Incoming Calls at Your Medical Practice

How to Handle Sensitive Information on Incoming Calls at Your Medical Practice

Updated post for 20 July 2020

As a doctor, patients are putting their health and even their lives in their hands. However, maintaining a patient’s privacy is just as important. HIPAA laws are in place to protect a patient’s right to privacy and to ensure that medical practitioners are dealing with sensitive information in an appropriate manner. One of the ways that medical professionals can ensure that they are securing information accordingly is to exercise best practices when it comes to answering medical incoming calls.

Those answering incoming Personal Health Information (PHI) medical calls must comply with both the privacy and security rules in HIPAA.

Complying with the HIPAA Privacy Rule

HIPAA privacy rule compliance ensures that personal information is kept confidential, whenever that information is accessed, recorded, or shared. Your medical business should have procedures to seek patient consent and ensure privacy for all medical information including patient demographic information medical conditions, treatments, and payments. Anyone answering incoming medical calls should be trained to ensure they follow your procedures and know to discuss personal health information.

Complying with the HIPAA Security Rule

The HIPAA security rule refers to storing personal health information safely. Information needs to be encrypted, protected by strong passwords and firewalls.

HIPAA Compliance in Incoming Calls

What exactly is the best way to handle medical incoming calls in accordance with HIPAA standards? First of all, try to keep calls as short as possible. Anything that is being discussed via phone is subject to HIPAA regulations so it’s important to make sure that any information that is exchanged over the phone is HIPAA-compliant and that interactions are as limited as possible to prevent violations during medical incoming calls. You should also have a procedure in place that forces people taking incoming calls to log off their computers when they walk away from their workstations and to never write down passwords.

Is Saying a Patient Name a HIPAA Violation?

Revealing PHI, or Protected Health Information, is a HIPAA violation, so it’s critical that this information is protected at all costs. One way to avoid giving away PHI is to be cognizant of one’s surroundings. While it is not a violation of HIPAA to mention a patient’s name over the phone, you should use the same caution that you would use when in a waiting room. Try not to use the patient’s full name, for instance. This way the patient cannot be easily identified. As an example, a name used in context with a specific floor of hospital (like neurology), department or associated with a doctor can imply that that person is also associated with the specific health issue (like a brain tumor).

Is it a HIPAA Violation to Email Medical Records?

Although it is not considered a HIPAA violation to email medical records, it’s important to take precautions when using email, just as you would for medical incoming calls. Use encrypted email whenever possible to add an extra layer of safety to email transmissions.

How do I Find the Caller Identity?

Before you discuss any private information during a medical incoming call, it’s important to ensure that you are talking to the correct person. Ask the patient for their first and last name, and then ask for at least two additional identifiers, such as date of birth, membership/insurance number, or address and phone number. Make sure you have the patient give you the information, do not provide information to the patient and ask them to verify.

Can a Doctor Disclose Patient Information?

Under HIPAA laws, a doctor should keep any patient information or records secured and only disclose PHI when granting permission by the patient. HIPAA rules are in place to protect the patient’s privacy and personal information and a doctor must ensure that they are doing all they can to secure patient information.

Can a Spouse Access Medical Records?

Marriage does not necessarily mean consent when it comes to medical records. A spouse may have access to medical records only when a patient gives their doctor or medical provider consent.

Protecting patient privacy and ensuring HIPAA compliance are extremely important. At Anserve, we understand how crucial it is to safeguard PHI. Contact us today and find out how we can assist you with incoming medical calls.

Are There Specific Guidelines for COVID Patient Communications and HIPAA?

Like every other patient, HIPAA is there to protect COVID patient’s privacy and security for their personal health information. The US Government has provided guidance that changes as the situation around COVID cases changes. Use this link to check specific COVID/HIPAA guidance.

All Anserve Employees are, certified, HIPAA Compliant

Anserve understands the HIPAA rules, invests heavily to stay at the forefront of changing technology, and has a long history of helping health care organizations and staying HIPAA Compliant. Anserve will offer a Business Associates Agreement (BAA) to any Covered Entity and/or will comply with any BAA offered by the Covered Entity.

Give us a call if your health care organization is struggling to stay compliant with HIPAA. Our professional team of highly trained HIPAA compliant call center specialists can help.