Level365 UCaaS can be used in a HIPAA-compliant manner, provided that you take care to use them correctly. As a Level365 customer you are responsible for your organization’s HIPAA compliance in all respects, including any applicable state and federal laws and regulations when using Level365 UCaaS within a HIPAA-compliant environment. These guidelines are provided for general guidance only. Please consult with your legal and compliance officers to consider the specifics of your requirements.
Extensions must be assigned by specific individual user names, not generic names such as the front desk. If the telephone extension has a generic name, you will need to have some other form of tracking the device usage. Level365 will not be able to provide information on who was participating in calls on those extensions.
Call history can be disabled on telephones to ensure no Protected Health Information (PHI) is saved on the devices. Please contact Level365 Support if you wish for call history to be disabled on your devices as it is enabled by default.
Voicemail Messaging and Call Recording
Messages and recordings are accessible via secure login to the Level365 Web App or mailbox PIN. Only authorized users can access messages and recordings.
Voicemail message notifications should be disabled to prevent caller ID information from getting sent to emails. Please follow the below guide to disable these notifications.
SMS and MMS text messages are not encrypted and are not able to be recalled. As such, you acknowledge and agree that you will not send any Protected Health Information (PHI) via the Level365 SMS or MMS function.
For additional information regarding our text messaging guidelines please see the guide below.
Fax to Email (eFax) is not HIPAA compliant due to being an unencrypted email and should not be utilized. Fax ATA and Fax to Folder/Server services are HIPAA compliant and communicate/encrypt via HTTPS with the Level365 servers. Level365 fax infrastructure is stored in a SOC2 Compliant data center.
Authorized administrators may view and download call history reports via secure login to the Level365 Web App.
Emailed reporting should not be utilized as it contains caller names and telephone numbers. Please contact Level365 Support if you wish for this to be disabled.
The Level365 application allows you to create Business contacts. You acknowledge and agree not to include Protected Health Information (PHI) in Contact First/Last Name, Company Name, or Job Title.
Meetings must be scheduled via invitation only. Access is password protected with a passcode by default. Meetings are not listed publicly by Level365.
End-Point Management and Security
You understand and agree that you are responsible for the security and management of all end-user devices accessing any Level365 services, including desktop and laptop computers and mobile devices. Level365 recommends that you consult with your information technology provider regarding best practices and procedures for device security and password policies.
Some settings mentioned throughout the above document are not enabled by default. Please contact Level365 Support for assistance. Please consult with your legal and compliance officers to consider the specifics of your requirements.