Compliance · HIPAA
HIPAA-ready phone system, BAA included.
How letsdial handles Protected Health Information (PHI) for healthcare customers, the safeguards we apply, and the shared-responsibility expectations on your side.
Safeguards
The three safeguard categories the Security Rule requires.
Administrative
- Designated security officer responsible for HIPAA programme.
- Workforce screening, role-based training, and signed confidentiality agreements.
- Incident-response runbooks reviewed and tested.
- Vendor risk assessments before any sub-processor handles PHI.
Physical
- PHI stored in datacenters with 24/7 staffing and biometric entry control.
- No production PHI on engineer workstations; access is browser-based.
- Hardware lifecycle managed by the cloud provider; certified destruction at end of life.
Technical
- Encryption in transit (TLS 1.3, SRTP) and at rest with per-tenant key envelope.
- Role-based access controls, mandatory MFA, automatic session timeouts.
- Tamper-evident audit log of every PHI access, exportable to your SIEM.
- Integrity checks on stored recordings and transcripts.
Business Associate Agreement
A signed BAA is included on every paid plan, no enterprise add-on.
The BAA defines our obligations as a HIPAA Business Associate when we process PHI on your behalf, covering use limitations, safeguards, sub-contractor flow-down, breach notification, and termination. Healthcare-classified workspaces are provisioned to keep PHI inside HIPAA-eligible infrastructure.
PHI lifecycle
How Protected Health Information moves through the platform.
- Stage 01
Captured
PHI enters via call, message, or transcript.
- Stage 02
Stored
Written to encrypted storage in the chosen region.
- Stage 03
Encrypted
AES-256 at rest with per-tenant envelope keys.
- Stage 04
Accessed
Only authorised users; every access logged.
- Stage 05
Disposed
Purged per your retention policy and the BAA.
Shared responsibility
Who’s on the hook for what.
Breach notification
What happens if PHI is involved in a security event.
- Step 01
Detection
Our security team triages the event and confirms whether PHI was involved.
- Step 02
Assessment
Scope of affected records, root cause, and containment status are documented.
- Step 03
Notification
Affected covered entities are notified without unreasonable delay and within the timeframe required by the Breach Notification Rule.
- Step 04
Remediation
Permanent fix shipped, audit log delivered, and post-incident review shared.
Contact
Healthcare buyer? Talk to a real human.
Phone
+1 917-779-01873 Shenton Way, #15-05, Shenton House, 068805 Singapore
