PatientCalls is the most trusted HIPAA-compliant medical answering service in the healthcare industry. We are an industry leader and proud to ensure the proper levels of security for our company, your practice, and all patients.  

Medical answering services need to be HIPAA compliant because they are part of a network of medical professionals and healthcare providers entrusted with sensitive patient data. Health Insurance Portability and Accountability Act regulations help assure patient confidentiality which is expected throughout the medical field. 

How PatientCalls Ensures HIPAA Compliance  

PatientCalls is consistently at the forefront of HIPAA / HITECH / OMNIBUS compliance and we partner with our clients to ensure that they meet regulations. Our company provides all the documentation and technological solutions that your organization needs for HIPAA-compliant answering services.  

With our assistance, your company is enacting the right security measures to avoid costly fines and violations for non-compliance that damage a company’s reputation and expose patients to undue risk. Here are some of the measures that PatientCalls takes to protect patient privacy and safeguard data.

Secure Messaging of Patient Information  

We deploy exclusive and proprietary methods of encryption technology to securely access, store, and transmit all personal health information (PHI). Our standard security measures – also including access restrictions and two-factor authentication – provide confidence for covered entity clients.      

E-mail     

A phone answering service is restricted from sending traditional e-mails that include PHI without identifying possible security limitations within the transmitting and storage network. In response to these requirements, PatientCalls has implemented specific security measures and the use of secure web portals for PHI retrieval.  

Texting  

Text messages including PHI must be protected by encryption and strong passwords. Current cellphone carriers and mobile devices do not meet these security requirements for HIPAA compliance. To provide the same immediacy as traditional texting, we developed PatientNote, a mobile app for secure messaging. 

Cybersecurity & Physical Data Protections  

PatientCalls meets HIPAA requirements for cybersecurity protections and physical data security measures for data access and storage.  

Staff Compliance Training  

All call center agents working for PatientCalls are fully trained regarding cybersecurity awareness and security policies and procedures.  

Auditing Requirements & Monitoring for HIPAA Compliance 

As a covered entity, your organization must audit all business associates, including your trusted answering service, in order to mitigate the risk of breaching security and privacy regulations. PatientCalls helps to organize those audits and assumes the required responsibility that your medical office demands of us.   

Plus, our HIPAA Compliance Officer (HCO) implements frequent internal audits of our policies and staff members. Ongoing monitoring ensures that PatientCalls stays compliant and ahead of its competition among call centers in the medical field.   

Read more about HIPAA compliance requirements for medical answering services. 

Is Your Current Answering Service HIPAA Compliant?  

As the covered entity, you must make sure that the live answering service handling incoming calls and patient information is HIPAA compliant or risk violations, fines, and possible criminal charges.  

Try PatientCalls Today!

Frequently Asked Questions

How Can I Verify that the Phone Answering Services and Messaging Meet Requirements? 


As their client, you can simply phone your current call center and ask. But first, get informed about the regulations relevant to every medical answering service. 

– Who is your HIPAA Compliance Officer? 
– Are customer service agents trained in HIPAA / HITECH / OMNIBUS? 
– When was the last documented training and how often is the training renewed? 
– Is your e-mail and text solution secure with encryption and password protection? 
– Does your medical office use Windows XP or any earlier version of Windows? 
– Does your answering service software have the ability to audit logins in real-time and block unauthorized users to prevent PHI breaches? 
– What physical security measures are in place to protect medical information? 
– Will you sign our Business Associate Agreement? 
– Are you properly storing, transmitting, and destroying all messages as required by the Health Insurance Portability and Accountability Act?   

If your current answering service does not have an immediate answer to the questions above then we suggest looking for a new HIPAA-compliant medical answering service. As the covered entity, you must make sure that the answering service is HIPAA compliant or risk violations, fines, and possible criminal charges.  

What are the consequences if medical professionals do not use a HIPAA-compliant answering service?

Based upon HHS requirements and documented fines from PHI breaches, you are exposing your business to hefty fines and/or criminal charges. Penalties depend on the extent of the breach and if there is evidence of willful neglect. Violations put patient data at risk and there can be other expensive liability issues that result. Of course, news of HIPAA violations damages the reputation of healthcare entities and may negatively impact stakeholders’ and patients’ decisions in the future. 

Is alpha paging and/or numeric paging to medical professionals HIPAA compliant? 

No. Any traditional method like paging is not secure for transmitting PHI, therefore NOT HIPAA compliant. This is due to the lack of encryption and password protection. Any transmitted patient name or phone number – even for the purpose of appointment scheduling – that could be linked with medical relevance is considered PHI and needs the proper protections defined by HIPAA. 

Does an answering service have to be HIPAA compliant?

Yes. Your medical office is defined as the covered entity. A live answering service is a business associate hired to capture protected health information and to store and transmit it digitally, which is defined as ePHI. HIPPA privacy and security rules outline specific requirements for handling and transmitting ePHI.  

Therefore, all medical answering services that store and transmit PHI and ePHI must comply with HIPAA regulations and customer service agents must be trained to follow HIPAA compliance policies.  It is also the responsibility of your organization to perform a risk analysis of your current answering service to identify possible HIPAA violations and vulnerable breach points. 

Scroll to Top