New! 2023 E/M Changes & ICD-10-CM Guidelines | Save 10% Now

LEARN MORE

Practice QA: Derail HIPAA Violations When Leaving Patient Messages

Share: Share on Facebook Share on Twitter Share on LinkedIn

Practice QA: Derail HIPAA Violations When Leaving Patient Messages

Share: Share on Facebook Share on Twitter Share on LinkedIn
HIPAA Violations

QUESTION: I’m trying to help staff avoid HIPAA violations when leaving patient messages. What should and shouldn’t you say when leaving voice messages for patients?  

– Anonymous, Chicago, IL

 

How to Avoid HIPAA Violations When Leaving Messages

ANSWER: To avoid HIPAA violations, first, it’s important that you have a signed consent form on file for all of your patients. This form should have a place where your patient can indicate how they authorize you to contact them.

Your consent form should include an area for your patient to give you permission to leave a voice message. The section of the form should include check box options regarding the types of messages you might leave, and with whom they can be left with. For example:

     “I give [your practice name] permission to leave me voice mail messages at the following phone numbers [phone numbers].
     □ You may leave messages regarding my care for □ appt/sch reminders, □ lab orders/results, □ payments, □ generic called.
         You may communicate information regarding my care only to
  Myself and/or [ [person’s name].
     □ You may NOT leave messages regarding my care.”

After confirming consent to ensure you don’t leave any info that could give cause for a HIPAA violation, train staff on the essentials of what a compliant message should include:

  • identify yourself without releasing too much information. For example, if I’m calling a patient to remind her of an appointment. I can say something like, “Hello. This message is for Rhonda. I am Samantha from Dr. Jones’ office. If you could just give me a call back.”
  • include details depending on consent level. If the consent to treat allows specification, you can provide the information such as an overdue bill, an appointment, a lab result, scheduling a diagnostic service. If authorization is for general office info only, don’t say what it’s about.

Expert: Tracy Bird, FACMPE, CPC, CPMA, CEMC, CPC-I
President, Medical Practice Advisors

Commonly Purchased HIPAA Violations Online Training and Resources

 


Meet Your Writer

Tracy Bird
FACMPE, CPC, CPMA, CEMC, CPC-I

President, Medical Practice Advisors

Tracy has over 40 years of experience in various specialties in the areas of practice management, billing and coding, including training, communications, and policy and procedure development. She is an ACMPE Fellow with MGMA, a Certified Professional Coder (CPC), a Certified Professional Medical Auditor (CMPA), a Certified Evaluation and Management Auditor (CEMC) a Certified Professional Medical Coding Curriculum instructor (CPC-I), and an AAPC Fellow. Tracy is co-founder and past president of the NE Kansas Chapter of AAPC, a past president of MGMA-GKC and is currently serving as the Chair of the Certification Commission for National MGMA.