Healthcare Business Management Association - HBMA
Leading the Business of Healthcare Login
Public News Public News - HBMA Healthcare Business Management Association

Compliance FAQs


By Karen Collier, Esq.

How much information can a biller leave on an answering machine when calling for address or insurance updates?

Answer: Because the biller cannot know for sure who will listen to a message, even when calling a telephone number provided by the patient, it is wise to leave the minimum amount of information necessary to accomplish the reason for the call. Various legal concerns, including the HIPAA Privacy and Security rules, state that confidentiality and privacy laws and debt collection statutes and regulations can be implicated and should be taken into account.

A bare bones message may contain little or no revealing information while still accomplishing the task.

EXAMPLE 1: "This message is for [patient]. We are calling to verify your current mailing address (or insurance information) in order to bill for recent medical services you received. Please contact us at xxx-xxxx during office hours."

Here is another message scenario that gives minimal information.

EXAMPLE 2: "This is Medical Billing Office calling for [patient]. We need to contact you for an updated / corrected mailing address (or insurance information). Please call us at xxx-xxxx at your earliest convenience."

Various factors should be considered in deciding how to draft scripts or instructions for your staff regarding outbound messages.

  • What is the purpose of the call / message?
  • Who is the provider / client? Are they well known in the community?
  • Do they practice in a sensitive specialty, such as family planning, mental health, etc.?
  • Is there a reason you would need to disclose the client's identity or other detailed information at all?
  • What would be the risk if someone other than the patient or a close family member heard the message?

If additional information would be helpful and would not unnecessarily reveal personal health information (PHI) or sensitive information, it can also be included in the message.

"This message is for [patient]. I am calling for the billing office at [General Hospital Radiology Group]. Please contact our office to update your mailing address (or insurance information)."

CMS has published FAQs that are generally related to this question. By analogy, they support the conclusion that a biller may leave a minimum amount of information on an answering machine to solicit a response and gather information to enable proper billing.
The official HIPAA FAQs can be found on the website of the DHHS Office of Civil Rights at

From the Office of Civil Rights HIPAA website:

May physician offices or pharmacists leave messages for patients at their homes, either on an answering machine or with a family member, to remind them of appointments or to inform them that a prescription is ready? May providers continue to mail appointment or prescription refill reminders to patients' homes?

Answer: Yes. The HIPAA Privacy Rule permits health care providers to communicate with patients regarding their health care. This includes communicating with patients at their homes – either through mail, phone, or in some other manner. In addition, the Rule does not prohibit covered entities from leaving messages for patients on their answering machines. However, to reasonably safeguard the individual's privacy, covered entities should take care to limit the amount of information disclosed on the answering machine. For example, a covered entity might want to consider leaving only its name, number, and other information necessary to confirm an appointment, or ask the individual to call back.

A covered entity also may leave a message with a family member or other person who answers the phone when the patient is not home. The Privacy Rule permits covered entities to disclose limited information to family members, friends, or other persons regarding an individual's care, even when the individual is not present. However, covered entities should use professional judgment to assure that such disclosures are in the best interest of the individual and limit the information disclosed. See 45 CFR 164.510(b)(3).

In situations where a patient has requested that the covered entity communicate with him or her in a confidential manner, such as by alternative means or at an alternative location, the covered entity must accommodate those requests, if reasonable. For example, the Department considers a request to receive mailings from the covered entity in a closed envelope rather than by postcard to be a reasonable request that should be accommodated. Similarly, a request to receive mail from the covered entity at a post office box rather than at home, or to receive calls at the office rather than at home are also considered to be reasonable requests, absent extenuating circumstances. See 45 CFR 164.522(b).

Related Searches: Compliance, HIPAA Privacy Rule