Corporate Compliance

Q&A: Voice mail disclaimer

Compliance Monitor, July 6, 2011

Q. A health plan representative called our clinic and said she could not include protected health information (PHI) in a voice mail message because our voice mail greeting did not state that the voice mail was confidential. Are covered entities required to include a confidentiality disclaimer as part of a voice mail greeting?

A. A voice mail greeting does not need to include a confidentiality disclaimer. It is important to remember, though, that the HIPAA Privacy and Security Rules represent the floor for privacy and security. A covered entity or business associate can elect to require more stringent privacy and security measures. This means the health plan can require a confidentiality disclaimer as part of the voice mail greeting before its representatives leave a message that includes PHI.

This tip was adapted from the July 2011 issue of Briefings on HIPAA. More information about Briefings on HIPAA is available at the HCMarketplace.

Most Popular