HIPAA Q&A: Leaving PHI on voicemail
Compliance Monitor, January 4, 2012
Q. A health plan representative told our clinic that she could not include PHI in a voicemail message because our greeting does not state that voicemail is confidential. Must covered entities include a confidentiality disclaimer in their voicemail greetings?
A. A voicemail greeting does not need to include a confidentiality disclaimer. However, remember that the HIPAA Privacy and Security Rules represent the floor for privacy and security. A covered entity or business associate can elect to require more stringent privacy and security measures. This means the health plan can require a confidentiality disclaimer as part of the voicemail greeting before its representatives leave messages that contain PHI.
Editor’s note: Chris Apgar, CISSP originally answered this question in the August 2011 Strategies for Health Care Compliance. Apgar is president of Apgar & Associates, LLC, in Portland, OR. He has more than 17 IT experience and specializes in security compliance, assessments, training, and strategic planning. Apgar is a board member of the Workgroup for Electronic Data Interchange and chair of the Oregon and Southwest Washington Healthcare, Privacy and Security Forum.
Related Products
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Medicare Insider
Each issue of Medicare Weekly Update includes the latest CMS proposed and final rules, CMS manual revisions, and...
-
Strategies for Health Care Compliance-Electronic_1year
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- Practice the six rights of medication administration
- Q&A: Primary, principal, and secondary diagnoses
- Note similarities and differences between HCPCS, CPT® codes
- OB services: Coding inside and outside of the package
- Skills of effective case managers
- Differentiate between types of wound debridement
- Know the medical gas cylinder storage requirements
- Prevent dehydration with nursing interventions
- Complications from immobility by body system
- E-mailed
-
- Are coroners and medical examiners entitled to receive PHI?
- Differentiate between types of wound debridement
- Q&A: Backdating an inpatient admission
- CVS to pay $2.25 million settlement for patient privacy breaches
- Consider two options for coding Rho(D) immune globulin given in pregnancy
- Know the medical gas cylinder storage requirements
- Joint Commission now allows partially-used oxygen canisters in 'full' rack
- How to use revenue codes with trauma patients
- Hospital Billing from A to Z: 3- and 1-day rules
- HIPAA Q&A: Cameras in patient rooms
- Searched
