When you work in or with the healthcare industry, protecting patient privacy isn’t optional – it’s the law. And while most people associate HIPAA compliance with electronic records and online systems, it’s just as important to make sure your phone calls follow the rules, too.
Whether you’re confirming appointments, handling insurance queries, or speaking with patients about care plans, every phone conversation matters. So, what exactly do the HIPAA rules say about phone calls and how can you make sure your business is staying compliant?
What is HIPAA, and why does it matter on the phone?
HIPAA (the Health Insurance Portability and Accountability Act of 1996) sets national standards for how protected health information (PHI) is handled. It applies to healthcare providers, insurers, and any third-party vendors who work with them.
Its goal is simple: to keep patient information safe, secure, and private – no matter how it’s shared.
That means if you’re discussing patient details over the phone, you need to treat that call with the same care you would a medical record. HIPAA applies whether you’re speaking to a patient, their family member, or a colleague.
How does HIPAA apply to phone calls?
Phone calls are allowed under HIPAA, but only if you handle them properly.
Before sharing any health information over the phone, you must take reasonable steps to confirm the identity of the person you’re speaking with. That could mean asking for a date of birth, patient ID, or other verifying details.
Calls should be made in private, where conversations can’t be overheard. And when leaving voicemail messages, you should avoid including sensitive health details. A simple appointment reminder is fine but you shouldn’t mention diagnoses, test results, or anything personal.
What counts as PHI during a call?
PHI includes anything that links a person to their health information. That might be obvious things like medical records or treatment plans, but also names, phone numbers, email addresses, birth dates, and insurance details when tied to a patient’s health.
If you’re calling to confirm an appointment, reschedule a follow-up, or discuss payment, and the patient is identifiable in any way, then HIPAA applies.
Is it okay to leave voicemails?
Yes, but keep them vague. HIPAA allows voicemail messages, as long as you avoid sharing anything sensitive. You can say who you are, who you’re calling for, and a time or date, but not much more.
For example:
“Hi, this is Dr. Carter’s office calling to confirm an appointment for Rachel on Wednesday at 2 p.m. Please call us back at 555-1234.”
What about recorded calls?
If you’re recording calls that include PHI, for training, quality, or legal reasons, those recordings are also subject to HIPAA. They must be stored securely, encrypted, and only accessible to authorized personnel. You should also have clear policies around how long recordings are kept and how they’re disposed of.
If you’re using a third-party service that records calls for you, they must sign a Business Associate Agreement (BAA) to confirm they’re handling data in a HIPAA-compliant way.
Here’s what to check when using a phone answering service
Outsourcing calls is a smart way to manage high volumes, but you need to make sure any medical answering provider you use is fully HIPAA compliant. That means:
- They must be willing to sign a BAA
- Their staff should be trained in HIPAA policies
- They should have secure systems for call handling, message-taking, and storage
Phone calls are still one of the most trusted, personal ways to communicate in healthcare but they come with strict responsibilities.
To stay HIPAA compliant over the phone, you need to:
- Confirm identities before sharing information
- Avoid detailed voicemail messages
- Protect recorded calls like any other patient data
- Choose partners who meet HIPAA standards
Managing compliance doesn’t have to be complicated, it just takes the right training, tools, and support.
Introducing Moneypenny
If you’re struggling to keep up with calls while trying to stay HIPAA compliant, Moneypenny is here to help. Our HIPAA-trained receptionists answer on your behalf with professionalism and discretion. Whether you need full call support or just help during busy periods, we’ll make sure no call or patient ever gets missed. Contact us today at 866-766-5050.
