Phone calls are personal, one-on-one conversations between health providers and the patients and customers they serve. They frequently involve the discussion of private issues and medical history. While recording incoming calls can provide significant benefits in determining lead quality and training staff members, the contents of these conversations can contain personal health information.
Even without an audio recording of the call, the fact that the call happened at all may create health information that links an individual to a medical practice and the types of services they provide. If the call is to a tracking number that indicates a specific marketing campaign, or one that links an online visitor and their search keywords, an even greater picture of the caller’s medical needs and history begins to emerge.
CallRail's HIPAA compliant plans help Covered Entities and the marketing agencies that service them to maintain compliance with the regulations set forth by HIPAA and HITECH.
To read additional information on CallRail's HIPAA solution, you're welcome to download our white paper here.
CallRail's HIPAA Compliant Accounts
There are a few main differences between a standard account and a HIPAA account. In a HIPAA account:
- CallRail will enter into a Business Associate Agreement (BAA) with the Covered Entity or Business Associate.
- Users will be logged out every 30 minutes.
- There will be restrictions on integrations that send PHI to third parties.
- Voicemail transcriptions will not be available.
- Accessing the recording link will require a login. In this case, Notification Only users will need to be promoted to Client Manager or Client Reporting users so that they can log into the account to listen to call recordings.
- Caller ID information for the caller won't be included in the Call Notification email, but will be available upon logging into CallRail.
- Form submission alerts received via text message won't include any message from the lead, only the telephone number; however, this information will be available upon logging into CallRail.
- Text notification emails won't include the message, only the phone number; however, the message will be available upon logging into CallRail.
Create a HIPAA Compliant CallRail Account
If you're ready to get started with a HIPAA compliant CallRail account, you can reach out to our Support team, and a Client Success Manager will be in touch with you soon after to discuss pricing and the transition process.
If I already have a standard CallRail account, how can I give some of my clients HIPAA compliance, but not all?
We create a separate CallRail account for the HIPAA compliant companies. This separate CallRail account would have separate billing information and a different login email address, and we take care of transferring the health care clients over to the HIPAA compliant account for you.
Why is HIPAA set up differently within CallRail?
HIPAA prescribes security requirements for both Protected Health Information (the health data itself), and for the users who have access to that data. Users who have access to some HIPAA data means they're HIPAA-scoped, and with that comes all the HIPAA requirements for anything that user can touch. HIPAA compliant accounts will always remain separate from standard CallRail accounts.
Is it possible to add the same user to a HIPAA account that already has access to another CallRail account?
If the same user needs to be added to multiple CallRail account, we will need a separate email address for each account since an email address can only be associated with one CallRail account.
Can I use call recording within a HIPAA account?
The same laws apply to call recordings in a HIPAA account as they do in a standard CallRail account. You will need to check with your state laws and legal department to determine if you need to notify the caller that the call is being recorded. If you wish to record calls, you can listen to them in a HIPAA account as long as you are logged into that account.
The materials in this support article are provided for informational purposes only and do not constitute legal advice. Transmission of the information is not intended to create, and the receipt does not constitute, an attorney-client relationship between sender and receiver. The information is offered only for general informational and educational purposes and does not constitute legal advice or legal opinions. You should not act or rely on any information contained in this support article without first seeking the advice of an attorney. All risk of loss or damage is solely that of the user and the company disclaims any liability thereof.