The Ultimate Guide to HIPAA-Compliant Voicemail in 2024

You are currently viewing The Ultimate Guide to HIPAA-Compliant Voicemail in 2024

Sometimes speaking to a patient informing them about their health condition becomes one of the hardest tasks to do. But, using proper channels and choosing suitable words can make it easier.

The article is about communication with patients in a proper way to deliver your message and keep their privacy protected.

Voicemail is a good option for safe communication, particularly in the medical field. Voicemail that complies with HIPAA regulations protects patient privacy, which makes it superior to phone conversations or emails.

We will discuss in detail how to transcript HIPAA compliant voicemails and leave them for your patients. HHS (the Department of Health and Human Services) directs covered entities i.e. healthcare providers to leave voicemails or information about healthcare with strictly adhering to HIPAA regulations.

A covered entity is defined as anyone or any group that has to comply with the rules of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

HIPAA Compliant Voicemails: Here’s What You Need To Know?

HIPAA (Health Insurance Portability and Accountability Act) is US legislation that imposes regulations for data privacy and safeguarding medical information i.e. PHI (Protected Health Information).

According to the HIPAA privacy rules, as HHS states, providers can communicate with a patient regarding their health but in limited pieces of information that should not reveal the patient’s health conditions to other members of their family without the consent of the patient.

Leaving detailed and informational voicemails about the health of patients can lead to violation of HIPAA privacy rules, therefore the U.S. Department of Health and Human Services (HHS) restricts covered entities to limit information on voicemail.

As a healthcare provider, you can deliver patients their health updates at their homes over phone calls, mail or via some other medium. The privacy rules do not restrict you from leaving messages for your patients on their answering machines. However, as a provider you should only disclose limited information, as discussed above, so receivers other than patients should not get the purpose of the voicemail.

For example, you should only leave your name and phone number to ask the person who receives the voicemail to call you back. Leaving additional information i.e. patient health conditions on the answering machine can expose it to unauthorized persons, and lead to HIPAA violation.

How to Leave a HIPAA Compliant Voicemail: Explained with Examples

Leaving a HIPAA compliant voicemail is not as complicated as it seems. Simple, leave a message contacting limited details which only the intended receiver can understand, or the person who is authorized. A written consent from your patient gives you rights to share information with someone else. However, according to the HIPAA rules, you are in violation if you do it without the permission of your patient. For more details you can read about HIPAA Compliance Checklist for Medical Practices.

Examples of HIPAA Compliant Voicemails

Informing your patients while leaving a voicemail is no more a complicated process. Simple, you have to keep in mind the HIPAA privacy rules for voicemail.

Example 1The first example here is related to informing them about their next appointment schedule.

Hello Mr. ABC. This is Dr. JJJ from XYZ healthcare. I am trying to reach you but it looks like you are not available at the moment. Please give me a call at 000444333 as you hear my voicemail. Thank you.

The voicemail looks suitable but it may still lead you to breach HIPAA privacy rule as your patient might not want to disclose his name. Therefore, it is recommended to not mention your name, patient name, and your practice name. It should be:

✔️ Hello. I wanted to reach you to inform you about your next appointment schedule but it looks like you are not available right now. Please, access me via phone call whenever you hear my voicemail. Thank you.

Example 2 – The second example here is giving an appointment reminder to a patient who is seeing various other doctors as well.

Mentioning just your name or asking them to call you back while leaving only your number will not work every time, however, that is the safest route for communication.

Sometimes, a patient may be receiving treatment from more than one doctor at various facilities. Therefore, if you are calling, you should inform them about their next appointment with you in a way that only the patient can understand.

✔️ Hello. Mr. DD here. I am just reaching you to remind you of your upcoming appointment tomorrow. Please call me back at 99889999 whenever you listen to my voicemail for further discussion. Thank you. 

Do not mention specific details about your practice or service. Discuss when the patient calls you back.

Example 3 – The third example here is related to reminding patients of their medicine prescriptions.

When you want to remind your patient about taking prescribed medicine accordingly, or to provide updates regarding the next prescription you will need to communicate through a phone call or voicemail.

Leaving voicemails regarding patient prescriptions may open the door for HIPAA violation, but doing it in a controlled way will protect PHI. Use these words while leaving a voicemail.

✔️ Hello. I am here to inform you about your next prescription. Call me back when you can. Thank you. 

In your voicemail, don’t use a prescription number or medication name.

Example 4 – The fourth example here is informing a patient of his/her medical bills.

Communicating with your patient about billing is a sensitive case. You have to be more careful as the patient would never want to be exposed that they owe you a billing amount. 

However, it may not be possible for you to avoid the payment for a longer time. Therefore, you should inform them leaving a HIPAA compliant voicemail in this way:

✔️ Hello. I am Mr. YYY intending to remind you to review your account if there are any outstanding payments. Please give me a call whenever you are available to discuss it further, or pay a visit. Thank you. 

Do not include any details of the services for which the bills were charged.

HIPAA Compliant Voicemail Tips: That Every Provider Must Be Aware Of!

Here are some tips you should act upon for securing your practice while following HIPAA regulatory rules. These tips will also help you to transcript HIPAA compliant voicemails exactly according to the guidelines of HHS for securing PHI (Protected Health Information).

HIPAA Compliant Voicemail Tip

1). Leave a Callback Number Only

No need to tell all the details and purpose of your contact over a phone call or voicemail. Simple, leave a message for your patients to call you back at the provided number. It is the best way to follow HIPAA rules.

After receiving your message, the patients can call you back and you can directly talk to them about their health issues.

Doing so will restrict the other family members of the patient to know about PHI.

HIPAA Compliant Voicemail

2). Do not Mention Your Practice Name

It is also recommended to not mention your name or practice detail. For example, your healthcare facility is about treating some serious kinds of diseases i.e. Cancer, HIV, etc.

If the patients don’t want to let family members know about their health condition, it will make you in trouble to mention your practice name.

If your practice is just a primary care facility, you can mention that but you are in hot water if it was without the consent of the patients.

HIPAA Compliant Voicemail Guide

3). Listen to the Message in Private

This is about how you as a provider secure your patient information when they leave a voicemail for you mentioning their health condition.

For the security purpose, it is necessary for you to listen to the voicemail privately so even your staff should not come to know about PHI. In case, the accidently overhear the message, still it is violation of HIPAA rules.

You can provide more information in a voicemail but with the written consent of your patient. Sign a consent form from your patient showing the statement:

“I give my consent for YYY Healthcare Facility and its staff to leave specific information regarding my health (appointment scheduling, billing issues, etc.) on my voicemail at phone number 88997744.”

After this signed consent form provided by your patient, if you provide more specific information regarding their health, you are not violating the HIPAA regulations.

FAQs

What is a HIPAA Compliant Voicemail Message?

Voicemail message that is left by a provider without disclosing PHI and following guidelines issued by the HHS is called a HIPAA compliant voicemail. For example, leaving a voicemail having a limited amount of information disclosing to only a patient or a person authorized by the patient.

What is exempt from HIPAA?

Here are some exceptions:

  • Patients requesting for copies of their own medical records
  • Requests for PHI (Protected Health Information) when there is a valid authorization
  • Requests for disclosure of PHI to HHS for complaint investigation, compliance review, or enforcement of procedures
  • Requests for PHI that are required by law

How to leave a HIPAA compliant voicemail?

Make sure your voicemail is HIPAA compliant by keeping it short and not referencing any specific protected health information (PHI). Just include your name, the name of the healthcare facility you are phoning from, your phone number, and a request for the patient to call you back. Don’t include any information that could be used to identify the patient, such as their illness or course of treatment.

That is to say, if any of the following applies, you should remove your name and the name of the healthcare facility:

➡️ Certain details about the patient’s health are disclosed by the name or nature of your healthcare facility. For example, if you are phoning from a mental health facility or a substance addiction therapy center, disclosing this information could risk patient anonymity.

➡️ The patient has asked you not to leave any personal information on their voicemail. In this situation, you need to honor your client’s requests and just leave a standard message requesting a callback. In these situations, you can simply say something like, “This is a message for [patient’s name]. Please call back at [phone number].”

Keep in mind that maintaining patient privacy is the main objective. If you’re unsure whether to add identifying information, it’s usually best to be safe and leave it out.

HIPAA Compliant Voicemail

Conclusion

Leaving HIPAA compliant voicemail for your patient can increase your patients’ trust in you and your facility. Most importantly, doing so can prevent you from facing high penalties charged by HHS. We have discussed in detail how to communicate with your patients according to HIPAA regulation, and also provided you with some useful examples.