HIPAA implementation for healthcare accounts

Phone calls are personal, one-on-one conversations between health providers and the patients and customers they serve. They frequently involve the discussion of private matters and medical history. While recording incoming calls can provide significant benefits in determining lead quality and training staff members, the contents of these conversations can contain personal health information.

Even without an audio recording of the call, the fact that the call happened at all may create health information that links an individual to a medical practice and the types of services they provide. If the call is to a tracking number that indicates a specific marketing campaign, or one that links an online visitor and their search keywords, an even greater picture of the caller’s medical needs and history begins to emerge.

CallRail's Healthcare plans help Covered Entities and the marketing agencies that serve them to maintain compliance with the regulations set forth by HIPAA and HITECH. 

For additional information, you're welcome to download our white paper here

CallRail's healthcare plans and accounts

There are a few main differences between a standard account and a healthcare account. In a healthcare account:

- CallRail will enter into a Business Associate Agreement (BAA) with the Covered Entity or Business Associate.

- Users will be logged out every 30 minutes.

- There will be restrictions on integrations that send PHI to third parties.

- Accessing the recording link will require their own login. Here's how you can invite someone to your account.

- Caller ID information for the caller won't be included in the Call Notification email, but will be available upon logging into CallRail.

- Form submission alerts received via text message won't include any message from the lead, only the telephone number; however, this information will be available upon logging into CallRail.

- Text notification emails won't include the message, only the phone number; however, the message will be available upon logging into CallRail.

Heads up

If you have a healthcare account and need help from our support team, there’s an additional step we’ll need to take to help with your request. Follow the instructions in this article to learn how to grant our Support team temporary access to your account. We take the privacy and security of your account seriously, and this process ensures that your data is secure.

Create a healthcare account

If you're ready to get started with a CallRail healthcare plan, you can submit a ticket to our support team, and we'll be in touch with you soon after to discuss pricing and the transition process.


If I already have a standard CallRail account, how can I give some of my clients access to my healthcare account, but not all?
We create a separate CallRail account for businesses on healthcare plans. This separate account would have separate billing information, and we take care of transferring the health care clients over to your healthcare account for you.

Why are healthcare accounts set up differently within CallRail?
HIPAA prescribes security requirements for both Protected Health Information (the health data itself), and for the users who have access to that data. Users who have access to some data means they're scoped for HIPAA and HITECH compliance, and with that comes all the requirements for anything that user can touch. Accounts on healthcare plans will always remain separate from standard CallRail accounts.

Is it possible to add the same user to a healthcare account that already has access to another CallRail account?
You can use the same login across multiple accounts, even if some are HIPAA-compliant and some are not. See this article to set this up:

Requesting access to another CallRail account

Can I use call recordings within a healthcare account?
The same laws apply to call recordings in a healthcare account as they do in a standard CallRail account. You will need to check with your state laws and legal department to determine if you need to notify the caller that the call is being recorded. If you wish to record calls, you can listen to them in a healthcare account as long as you are logged in to that account.

The materials in this support article are provided for informational purposes only and do not constitute legal advice. Transmission of the information is not intended to create, and the receipt does not constitute, an attorney-client relationship between sender and receiver. The information is offered only for general informational and educational purposes and does not constitute legal advice or legal opinions. You should not act or rely on any information contained in this support article without first seeking the advice of an attorney. All risk of loss or damage is solely that of the user and the company disclaims any liability thereof.

Was this article helpful?
3 out of 3 found this helpful

Articles in this section

See more
Ask the Community
Find best practices, post, and learn from CallRail users.
CallRail Support Hours
Weekdays 8:00am - 8:00pm EST