our BAAs ensure:
Request a BAA
If you are a covered entity and need to execute a Business Associate Agreement with Vocanta, please contact our compliance team:
Certifications and Audits
We regularly undergo third-party assessments and maintain industry certifications to demonstrate our commitment to security and compliance.
SOC 2 Type II
CertifiedAnnual third-party audit of security, availability, and confidentiality controls
HIPAA Compliance
CompliantComprehensive compliance with HIPAA Privacy and Security Rules
HITRUST CSF
In ProgressHealthcare-specific security framework certification
Penetration Testing
CurrentQuarterly penetration testing by independent security firms
Audit Reports
Current or prospective customers under NDA can request copies of our audit reports and security documentation:
- SOC 2 Type II Report
- Penetration Test Summary
- HIPAA Risk Assessment Summary
Compliance Contact
For questions about our HIPAA compliance practices, to report a privacy concern, or to exercise your rights under HIPAA, please contact our Privacy Officer:
Privacy Officer
Phone
1-800-VOCANTAVocanta Privacy Officer
123 Healthcare Blvd, Suite 100
San Francisco, CA 94102
Security Officer
Report a Privacy Concern
If you believe your privacy rights have been violated or you suspect a breach of PHI, please contact our Privacy Officer immediately. You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you for filing a complaint.