Q&A: Can auto dialers violate HIPAA?

March 20, 2009

What is and is not appropriate information to include in phone messages from auto dialers?

Q: Our medical billing service is contemplating the use of an autodialer in our follow-up procedures on past-due patient balances. Can you provide any insight as to what is-and is not-appropriate with respect to these messages? More specifically, please advise as to whether a message using the following would be acceptable: "Hello, this message is for (name). Please call (billing company) about your account with (Dr. ABC) at (phone number)."

A: Using an autodialer precludes the caller from knowing who is answering the phone or listening to the message left on the answering machine. If the message simply says that the autodialer is calling to collect a debt, and to please return the call, without providing any additional information concerning the reason for the call or the nature of the debt, and if no additional information is provided to the person returning the call without verification of identity, there are no likely privacy issues. Beyond that, the more information provided, the more the risk of a violation of the Health Insurance Portability and Accountability Act. Even the identity of the physician or practice can raise HIPAA issues. For example, identifying a physician in a practice that treats AIDS or sexually transmitted diseases as one to whom a patient's spouse owes a debt may provide enough information to invoke HIPAA, as well as other state and federal privacy laws. In contrast, simply calling from a collection agency and leaving a message for the patient to return the call involves no disclosure of protected health information.