HIPAA Q&A: Leaving PHI on voicemail
Compliance Monitor, January 4, 2012
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Q. A health plan representative told our clinic that she could not include PHI in a voicemail message because our greeting does not state that voicemail is confidential. Must covered entities include a confidentiality disclaimer in their voicemail greetings?
A. A voicemail greeting does not need to include a confidentiality disclaimer. However, remember that the HIPAA Privacy and Security Rules represent the floor for privacy and security. A covered entity or business associate can elect to require more stringent privacy and security measures. This means the health plan can require a confidentiality disclaimer as part of the voicemail greeting before its representatives leave messages that contain PHI.
Editor’s note: Chris Apgar, CISSP originally answered this question in the August 2011 Strategies for Health Care Compliance. Apgar is president of Apgar & Associates, LLC, in Portland, OR. He has more than 17 IT experience and specializes in security compliance, assessments, training, and strategic planning. Apgar is a board member of the Workgroup for Electronic Data Interchange and chair of the Oregon and Southwest Washington Healthcare, Privacy and Security Forum.
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Related Products
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Compliance Monitor
This HTML e-mail newsletter delivers news on Medicare and Medicaid fraud and abuse, as well as recent documents and targets...
-
Medicare Weekly Update
Each issue of Medicare Weekly Update includes the latest CMS proposed and final rules, CMS manual revisions, and...
-
Medicare Update for Physician Services
Medicare Update for Physician Services is a free, monthly e-zine that delivers news and information to help physician...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- Capturing all necessary codes for IUD insertion and removal can be challenging
- Topic: CMS, OESS post new security compliance review information, checklist
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- Q/A: Coding infusions to correct low potassium levels
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Q&A: Follow CMS' coding guidelines when using modifier -25
- Understand the spine to code back procedures correctly
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- Searched