1-800-HIPAA: Guide to Compliant Phone Calls

April 12, 2024

Brrring Brrring Brring! It’s your friends from Abyde calling! Pick up! We have some worthwhile tips and tricks to share with you today. 

While we all love a good chat on the phone when working with Protected Health Information (PHI), it’s key to keep things confidential. 

That’s why today, pick up our call and learn how your practice can make compliant phone calls. By following our tips, you’ll be a confident phone pro, ready to chat with patients while keeping their privacy a top priority.

So, are you ready to answer? Let’s get started!

Hello, it’s HIPAA

In the digital age, there are numerous ways to connect and share information with patients. Reaching out to patients through the phone is still a common practice, but you need to be able to navigate it safely. 

First, ensure your phone systems are HIPAA-compliant before sharing any PHI. This includes end-to-end encryption, user authentication, audit control, automatic log-off, and other strong security features. 

When onboarding with a cloud-based phone service, make sure a Business Associate Agreement (BAA) is signed with the provider, ensuring accountability and liability when it comes to the protection of patient data

Listen, we know you might be itching to chat after your visit –   you genuinely care about our patients and their well-being, but there aren’t a ton of reasons to call a patient.  While HIPAA restricts casual chit-chat, some of the reasons to call a patient include:

  • Lab results
  • Prescription notifications 
  • Appointment reminders and updates
  • Post-op instructions 

Additionally, if you are calling a Business Associate (BA), make sure a BAA is signed before communicating any PHI through the phone. 

When in Doubt, Leave it Out!

When on the phone with a patient or a BA and you’re disclosing PHI, the Minimum Necessary Requirement is at play. As in the name, this standard means only the minimum necessary information about a patient’s health information should be disclosed. 

FCC, or the Federal Communications Commission has come out and given guidance on HIPAA-compliant phone calls. Keep it short and sweet! Phone calls should be less than 60 seconds or less than 160 characters in text length

And, don’t blow up any patient’s phone with calls! The FCC says patients should only receive three calls a week, or one text a day

To ensure patient privacy and clear communication, keep calls brief and focused.  Before sharing any information, take a moment to verify the patient you are speaking with

Phoning Family

While it’s only normal for a family to worry about a patient’s health, sharing this information is a different story. 

Under HIPAA, the patient has to agree for their PHI to be shared with family. Once again, only the minimum information required can be shared. 

However, if a patient is incapacitated, PHI can be shared with the family if it’s considered in their best interest. Once a patient is lucid again, the patient can retract permission for PHI to be shared with family. 

Dialing Up Patient Trust

Phone calls are a common and effective way to quickly share information with patients. Like anything regarding PHI, it’s vital to stay compliant, keeping patient information secure. 

By properly handling phone calls at your practice, you’ll strengthen patient trust, improve communication, and reduce compliance risks with the right tools. Abyde can be one of those trusted tools, being a cloud-based solution that streamlines the compliance process. Abyde will assist you in having everything you need to be compliant, keeping you in check and creating a culture of compliance at your practice. 

To learn more about what your practice needs to do to be compliant, email info@abyde.com, call us at 1.800.594.0883,  and schedule a consultation here