Available 24/7 — Call Now: 888-867-0095
Legal

HIPAA & Data Protection

Effective Date: April 1, 2026  ·  Viatel Communications

Summary: Viatel Communications operates as a HIPAA Business Associate. We handle Protected Health Information (PHI) only to the extent necessary to deliver our answering and communication services to you. We never sell, share, or use PHI for marketing purposes.

Our Role as a Business Associate

When Viatel Communications provides answering and communication services to healthcare providers, we function as a Business Associate as defined under the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations, including the HIPAA Privacy Rule (45 CFR Parts 160 and 164) and the HIPAA Security Rule.

As a Business Associate, we are legally obligated to protect any Protected Health Information (PHI) we encounter during the course of providing services. This obligation applies to all forms of PHI, including verbal, written, and electronic information.

We do not use or disclose PHI in any way that is not permitted or required by our Business Associate Agreements (BAAs) or applicable law. Our use of PHI is strictly limited to what is necessary to fulfill our service obligations on behalf of Covered Entities (your healthcare practice or organization).

How We Handle Protected Health Information

When our agents receive calls on behalf of healthcare clients, they may encounter information that constitutes Protected Health Information, including:

  • Patient names, dates of birth, and contact information
  • Appointment details and scheduling information
  • Reason for calling or nature of medical concern
  • Prescription and medication inquiries
  • Any other information that could reasonably identify a patient and relates to their health or healthcare

All such information is handled with the following principles:

  • Minimum Necessary Standard: We only access, use, or disclose the minimum amount of PHI necessary to complete the requested service.
  • Purpose Limitation: PHI is used exclusively to facilitate communication and appointment services on your behalf — never for marketing, profiling, or any secondary use.
  • Confidentiality: All agents are trained on HIPAA requirements and sign confidentiality agreements. Unauthorized access or disclosure of PHI is grounds for immediate termination and legal action.

Business Associate Agreements (BAA)

Prior to handling any PHI for healthcare clients, Viatel Communications executes a Business Associate Agreement (BAA) with the Covered Entity (your practice or healthcare organization).

The BAA defines:

  • The permitted uses and disclosures of PHI by Viatel Communications
  • Our obligations to safeguard PHI
  • Reporting requirements for security incidents and breaches
  • Provisions for terminating the agreement if HIPAA obligations cannot be met
  • Return or destruction of PHI upon termination of services

If you are a healthcare client and do not yet have a BAA on file with us, please contact us immediately at info@viatelcommunications.com or 404-490-3911.

Our Platforms and Their BAAs

Viatel Communications uses the following technology platforms in the delivery of our services. Each platform has been selected in part for its ability to comply with HIPAA requirements, and each maintains a signed BAA with Viatel Communications:

  • Zoho CRM — Customer relationship management and message tracking
  • Dialpad — Business communications platform for call handling and messaging
  • RingRX — HIPAA-compliant communication platform for healthcare
  • Microsoft 365 — Email, document management, and team collaboration

We periodically review our vendor relationships to ensure all platforms processing PHI maintain current and valid BAAs and adequate security practices.

Call Handling and Recording

In the course of providing answering services, calls may be recorded for quality assurance and training purposes. The following policies govern call recording:

  • Notice: Where required by law, callers are notified that calls may be recorded.
  • Storage: Call recordings containing PHI are stored on HIPAA-compliant platforms with appropriate access controls, encryption at rest, and encryption in transit.
  • Access: Access to call recordings is restricted to authorized personnel on a need-to-know basis.
  • Retention: Recordings are retained for a period consistent with applicable law and our BAA obligations, typically a minimum of six (6) years from the date of creation or last effective date.
  • Destruction: When recordings are no longer needed, they are securely and permanently destroyed in a manner that prevents reconstruction.

Administrative Safeguards

We maintain comprehensive administrative safeguards to protect PHI, including:

  • Documented HIPAA compliance policies and procedures
  • Mandatory HIPAA awareness training for all staff upon hire and annually thereafter
  • A designated HIPAA Privacy and Security Officer
  • Workforce disciplinary policies for HIPAA violations
  • Contingency plans for data backup, disaster recovery, and emergency operations
  • Business Associate Agreements with all sub-contractors who may access PHI

Technical Safeguards

Our technical infrastructure is designed to prevent unauthorized access to PHI:

  • Unique user identification and authentication for all systems containing PHI
  • Role-based access controls — staff only access PHI necessary for their specific duties
  • Automatic session timeouts on workstations and applications
  • End-to-end encryption for data in transit (TLS 1.2+)
  • Encryption at rest for stored PHI
  • Audit controls and logging to track access to electronic PHI
  • Multi-factor authentication on all systems containing PHI
  • Regular security patch management and vulnerability assessments

Data Use and Retention

PHI is retained only as long as necessary to fulfill the purpose for which it was collected or as required by applicable law and regulation. At the termination of a Business Associate relationship, PHI is returned to the Covered Entity or destroyed in accordance with the terms of the BAA.

We do not retain PHI beyond the period specified in our BAAs and do not use PHI for any secondary purpose, including:

  • Marketing or advertising to patients
  • Sale or transfer to third parties
  • Research purposes (unless expressly authorized)
  • Any purpose unrelated to the performance of our services

Security Incident and Breach Response

In the event of a suspected or confirmed security incident involving PHI, Viatel Communications will:

  1. Immediately investigate the incident and take steps to contain it
  2. Notify affected Covered Entities within the timeframe required by HIPAA (and no later than 60 days following discovery of a breach)
  3. Cooperate with Covered Entities in any required notification to patients or the Department of Health and Human Services (HHS)
  4. Document the incident, its scope, and all remediation steps taken
  5. Implement additional safeguards to prevent recurrence

If you believe a security incident has occurred involving your PHI or the PHI of your patients, please contact us immediately.

Questions and Contact

For questions about our HIPAA practices, to request a Business Associate Agreement, or to report a privacy concern, please contact us:

You may also submit a complaint directly to the U.S. Department of Health and Human Services, Office for Civil Rights: www.hhs.gov/hipaa/filing-a-complaint/.

Need a BAA or Have Questions?

We’re ready to discuss your HIPAA compliance needs and get the right agreement in place.

Call Us: 888-867-0095 Contact Us