HIPAA, which stands for the Health Insurance Portability and Accountability Act of 1996, is a US law which establishes privacy standards that protect patients’ medical records and other health information provided to health plans, doctors, hospitals and other health care providers.

What is PHI?

Protected Health Information (PHI) under HIPAA Privacy Rule provides federal protections for any personally identifiable health information communicated orally or recorded and transmitted in any medium. PHI protects any information created or received by doctors, health plans, life insurance policies, employers, schools, etc.

Who has to abide by these laws for calls?

In 2009, HIPAA further extended its coverage for what are considered ‘covered entities’ through the Health Information Technology for Economic and Clinical Health Act (HITECH) to all business associates with access to health information, which includes marketers and call tracking providers. This extension of the law requires that all patient health information be protected from disclosure and misuse by the practitioner and any business associates that have access to the information.

Looking for HIPAA compliance best practices? Check out our HIPAA call tracking checklist.

In recent years, the Federal Communication Commission (FCC) has clarified the regulations of HIPAA and patient phone calls. For any business working directly personal health information, any form of communication, internal communication should be managed through HIPAA compliant systems or software while business associates sign a BAA with HIPAA clients.

Calls that take place between health providers and patients often involve discussion of personal issues and medical history. Even without an audio recording, the simple fact that the call occurred may create health information that links an individual to a medical practice and the types of services they provide.

Are you an agency with questions about HIPAA-compliant call tracking? Learn more about our HIPAA compliance practices.