Are Phone Calls HIPAA-Compliant?
As technology continues to develop, so does the software that keeps your electronic health records secure. Even with a simple phone call to schedule an appointment or follow-up after a procedure, there are several legal regulations in place that keep calls encrypted and your business compliant.
The Telephone Consumer Protection Act (TCPA) was created in 1991 to regulate telemarketing calls, pre-recorded messages, and automatic dialing systems. However, TCPA does not apply to healthcare-related phone calls and messages. As long as the phone call is related to a patient’s medical care, it is HIPAA compliant. This includes topics as follows:
- Appointment reminders
- Follow-ups after surgery or medical treatment
- Lab test results
- Prescription notifications
- Pre-operative instructions
However, HIPAA rules may be broken if a patient is called from a medical professional’s personal phone and that patient’s name and number are saved. If the cell phone were lost or stolen, the patient’s information could also be taken.
When a patient gives you, their healthcare provider, their phone number, they are giving consent to contact them at that phone number. However, as a safeguard for your practice and patients’ privacy, you may want to include a phone policy in the patient intake packet that states you will be contacting them via the provided phone number.
To stay HIPAA compliant, you must state your name, contact information, and purpose of the call when you call your client. To avoid a security breach, try to keep phone calls to 60 seconds and text messages to 160 characters. You also cannot call a client more than three times a week and they cannot be charged for any calls or messages sent to their phone. HIPAA has not yet clearly defined the rules for automated texts and calls, so if you utilize an automated system, make sure you have explicit consent from your client.
When leaving a message for your client over voicemail, you can only include their name, appointment time, and your office contact information. This also applies when a family member or other person answers the phone since personal information can only be discussed with the client.
DLM will help you develop a HIPAA-compliant website and stay up to date on HIPAA procedures for all aspects of your business. Our services are HIPAA-compliant as well, tailored to best support your medical practice and develop your brand. Call us today at 616-222-3735 or fill out our online form to schedule a 15-minute demo of our services.