Letsdial

Compliance · HIPAA

HIPAA-ready phone system, BAA included.

How letsdial handles Protected Health Information (PHI) for healthcare customers, the safeguards we apply, and the shared-responsibility expectations on your side.

HIPAAReady

Safeguards

The three safeguard categories the Security Rule requires.

§ 164.308

Administrative

  • Designated security officer responsible for HIPAA programme.
  • Workforce screening, role-based training, and signed confidentiality agreements.
  • Incident-response runbooks reviewed and tested.
  • Vendor risk assessments before any sub-processor handles PHI.
§ 164.310

Physical

  • PHI stored in datacenters with 24/7 staffing and biometric entry control.
  • No production PHI on engineer workstations; access is browser-based.
  • Hardware lifecycle managed by the cloud provider; certified destruction at end of life.
§ 164.312

Technical

  • Encryption in transit (TLS 1.3, SRTP) and at rest with per-tenant key envelope.
  • Role-based access controls, mandatory MFA, automatic session timeouts.
  • Tamper-evident audit log of every PHI access, exportable to your SIEM.
  • Integrity checks on stored recordings and transcripts.

Business Associate Agreement

A signed BAA is included on every paid plan, no enterprise add-on.

The BAA defines our obligations as a HIPAA Business Associate when we process PHI on your behalf, covering use limitations, safeguards, sub-contractor flow-down, breach notification, and termination. Healthcare-classified workspaces are provisioned to keep PHI inside HIPAA-eligible infrastructure.

PHI lifecycle

How Protected Health Information moves through the platform.

  1. Stage 01

    Captured

    PHI enters via call, message, or transcript.

  2. Stage 02

    Stored

    Written to encrypted storage in the chosen region.

  3. Stage 03

    Encrypted

    AES-256 at rest with per-tenant envelope keys.

  4. Stage 04

    Accessed

    Only authorised users; every access logged.

  5. Stage 05

    Disposed

    Purged per your retention policy and the BAA.

Shared responsibility

Who’s on the hook for what.

ResponsibilityletsdialYou
Encrypting PHI in transit and at rest
Provisioning a HIPAA workspace
Maintaining the BAA
Configuring access roles and group policy
Training your workforce on PHI handling
Choosing what to record and what not to
Tamper-evident audit log of every access
Acting on audit-log alerts

Breach notification

What happens if PHI is involved in a security event.

  1. Step 01

    Detection

    Our security team triages the event and confirms whether PHI was involved.

  2. Step 02

    Assessment

    Scope of affected records, root cause, and containment status are documented.

  3. Step 03

    Notification

    Affected covered entities are notified without unreasonable delay and within the timeframe required by the Breach Notification Rule.

  4. Step 04

    Remediation

    Permanent fix shipped, audit log delivered, and post-incident review shared.

Contact

Healthcare buyer? Talk to a real human.

Mail

3 Shenton Way, #15-05, Shenton House, 068805 Singapore