Skip to content

Trusted by Leading Medical & Healthcare Companies

  • Advanced Homecare Logo
  • Einstein Health Logo
  • Providence Health and Services Logo
  • Advanced Dermatology Logo
  • Advocare Logo
  • OrthoMaryland Logo
  • Visiting Angels Logo
  • Contact
  • About
    • Compliance Statement
    • Letter of Introduction
    • Service Areas
      • California
      • Las Vegas
      • Texas
  • (866) 333-7922
  • Patient Calls Logo Mobile
  • Call Us
  • Live Chat
  • Menu
  • Search
Patient Calls Logoa close up image of patientcalls logo
  • Services
    • Medical Answering Service
    • Secure Text Messaging
    • EMR Integration
      • for eClinicalWorks EMR
      • for Intergy EMR
    • Insurance Verification
    • Remote Work Support
  • Industries Served
    • Hospitals & Healthcare Networks
    • Doctors
    • Homecare & Hospice
    • Internal Medicine
    • Orthopedics
    • Pediatrics
    • Dentistry
    • Optometry
    • Rehab Center Answering Service
    • Massage Therapy
    • Acupuncture
  • Pricing
  • Privacy & Security
    • Comparison of Features & Security
    • HIPAA Compliance
    • Quality Control
    • Disaster Recovery
  • Blog
    • Contact
    • About
      • Compliance Statement
      • Letter of Introduction
      • Service Areas
        • California
        • Las Vegas
        • Texas
    • (866) 333-7922
  • Search

    Get Free Quote
Hipaa Compliance And Medical Answering Service

Do Medical Answering Services Need to Be HIPAA Compliant?

Author Picture

Updated on December 12, 2020 by Jordan McGlone

Share this article!share this article

Table of Contents

Toggle
  • How HIPAA Affected the Healthcare Industry  
  • The Impact of HIPAA on Medical Answering Services  
  • What Is PHI? 
  • What Does HIPAA Compliance Involve for Answering Services? 
  • What’s at Risk? 
  • Trust a Medical Answering Service with Proven HIPAA Compliance 

Yes. Medical answering services are considered business associates and must comply with HIPAA regulations. Answering services providing services to hospitals, clinics, doctors’ offices, nursing facilities, and other companies in the healthcare industry must meet these strict security and privacy requirements. 

The Health Insurance Portability and Accountability Act states that healthcare providers, their suppliers and service providers are ethically and legally required to protect patient information. HIPAA Privacy and Security Rules outline how covered entities and business associates, including phone answering services, must protect PHI and ePHI while enabling the flow of information to provide quality medical services.   

How HIPAA Affected the Healthcare Industry  

In 1996, the need to protect an individual’s personal health information gave rise to the creation of HIPAA. Since then, HIPAA, HITECH, and Omnibus regulations have forced the implementation of additional security and compliance methods for organizations handling sensitive health data. These have presented significant legal and technical challenges within the industry including medical and healthcare answering services.  

These regulations have fundamentally impacted how a patient’s information can be stored and transmitted. Now, details of a patient’s medical condition, healthcare treatments, contact information, billing information, and incurred payments must be more secure and private than ever before.     

Since September 2013, the responsibility to comply with HIPPA has expanded to include the business associates and subcontractors of covered entities which handle PHI. Now, these entities share the same levels of liability as the organizations they serve. In fact, covered entities are fully responsible for performing risk audits of the business associates which they rely on to collect, store, and transmit personal health information.   

The Impact of HIPAA on Medical Answering Services  

Experts have dubbed PHI security the most expensive set of requirements within the HIPAA Privacy & Security Rules. These important regulations apply to medical answering services, which store and transmit PHI, and they have had major implications in terms of technological and procedural upgrades. For answering services, the costs involved with reaching compliance are high and making the required changes is time-consuming.  

Legacy answering services had to rethink and redesign their storage and transmission procedures related to sending PHI to medical staff via text messages, pagers and e-mail. These traditional methods are no longer considered secure within the context of HIPAA-HITECH-Omnibus. In addition, medical answering services must now provide the proper levels of encryption, accountability, and password protection for all parties who access PHI both internally and externally.       

Answering services need to be HIPAA compliant because they are part of a network of organizations that handle sensitive data. These organizations, known as covered entities and business associates (BA), are responsible for safeguarding personal health information and protecting patient privacy.  

For medical establishments and healthcare professionals, HIPAA compliance is also a critical part of protecting their practice. It is also their responsibility to ensure that their third-party suppliers and service providers maintain the same high level of data security and regulatory compliance.  

What Is PHI? 

Protected health information (PHI) is individually identifiable data about a person’s health status that has been created, collected, transmitted, or stored by a HIPAA-covered entity when providing healthcare services. This includes, but is not limited to: 

  • Last names, 
  • Addresses, 
  • Birthdates, 
  • Phone numbers, 
  • Social security numbers, 
  • Email addresses, 
  • Health insurance information,
  • Medical device identification numbers, 
  • Headshot images. 

Related article: What Is Interoperability and How Are Data Access Regulations Changing?

What Does HIPAA Compliance Involve for Answering Services? 

Since 2013, HIPAA regulations have been applied to all service providers in the medical industry. BAs are held to the same privacy and security standards as healthcare providers.  

As a BA with access to patient information, medical answering services are also bound by HIPAA regulations.  

Protected Communications 

Any BA that is trusted with patient information must have a secure computer system and network for accessing and transmitting sensitive data. Access to any computer or device that may handle PHI must also be limited to only authorized and trained staff members. Authorized users should be required to pass two-factor authentication before gaining access to PHI. 

Phone calls, text messages, voice messages, and email containing PHI must all be sent and received using password and encryption protection. 

Use of HIPAA-Compliant Devices 

Exchanging regular SMS messages from your mobile phone to a patient or including PHI is a prime example of a HIPAA violation. BAs, including answering services, must use electronic devices and communication platforms with encryption and password protection when handling this type of data. In turn, doctors and medical staff must also have these security measures in place when communicating about and with patients.  

Security for Recorded and Stored Information 

Even while PHI is at rest, it must be secure. Sensitive data and recorded calls stored in databases, physical servers, or cloud storage must have cybersecurity protections in place. Additionally, physical protections must be used to restrict access to areas where sensitive data is accessed and stored.  

Training for Call Agents in HIPAA Compliance 

Call agents working for a medical answering service must be fully trained in following security policies and procedures related to HIPAA compliance. This includes cybersecurity awareness training and learning the proper reporting protocols and contingency plans in case of a data breach.  

Continual Monitoring for HIPAA Compliance 

Compliance is an ongoing process. Medical answering service providers should continue to monitor call center practices and updated policies to ensure that security and privacy measures are effective. The agency may choose to appoint a HIPAA compliance officer who provides dedicated oversight to this area of responsibility.  

What’s at Risk? 

An unencrypted email, a vulnerability in the computer system, unauthorized access to servers, a successful phishing attack on an untrained call center employee…any one of these events could spell disaster for a BA. Data breaches and the discovery of HIPAA violations are both detrimental to business associates. And they can also damage the reputation of healthcare organizations and the professional standing of practitioners with whom they work. 

A HIPAA breach is defined as, “The acquisition, access, use, or disclosure of protected health information in a manner not permitted which compromises the security or privacy of the protected health information.” And any breach is punishable by legal action and hefty fines. While no healthcare organization can be 100% protected, the regulations laid out in HIPAA support the implementation of industry best practices for protecting patient information and confidentiality. 

Learn more about HIPAA-Compliant Telehealth and the Changes Expected from HIPAA Regarding the Use of Technology in Healthcare in 2021. 

Trust a Medical Answering Service with Proven HIPAA Compliance 

If your medical answering service does not meet HIPAA compliance standards, it’s time to switch. The strength of your medical organization depends on it.  

PatientCalls began focusing on HIPAA compliance before Omnibus rules went into effect and it continues to be a top priority for our organization and our clients. Contact PatientCalls for more information about our compliance assurance.  

Contact PatientCalls for more information about our compliance assurance.

Get a Quote

About The Author

Author Picture

Jordan McGlone

Jordan has more than seven years of experience working for PatientCalls and a strong background in the healthcare answering service industry. He designs directive plans to fit the unique structure and activities of healthcare organizations, while ensuring that communications are efficient, compliant with HIPAA privacy and security regulations, and support optimal patient care.

Healthcare Call Center vs. Answering Service: the Differences that Count
October 3, 2023
Healthcare Call Center vs. Answering Service: the Differences that Count
Top Reasons to Consider Medical Call Answering Jobs 
March 17, 2023
Top Reasons to Consider Medical Call Answering Jobs 
Has Your Service Provider Raised Its Prices? 
November 2, 2022
Has Your Service Provider Raised Its Prices? 
Protecting PHI in the Era of Call Center Fraud
October 6, 2021
Protecting PHI in the Era of Call Center Fraud
Patient Calls Logo
  • 3000 W Valley Forge Circle
    Suite 3800
    King of Prussia, PA 19406
  • (866) 333-7922
  • [email protected]

Overview

  • About Us
  • Contact Us
  • Get Started
  • Resources
  • Privacy Notice
  • Compliance Statement
  • Sitemap

Our Service

  • Medical Answering Service
  • Our Software
  • EMR Integration
  • Security & Disaster Recovery
  • Quality Control
  • Insurance Verification
  • Medical Answering Service Pricing

HIPAA Compliance

  • HIPAA-Compliance
hipaa compliant icon

Industries Served

  • Hospital / Hospitalist
  • Internal Medicine
  • Doctors
  • Homecare / Hospice
  • Orthopedics
  • Pediatrics
  • Dentistry
  • Optometry
  • Massage Therapy
  • Acupuncture
Copyright © 2025 PatientCalls
Scroll to Top