Why Your Doctor’s Office Needs to Use a HIPAA-compliant Telephone Answering Service

HIPAA (Health Insurance Portability and Accountability Act of 1996) has been around for over a quarter of a century. This may make it seem like old news. Yet don’t become complacent about this act even though it originated in the prior century. In fact, it’s even more important now than ever before.

Your healthcare organization has surely integrated the best HIPAA practices into your operation. You follow the latest recommendations and even go beyond what HIPAA regulations require in your day-to-day interactions with patients and how you handle their information.

What’s easy to overlook, however, is what happens outside of your practice, clinic, or facility. Any support or outsourcing partner you have could also fall under HIPAA regulations as your business associate (BA). This includes your medical telephone answering service (TAS).

Here are the key points to keep in mind:

HIPAA is a Requirement 

For you to be in full HIPAA compliance, your medical answering service must also be in full compliance. That’s why your healthcare operation needs to use a HIPAA-compliant TAS.

Anything less and you miss the mark. This means that you’re liable for your answering service’s HIPAA violations.

Having HIPAA insurance coverage and executing a business associate agreement (BAA) with your answering service are essential steps to take, but they don’t guarantee full protection if your answering service falls short. As a covered entity (CE) under HIPAA regulations you’re responsible for what your business associates—your telephone answering service—does or doesn’t do.

And with BAs now receiving more scrutiny from HIPAA regulators, it’s more likely the non compliant ones will be uncovered and fined.

But you can avoid all this risk and unpleasantness by using a HIPAA-compliant TAS.

Your Patients’ Expect HIPAA-compliance

Just as your patients trust you with their healthcare needs, they also trust you with their personal health information (PHI). Aside from medical malpractice, few things will lose your patients’ confidence more quickly than for them to learn you haven’t treated their PHI with the careful attention it deserves under HIPAA regulations.

And remember, this extends to your telephone answering service too. If your non-HIPAA compliant answering service mishandles your patients’ PHI, you are responsible for their misuse. And you—not your answering service—will suffer the consequences with your patients.

Your Future Hinges on Being HIPAA-compliant Today

In addition to losing patient confidence through a HIPAA breach at your answering service, there is also the likelihood of financial penalties—for both you and them.

These two concerns have long-term consequences for your future viability as a healthcare provider. It’s simply too much to risk going with a non-compliant answering service. 

Enhance Your Competitive Edge

In an increasingly competitive healthcare landscape, every little advantage counts. Choosing a HIPAA-compliant telephone answering service not only protects you legally but also enhances your reputation among your clientele and within the industry. Being known as a practice that prioritizes compliance and data security can set you apart from competitors who may be cutting corners. This reputation can lead to more referrals, increased patient loyalty, and the ability to attract a higher-caliber staff, all of which contribute to the business aspect of running a successful medical practice.

Improve Operational Resilience

Being HIPAA-compliant adds another layer of resilience to your medical practice. It shows that you are committed to upholding the industry’s best practices, which extends to your choice of a telephone answering service. In the case of any compliance audits or legal disputes, your use of a HIPAA-compliant answering service could be a point in your favor, demonstrating your overall commitment to adhering to federal laws and regulations.

Building Trust Through Transparency

Transparency is essential in healthcare. Patients are increasingly interested in knowing how their data is being used and protected. By choosing a HIPAA-compliant answering service, you can confidently answer any queries about data security, thereby building even more trust between your medical practice and your patients. This trust, in turn, adds value to your practice, offering a layer of assurance that can be beneficial for patient retention and long-term sustainability.

Safeguard Against Legal Complications

Using a non-compliant answering service exposes your practice to legal vulnerabilities that can culminate in lawsuits, fines, and a tarnished reputation. Legal issues are not just problematic but can be financially draining. These funds could otherwise be invested in upgrading your services, staff development, or other revenue-generating activities. From a business standpoint, HIPAA compliance is not just a requirement but a risk-mitigation strategy.


Q: How do I ensure that the answering service I am considering is HIPAA-compliant?

A: Ask for documentation verifying their HIPAA compliance, such as certifications or audit results. You should also review the Business Associate Agreement (BAA) that outlines how they will protect your patients’ PHI.

Q: What steps should I take if I discover that my current answering service is not HIPAA-compliant?

A: You should cease using their services immediately to mitigate further risks. After that, conduct an internal audit to ascertain if any data breaches have occurred and notify affected parties if necessary. Subsequently, find a HIPAA-compliant service to replace them.

Q: Can I be held legally accountable if my HIPAA-compliant answering service has a data breach?

A: Even if your answering service is HIPAA-compliant, you may still bear some responsibility in the case of a data breach. However, your liability might be reduced if you have performed due diligence in selecting and monitoring the service. Always consult with a legal expert for advice specific to your situation.

Conclusion and Call to Action

HIPAA compliance is not an optional or outdated requirement; it is an essential, current-day mandate that can impact your practice’s reputation, patient trust, and financial bottom line. By choosing a HIPAA-compliant telephone answering service, you are making a strategic business decision that minimizes risks and enhances your medical practice’s credibility and operational resilience. Don’t jeopardize your hard-earned patient trust and the future of your healthcare business. Act now. Ensure your telephone answering service is HIPAA-compliant. Call us today to discuss how we can help you meet this vital compliance requirement.

Act Today

Save yourself the hassle, the public relations nightmare, and the financial fines by going with a HIPAA-compliant TAS.

And if you don’t have a HIPAA-compliant telephone answering service, don’t delay, and switch today.

To enjoy the benefits of a HIPAA-compliant telephone answering service, sign up online or call 800-450-9045 to discover how we can provide you with an affordable and effective HIPAA-compliant medical answering service.

Frequently Asked Questions

We do not currently recommend any texting app like TigerConnect or OhMD because there is no way for us to send messages directly to a recipient through our current answering service software. Messages would need to be transcribed from our system into a secure web portal potentially causing errors and delays.  Secure encrypted email is recommended.

TigerConnect – https://tigerconnect.com/products/clinical-collaboration/

OhMD – https://www.ohmd.com/

We do not provide the pagers but we can recommend American Messaging who offer encrypted alpha pagers and secure phone app – https://americanmessaging.net/

Spok is another option that offers encrypted alpha pagers and a secure phone app. – https://www.spok.com/solutions/paging-services/paging-devices/


Unfortunately, no.  SMS/Text messages that contain PHI ( Personal Health Information ) are never HIPAA compliant.

Only encrypted secure email, encrypted alphanumeric pagers or HIPAA compliant Apps such as TigerConnect ( formerly TigerText ) can be used to securely transmit PHI.

Apps like Signal, Telegram and Whatsapp while encrypted and secure do not provide a signed BAA which is necessary to remain HIPAA compliant.

We recommend ProtonMail a secure email service based in Switzerland.  When used as a stand alone app it can almost replicate the SMS experience with the security of encrypted email.


Alternate HIPAA compliant email providers that provide a signed BAA.   We recommend choosing 1 provider and using it solely for answering service use.  Doing so allows unique notifications and sounds to be setup so you know when its an answering service email.  Alternatively by only using one email provider solely for answering service messages will help to ensure interruptions from spam or other sources.

Hushmail – https://www.hushmail.com/plans/healthcare-hipaa-compliant-email/

Egress – https://www.egress.com/blog/compliance/how-we-help-you-comply-hipaa

Mail Hippo – https://www.mailhippo.com/

Secure My Email – https://www.securemyemail.com/hipaa-compliant-email

Virtru – https://www.virtru.com/hipaa-compliant-email/

Paubox – https://www.paubox.com/

Google Workspace ( email ) https://support.google.com/a/answer/3407054?hl=en , https://workspace.google.com/products/gmail/

Outlook / Office 365 – https://www.microsoft.com/en-us/industry/health/microsoft-cloud-for-healthcare

Zoho Mail – ****Please note we do not currently recommend Zoho for any of their products.  Their support is atrocious and their products never work without support.  https://www.zoho.com/mail/hipaa.html


September 30, 2022|HIPAA|
Go to Top