Add as bookmark

A Complete Guide TO HIPAA Compliant Medical Answering Services

by Courtney Dawson(more info)

listed in clinical practice, originally published in issue 289 - September 2023


The Health Insurance Accountability and Portability Act of 1960 has had a huge impact on medical answering services. Compliance with HIPAA regulations is one of the most important aspects of answering services. A HIPAA-compliant phone answering service must fulfill the Privacy & Security Rules requirements within the HIPAA. The PHI or Protected Health Information is a set of requirements that need to be followed by medical answering services. This PHI regulation has forced the answering service to undergo major technological and procedural upgrades.


Opening Image


Most of the medical answering services have redesigned their storage and transmission procedures related to sending patient information to the medical staff through emails or text messages since they have to provide a high level of encryption, password protection, and accountability for each party involved, that has access to medical information of the patient. All medical answering services ought to be HIPAA compliant since they are part of a network of organizations, known as covered entities and business associates, that handle sensitive data. Therefore, they are responsible for safeguarding PHI and protecting patient privacy. A HIPAA-compliant phone answering service must also ensure that any third-party suppliers or service providers involved maintain the same level of high data security and regulatory compliance.


2nd Image


What does PHI Include?

PHI or Patient Health Information includes personal and medical details of the patient such as name; address; treatment plan; telephone number; fax number; relevant dates; payment information; email address; medical record number; social security number; account number; IP address; health plan beneficiary number; certificate or license number; device identifiers and serial numbers; biometric identifiers like voice prints and fingerprints; vehicle identifiers and serial numbers; photographs; their past, present, or future physical or mental condition; and any other characteristics that are unique to the individual patient. This information may be recorded or transmitted through any medium like phone, computer, or even paper and oral.

What Does HIPAA Compliance Involve?

Use Of HIPAA-Compliant Devices

A prime example of HIPAA violation is exchanging regular SMS messages from their personal mobile phones to a patient. Hence, the services should use electronic devices and communication platforms with password protection and encryption when handling this data. The doctors and medical staff will also use these security measures when communicating about or with patients.

Protected Communications

A secure computer system and network for accessing and transmitting sensitive data is a basic requirement of answering services. Any text, phone, email, or voice message containing patient information should be sent and received only through password and encryption protection. Also, access to any device that handles the PHI should be limited only to authorized and trained staff members, who must pass a two-factor authentication before gaining access to the information.

Security for Stored Patient Information

The PHI should be secure even when not being used. Hence, all the sensitive data and recorded calls stored in physical servers, databases, or cloud storage should have cybersecurity protection. They may also use physical protections in order to restrict access to areas that access and store sensitive data.

Continual Monitoring

Since compliance is ongoing, the medical answering services should have a continuous monitoring system and practices with updated policies. This will ensure that proper security and privacy measures are practiced. Some answering services also appoint HIPAA compliance officers dedicated to overseeing these compliance measures.

Training the Call Agents

The call agents in the medical answering service should be thoroughly trained in the security policies and procedures involved in HIPAA compliance. Their training may include cybersecurity awareness, proper reporting protocols, and contingency plans if there is a data breach.


Media istock Image



How to Know a Medical Answering Service is not HIPAA-Compliant?

Lack of HIPAA-Compliant Certification

HIPAA-compliant companies will include their certification on their website. If not, you can call the company and ask for the certificate. Do not hire them if they cannot provide you with it.

Releasing Patient Information Via Phone or Text

The medical answering services cannot release patient medical information over the phone or by text. If done, it should be secure and should use data encryption. Remember that text messages usually do not have secure or encrypted data.

Lack Of Proper Training Programs

A HIPAA answering services company will offer appropriate training programs to their call agents. Regular training will help their staff to follow HIPAA regulations.

What is at Risk?

HIPAA violations and data breaches severely impact medical answering services and damage the reputation of medical facilities and practitioners that work with them. Without proper security or encryption and HIPAA compliance, many things might be at risk, including an unencrypted email; unauthorized access to servers; a vulnerability in the system; a phishing attack on the call agent, etc. Any data breach could attract strict legal action and hefty fines.

To Conclude

These implications point to HIPAA compliance standards as necessary for any medical answering service. Therefore, any medical facility that wishes to hire these services should ensure that they fulfill all the requirements of HIPAA regulations. Make sure that this is your top priority.


  1. No Article Comments available

Post Your Comments:

About Courtney Dawson

Courtney Dawson is a freelance writer, with 5+ years of experience in creating content for varied online portals and websites. Her expertise extends to writing about health, beauty, fashion, fitness, medical, workout and wellness-related topics. Courtney may be contacted via  

top of the page