HIPAA Q&A: Leaving PHI on voicemail
Compliance Monitor, January 4, 2012
Q. A health plan representative told our clinic that she could not include PHI in a voicemail message because our greeting does not state that voicemail is confidential. Must covered entities include a confidentiality disclaimer in their voicemail greetings?
A. A voicemail greeting does not need to include a confidentiality disclaimer. However, remember that the HIPAA Privacy and Security Rules represent the floor for privacy and security. A covered entity or business associate can elect to require more stringent privacy and security measures. This means the health plan can require a confidentiality disclaimer as part of the voicemail greeting before its representatives leave messages that contain PHI.
Editor’s note: Chris Apgar, CISSP originally answered this question in the August 2011 Strategies for Health Care Compliance. Apgar is president of Apgar & Associates, LLC, in Portland, OR. He has more than 17 IT experience and specializes in security compliance, assessments, training, and strategic planning. Apgar is a board member of the Workgroup for Electronic Data Interchange and chair of the Oregon and Southwest Washington Healthcare, Privacy and Security Forum.
Related Products
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- Complications from immobility by body system
- Nursing responsibilities for managing pain
- Q&A: Primary, principal, and secondary diagnoses
- The consequences of an incomplete medical record
- Note similarities and differences between HCPCS, CPT® codes
- Neurological checks for head injuries
- Practice the six rights of medication administration
- Skills of effective case managers
- 10 Tips for Educating Elderly Patients
- E-mailed
- Searched