PBX PHI Protection

PBX PHI Protection

Healthcare IT professionals have long recognized that information stored on their telephone systems (PBX's) may be designated as Protected Health Information (PHI). A message left for a physician or their staff may include the identity of a patient, details of their illness or treatment, etc. In most countries federal and state/provincial laws exist which specify the level of protection which must be afforded this type of information (including HIPAA in the USA, PHIPA in Canada, PDPA in Singapore, etc.), and attention is now focusing on PHI contained in the PBX.

At the same time many healthcare facilities are adopting Asterisk-based open source VoIP PBX's, and creating cost-effective and feature-rich telephony environments. As PBX operations can affect the very survival of patients, these same facilities are also implementing high availability (clustering) to ensure maximum PBX uptime. However, clustering implies that data must move between two PBX "peers", including voicemails, caller name and phone number data, call logs, etc. (i.e. ePHI in transit). This in turn exposes the PBX to PHI regulatory compliance.

Telium's High Availability for Asterisk (HAAst) is the only PBX high availability / clustering product that helps healthcare facilities meet the standards set by HIPAA, PHIPA, PDPA, and more. Unlike other simplistic high availability solutions, HAAst supports:

Beyond protecting your organization's PHI, HAAst offers a level of features, performance, compatibility, and support that allows administrators to deploy Asterisk PBX clusters with confidence. HAAst is available in several editions and price points to meet the unique feature, capacity, and budgetary needs of each deployment, including an enterprise scale solution for hospitals or campus phone systems, and a small-office solution for clinics and satellite facilities.

For more information on how HAAst can help your Asterisk PBX achieve both high availability and PHI regulatory compliance, please contact Telium at the email address / phone number listed on the contact page above.