PatientCalls is the most trusted HIPAA-compliant medical answering service in the healthcare industry. We are an industry leader and proud to ensure the proper levels of security for our company, your practice, and all patients.  

Medical answering services need to be HIPAA compliant because they are part of a network of medical professionals and healthcare providers entrusted with sensitive patient data. Health Insurance Portability and Accountability Act regulations help assure patient confidentiality which is expected throughout the medical field. 

How PatientCalls Ensures HIPAA Compliance  

PatientCalls is consistently at the forefront of HIPAA / HITECH / OMNIBUS compliance and we partner with our clients to ensure that they meet regulations. Our company provides all the documentation and technological solutions that your organization needs for HIPAA-compliant answering services.  

With our assistance, your company is enacting the right security measures to avoid costly fines and violations for non-compliance that damage a company’s reputation and expose patients to undue risk. Here are some of the measures that PatientCalls takes to protect patient privacy and safeguard data.

Secure Data Handling & Storage

PatientCalls deploys exclusive and proprietary methods of encryption technology to securely access, store, and transmit all personal health information (PHI). Our standard security measures – also including access restrictions and two-factor authentication – provide confidence for covered entity clients.      

Our system stores and destroys PHI in accordance with HIPAA guidelines. We do not allow any PHI to be stored or retrieved within our voicemail system.

Secure Messaging of Patient Information  

Our system prohibits the use of alpha paging devices and redirects all PHI transmitted electronically to secure e-mail or SMS. This is done via our secure portal or other approved software solutions, such as, but not limited to, Gmail or Office 365.


A phone answering service is restricted from sending traditional e-mails that include PHI without identifying possible security limitations within the transmitting and storage network.

In response to these requirements, PatientCalls has implemented specific security measures and the use of secure web portals for PHI retrieval. Our system sends emails as password-protected PDFs over an encrypted path. 


Text messages including PHI must be protected by encryption and strong passwords. Current cellphone carriers and mobile devices do not meet these security requirements for HIPAA compliance.

To provide the same immediacy as traditional texting, we developed PatientNote. It sends SMS notifications prompting medical staff to view messages on our encrypted and password-protected app. This also provides accountability data regarding access to PHI and time stamps.

Cybersecurity & Physical Data Protections  

PatientCalls meets HIPAA requirements for cybersecurity protections and physical data security measures for data access and storage. We have created cybersecurity features that monitor all SMS/WEB portal traffic and block any user (employee, customer, or hacker) from accessing any PHI after multiple and repeated authentication failures.

Staff Compliance Training  

All call center agents working for PatientCalls are fully trained regarding cybersecurity awareness and security policies and procedures.  

Auditing Requirements & Monitoring for HIPAA Compliance 

As a covered entity, your organization must audit all business associates, including your trusted answering service, in order to mitigate the risk of breaching security and privacy regulations. PatientCalls helps to organize those audits and assumes the required responsibility that your medical office demands of us.   

HIPPA Compliance Officer

PatientCalls exceeds HIPAA requirements by naming an Operational HIPAA Compliance Officer (HCO) and a Technical HCO. Plus, our HCOs implement frequent internal audits of our policies and staff members. Ongoing monitoring ensures that PatientCalls stays compliant and ahead of its competition among call centers in the medical field.   

Business Associate Agreements

PatientCalls has BAAs and BACs in place with all clients and sub-contractors. We also post our BAA on a secure web link for all clients in their monthly invoices. This acts as our backup and binding agreement between parties in the event a BAA is lost or accidentally destroyed.

Documentation for Audits

Our system provides audit control reports to support the periodic security and privacy attestation that your business is required to perform. This includes detailed message delivery status reports, PHI access event logs, and quarterly risk assessment analyses.

Read more about HIPAA compliance requirements for medical answering services. 

Try PatientCalls Today!

Frequently Asked Questions

Frequently Asked Questions

How Can I Verify that the Phone Answering Services and Messaging Meet Requirements? 

As their client, you can simply phone your current call center and ask. But first, get informed about the regulations relevant to every medical answering service. 

– Who is your HIPAA Compliance Officer? 
– Are customer service agents trained in HIPAA / HITECH / OMNIBUS? 
– When was the last documented training and how often is the training renewed? 
– Is your e-mail and text solution secure with encryption and password protection? 
– Does your medical office use Windows XP or any earlier version of Windows? 
– Does your answering service software have the ability to audit logins in real-time and block unauthorized users to prevent PHI breaches? 
– What physical security measures are in place to protect medical information? 
– Will you sign our Business Associate Agreement? 
– Are you properly storing, transmitting, and destroying all messages as required by the Health Insurance Portability and Accountability Act?   

If your current answering service does not have an immediate answer to the questions above then we suggest looking for a new HIPAA-compliant medical answering service. As the covered entity, you must make sure that the answering service is HIPAA compliant or risk violations, fines, and possible criminal charges.  

What are the consequences if medical professionals do not use a HIPAA-compliant answering service?

Based upon HHS requirements and documented fines from PHI breaches, you are exposing your business to hefty fines and/or criminal charges. Penalties depend on the extent of the breach and if there is evidence of willful neglect. Violations put patient data at risk and there can be other expensive liability issues that result. Of course, news of HIPAA violations damages the reputation of healthcare entities and may negatively impact stakeholders’ and patients’ decisions in the future. 

Is alpha paging and/or numeric paging to medical professionals HIPAA compliant? 

No. Any traditional method like paging is not secure for transmitting PHI, therefore NOT HIPAA compliant. This is due to the lack of encryption and password protection. Any transmitted patient name or phone number – even for the purpose of appointment scheduling – that could be linked with medical relevance is considered PHI and needs the proper protections defined by HIPAA. 

Does an answering service have to be HIPAA compliant?

Yes. Your medical office is defined as the covered entity. A live answering service is a business associate hired to capture protected health information and to store and transmit it digitally, which is defined as ePHI. HIPPA privacy and security rules outline specific requirements for handling and transmitting ePHI.  

Therefore, all medical answering services that store and transmit PHI and ePHI must comply with HIPAA regulations and customer service agents must be trained to follow HIPAA compliance policies.  It is also the responsibility of your organization to perform a risk analysis of your current answering service to identify possible HIPAA violations and vulnerable breach points. 

Scroll to Top