Skip to main content
Headway
Log inJoin as a provider

Starting a practice

5 key elements of a HIPAA compliant voicemail

Here are the key features of a HIPAA-compliant voicemail system, plus a script for your voicemail greeting.

Choosing a HIPAA compliant voicemail provider

Healthcare providers who conduct HIPAA-covered transactions — for example, a psychiatrist or other mental health clinician who bills insurance — are required to comply with the Administrative Simplification Regulations of the Health Insurance Portability and Accountability Act (HIPAA).

To maintain HIPAA compliance, when you start your practice, you’ll want to find a voicemail system that ensures your clients’ privacy when you receive, retrieve, or store audio messages. 

5 security features of a HIPAA-compliant voicemail system

  1. End-to-end encryption: Protects voice messages by disguising their contents while they are in transit, preventing third parties from reading the messages' contents, either accidentally or intentionally.
  2. Unique user identification: Ensures that users are accountable for their actions on the voicemail system by providing everyone who needs access with separately identifiable login information. 
  3. Automatic log-off: Protects the system and its data from unauthorized access when a device is left unattended or a user forgets to log off.
  4. Audit controls and event logs: Allow for monitoring and tracking of security-related activity. 
  5. Emergency access procedures: Reduces the risk of unauthorized access by establishing a set of guidelines that govern how individuals gain access to the voicemail system in an emergency.

Beyond core safety capabilities like encryption and audit controls, psychiatrist Abid Nazeer, chief resident at Symetria Recovery, says that it’s important to consider how you — and your staff — access the system. You’ll want to make sure that you limit staff access to the entire voicemail system to only those who need it, and maintain transparent disclosure and confirmation to and from clients about the use of voicemail messaging in providing service and treatment.

HIPAA compliant voicemail greeting script

It’s difficult to violate HIPAA rules in recording your own voicemail greeting, since you’re unlikely to include clients’ private information in a public message. When recording a voicemail greeting for your practice, try to balance warmth and professionalism — one that makes your clients feel comfortable with you while also succinctly providing information they might need.

Along with introducing you and your practice by name and providing emergency contacts for clients when you’re unavailable, one key aspect of a HIPAA-compliant voicemail is ensuring your client understands the voicemail is confidential (if it is).

It can help to plan a script ahead of time so you can cover all your bases. You may need to record your greeting a few times before you land on a final version.

If you need inspiration, try out a variation of the below HIPAA-compliant voicemail template:

Hello, you've reached the confidential voicemail of [provider's name] at [practice name]. Thank you for calling.

If this is an urgent matter or you're experiencing a crisis, call 911 or the National Suicide Prevention Lifeline at 988.

Please leave your name, phone number, and a brief message, and I will get back to you within [amount of time].

I look forward to connecting with you. Thank you, and take care.

Leaving HIPAA compliant voicemail messages

HIPAA privacy rules also apply when you’re leaving messages for clients, according to the U.S. Department of Health and Human Services. A HIPAA-compliant voicemail message should always limit the amount of private information left in a voicemail. 

Says psychiatrist Jordan Calabrese, medical director at Sana Lake Recovery Centers. “State your name and which office you’re calling from, who you’re leaving a message for, and a request for a callback. Refrain from leaving any other personal information like test results.”  

For example, rather than saying “This is Dr. [Name] calling to discuss the results of the depression screening we conducted at your appointment last week,” aim to keep it general and simple, introducing yourself and instructing the client on how to call you back. 

Another consideration: Pay attention to how you speak in the voicemail. “To prevent making any unintentional disclosures or assumptions about the subject of the call, it is important to keep a professionally neutral tone,” says licensed professional counselor Matt Grammer.

If your client gave written permission or a “Release of Information” to leave a message with a family member or another trusted individual, use your best judgment to prioritize your client’s privacy. Only disclose private information to another party if you’re confident it benefits the client’s care.

Headway makes it easier and more profitable for therapists and psychiatrists to accept insurance

Talk to a practice consultant

Starting a practice