Yes. Your organization, defined as the covered entity, hires the answering service to capture PHI verbally and to store and transmit PHI in an electronic form, defined as ePHI. The Final Omnibus Ruling provides specific requirements for handling and transmitting ePHI. 

Therefore, all medical answering services that store and transmit protected health information (PHI/ePHI) must maintain HIPAA compliance at all times. 

It is also the responsibility of your organization, defined as the covered entity, to perform a risk analysis of your current answering service in order to determine possible PHI breach points of storing and transmitting PHI. 

Scroll to Top