HIPAA

NICE CXone policy dictates the company will sign a Business Associates Agreement (BAA) with business units. The BAA requires the business unit to define themselves as one of the following:

  • A Covered Entity (CE)

  • A Business Associate (BA)

This definition will cover the BAA requirements within federal regulations.

Within the BAA, business units must observe the following HIPAA security safeguards:

  • Technical safeguards.

  • Training safeguards.

    • Annual security awareness.

    • Role-based HIPAA training.

  • Vendor Assessment safeguards.

    • Vendor security assessment.

    • Restricted and monitored vendor access.

  • Administrative safeguards.

    • Computer security.

    • Risk management.

    • Resiliency and incident management plans and tests.

    • Defined security and audit roles.

    • Hiring practices, including third-party background checks.

    • Non-disclosure, non-compete agreements with employees and prospective business units.

    • User audits.

    • Business associate proforma with legal staff review.

    • Dedicated security team.

NICE CXone requires vendors who bundle Protected Health Information (PHI) to sign a BAA.