Important: Nectar Desk is not a covered entity and doesn’t consider itself as a business associate.
Nectar Desk Software does help our HIPAA-compliant customers to be aligned with PHI (Protected Health Information) requirements by providing customized solutions for Call Recording. In the Nectar Desk case, Call Recordings are the piece that most likely may contain Protected Health Information.
Our solution for HIPAA-compliant customers is to allow them to use their own on- or off-premise servers so they can store and manage recordings on their own.
What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law enacted by the 104th US Congress and signed by President Bill Clinton on August 21, 1996. It aimed to update the healthcare information flow, stipulate how personally identifiable information maintained by the healthcare industries representatives should be protected from fraud and theft. The law required the creation of national standards to secure sensitive patient health information from being disclosed without the patient’s knowledge.
We do recommend using AWS S3 solution however we are open to working with other options.
Process overview
- Nectar Desk uses telecom technology partner – Plivo inc to handle communications as well as to create call recordings. Plivo’s Terms of Use.
- As soon as Call Recording is completed and available, Plivo notifies Nectar Desk over API.
- Immediately, Nectar Desk initiates the transfer of the call recording from Plivo to the Customer’s server.
- As soon as we verify that transfer is completed we request Plivo to delete the recording and to confirm the deletion.
Accessing Server: Nectar Desk only works with service providers who support access by temporary security credentials. No Long term credentials are permitted. If AWS is your provider we can assist with proper security settings for your S3 service.
Storage: Nectar Desk doesn’t store or access the recording at its own cloud infrastructure. We only initiate recording transfer and deletion processes.
Recordings access control: We do require authentication for all users in order to get access to the call recording link, which is generated after the recording transfer to your server is completed. Optionally we can redirect users to your server for authentication, this way you can manage recordings access control internally.
Data Retention Policy: We can follow your requirement for the data retention period. Normally we do not have limits for the call recordings duration but we would be happy to execute recordings deletion by the retention window of your choice.
If you require more information about Nectar Desk and HIPAA compliance please reach out to our team at any time: [email protected]
Nectar Desk is a Call Center Software provider.
