QUESTION: I’m trying to help staff avoid HIPAA violations when leaving patient messages. What should and shouldn’t you say when leaving voice messages for patients?

– Anonymous, Chicago, IL

How to Avoid HIPAA Violations When Leaving Messages

ANSWER: To avoid HIPAA violations, first, it’s important that you have a signed consent form on file for all of your patients. This form should have a place where your patient can indicate how they authorize you to contact them.

Your consent form should include an area for your patient to give you permission to leave a voice message. The section of the form should include check box options regarding the types of messages you might leave, and with whom they can be left with. For example:

     “I give [your practice name] permission to leave me voice mail messages at the following phone numbers [phone numbers].
     □ You may leave messages regarding my care for □ appt/sch reminders, □ lab orders/results, □ payments, □ generic called.
         You may communicate information regarding my care only to □ Myself and/or □ [ [person’s name].
     □ You may NOT leave messages regarding my care.”

After confirming consent to ensure you don’t leave any info that could give cause for a HIPAA violation, train staff on the essentials of what a compliant message should include:

identify yourself without releasing too much information. For example, if I’m calling a patient to remind her of an appointment. I can say something like, “Hello. This message is for Rhonda. I am Samantha from Dr. Jones’ office. If you could just give me a call back.”
include details depending on consent level. If the consent to treat allows specification, you can provide the information such as an overdue bill, an appointment, a lab result, scheduling a diagnostic service. If authorization is for general office info only, don’t say what it’s about.

Expert: Tracy Bird, FACMPE, CPC, CPMA, CEMC, CPC-I
President, Medical Practice Advisors