Global Security Features and HIPAA Compliance
We often receive questions from customers about how to set up CTM to ensure compliance with HIPAA rules. Behind the scenes, we have been working on new agency level security features and recommendations to help agencies achieve HIPAA compliance.
These new Global Security Features allow an agency to require extra layers of protection to an account with two factor authentication, password protected recording URL and time limited recording URL.
There are two options for the Two Factor Authentication. First, trust a user’s computer and only ask for verification code every 30 days. Second, always ask for a verification code. Depending on how confidential the information in the account is, you can choose either or. Users still login with their username and password, this is simply an additional step to verify the user is who they say they are.
It’s probably safe to say that the call recordings are the most sensitive information within an account which is why we’ve created Password Protected Recording URL’s and a Time Limited Recording URL’s.
The Password Protected Recording URL feature allows the agency to require a login and password to access the any audio recordings which is ideal for securing the audio recording and all it’s context. The login and password will be required regardless of if the user is logged into CTM or if they received the an email notification with an included call recording.
Lastly, the Time Limited Recording URLs feature allows the agency to set an expiration time for audio recording URL’s. This setting is ideal for securing email notification without a password.
By default, these new Global Security Features are turned off for an Agency. You can turn them on within Agency Settings (Users>> Manager User Access).
Watch the Demo: