Articles page     HIPAA page    

How To Minimize The Risks Of Leaving Protected Health Information In Telephone Messages

Dilemma: Under the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy Rule, how much protected health information (PHI) should one leave in telephone messages for patients?

Risks: The primary risk is that PHI left in a telephone message may be received or overheard by family members or others who are not aware of the patient’s condition. It is also possible that, similar to privacy concerns about faxing PHI, the protected information may be left at incorrect telephone numbers.

Recommendation: Avoid leaving telephone messages that link a patient’s name to a particular medical condition or the facility or specialist whom the patient is seeing. This is particularly important with personal conditions, such as substance abuse, pregnancy, HIV, etc. The Department of Health and Human Services has made it clear – reasonableness will govern as its standard for evaluating a health care provider’s compliance with the HIPAA Privacy Rule. Therefore, continue to leave telephone messages, but be vague about the message by not linking a patient’s name with his or her medical condition. E.g.; "Please ask Mr. Smith to call Dr. James’s office at (555) 555-5555."

For more information, please Call or E-mail