Guidelines for complying with HIPAA privacy and security rules when using Lync
- HIPAA requirements
- Guidelines for securely storing and sharing sensitive data
- Use disk encryption
- Use a secure messaging application
- Don’t save Lync call logs
- Disable missed call notifications and voice mail text previews
To learn more about encryption and complying with HIPAA 2015, check out our FAQs section for encryption.
HIPAA compliance requires protected information to be encrypted when it’s “at rest” (i.e., in storage) and “in transit” (during transmission over a communications network). For further definition of these concepts, see Data Encryption.
All data “in transit” via Lync (for instant messaging, or voice or video conversations) are encrypted during transmission.
Information stored on servers is also encrypted. This, plus the additional measures of housing the Lync and Outlook servers in the CAM Hosted Exchange Data Center, and restricting physical and administrative access to them, satisfies one end of the “at rest” requirement.
However, the other end of the “at rest” requirement must be met client-side (i.e., on your computer). It is important that you (or your companies IT Pro) take the following recommended precautions to ensure the devices (e.g., computers, laptops, and mobile devices) and applications (e.g., Lync/Skype for Business, and Outlook) you use are properly secured to protect any sensitive data they store or transmit.
Guidelines for Securely Storing and Sharing Sensitive Data
CAM recommends taking the following precautions if you store or communicate data that contain protected health information (PHI) or other sensitive data protected by HIPAA.
Use Disk Encryption
Use disk encryption on any desktop system, laptop, or portable device you use to access or store sensitive data. We prefer DESLock Enterprise because of its central management capabilities.
Use a Secure Messaging Application
Use a secure messaging application, such as the Echoworx, when you use Outlook to forward email and voice mail messages containing sensitive data. See our Encrypted Email FAQs
Don’t Save Lync Call Logs
Make sure Lync is not saving your call logs (this applies to Windows computers only).
To do so:
- In Lync, in the upper right corner, click the Options (gear) icon.
- From the menu on the left, select Personal.
- Make sure the box next to “Save call logs in my email Conversation History folder” is unchecked.
- Click OK.
Disable Missed Call Notifications and Voice Mail Text Previews
Disable missed call notifications and voice mail text previews of voice messages; you must use the Outlook Web App (OWA) to access these settings.
To do so:
- Log into OWA , and in the upper right, click the Settings (gear) icon. Click Options.
- In the left navigation bar, click phone.
- To disable missed call notifications, at the top, if necessary, click voice mail. Under “notifications” (you may need to scroll down), uncheck the box next to “Send an email message to my Inbox when I miss a phone call”. Additionally, if you have text message notifications set up, select I don’t want to receive text messages about missed calls and voice messages.
- To disable text preview of voice messages, on the voice mail tab, under “voice mail preview”, uncheck the boxes next to “Include preview text with voice messages I receive” and “Include preview text with voice messages I send through Outlook Voice Access”.
- To save your changes, in the bottom left, click save.