Reviewing Your HIPAA-Compliant Call Tracking Checklist

Mark Kosin
7 minute read
Mark Kosin
7 minute read

When you work in healthcare or perform marketing on behalf of healthcare companies, the need to have HIPAA-compliant calls looms large. In receiving healthcare calls, your company might take in a wealth of data from patients covering medical history and other personally-identifying information. 

HIPAA, officially known as the Health Insurance Portability and Accountability Act of 1996, is the standard for any business that handles the Protected Health Information (PHI) of healthcare patients. The scope of HIPAA protection was expanded by the HITECH Act of 2009, which provided strict enforcement as leaders anticipated more healthcare companies sharing and exchanging electronic Protected Health Information, or ePHI. 

Because of these HIPAA guidelines and increased penalties after the HITECH Act, you and your organization need to avoid having any HIPAA violation calls. 

Here’s what you need to know about HIPAA compliant call tracking.

Why HIPAA Compliant Calls Are Important

Your business has a long list of reasons to maintain HIPAA compliant calls. For starters, you definitely don’t want to get a visit from the Health and Human Services’ Office for Civil Rights (OCR), which oversees enforcement of HIPAA regulations by investigating complaints and conducting compliance reviews. 

In addition to avoiding calls from the OCR, keeping all your calls HIPAA compliant can also improve customer perception of your brand. This is an important but often overlooked consideration for healthcare businesses. 

A Prophet/GE report reveals that there is a large perception gap between businesses and patients on the quality of healthcare services being provided. Among the report’s findings are that 63% of providers feel that they are giving customers a quality patient experience, but only 40% of customers actually feel that way.

Healthcare businesses have an opportunity to improve perception and enhance the patient experience by having a rigorous commitment to HIPAA compliance. Customers calling organizations to discuss sensitive health issues want to know that they are being heard, but also that their information is safe and secure. You want to be able to assure customers that their calls to you are all HIPAA compliant. 

Phonexa offers this helpful checklist of ways that your business can practice HIPAA compliant call tracking, as well as a list of the tools and features from Phonexa call tracking software that help your team maintain HIPAA compliance on all your calls.

What PHI Is Included in HIPAA Compliant Phone Calls? 

If your business is using Phonexa to track calls for healthcare consumers, you will be collecting Protected Health Information. There are two ways Phonexa call tracking can store PHI.

1. Caller Identifying Information

As mentioned, the very fact that you know the names of people calling for healthcare information means that your business is taking in PHI, meaning that you need to focus on having HIPAA compliant phone calls. Depending on your settings, Phonexa call tracking software will store data such as the name of your callers, their phone number, their location, and the marketing campaign that drove their call. All of this data needs to be protected. 

2. Phonexa Call Recording

Phonexa call tracking software offers call recording to improve customer service and use it as a training material. But these phone calls will also include conversations where PHI is revealed, meaning that your recordings will need to be closely guarded to keep your business HIPAA compliant.  

Checklist to Avoid HIPAA Violation Phone Calls   

It is clear that when you use call tracking for healthcare calls, your business is going to come into possession of some PHI that you will need to keep secure to maintain HIPAA compliance. The first step for your business is to have a thorough checklist to help you maintain HIPAA compliant calls. 

While this list is not exhaustive (in fact, it is the responsibility of every business to utilize the advice and service of legal counsel to ensure HIPAA compliance) and we are not offering legal guidance – just general operational business strategies, following these items can provide a framework for building a HIPAA compliance strategy. 

1. Educate Your Team

The first step for any business should be to create and document your company’s HIPAA compliance policies and procedures. Make sure your staff is familiar with all these practices—and it’s especially important that all employees and partners understand the level of seriousness that should accompany their actions protecting patient privacy. 

2. Safeguard User Logins and Credentials

When using different software solutions, it can be a common occurrence for multiple team members to share a single login username and password. However, this practice should be absolutely restricted when using Phonexa to track healthcare calls because it can impact your ability to maintain HIPAA compliance. It is recommended that you assign a single login per user, then you can implement Phonexa’s User Log to keep an accurate record of who is accessing patient PHI.

3. Use a BAA When You Must Share Data

To conduct business, you may invariably have to share some PHI with partners or third parties. In order to do this and maintain HIPAA compliance, you will need to form a BAA or business associate agreement. When you have a person or entity that performs duties on behalf of, or provides services to, a covered entity which necessitates access to PHI, that is considered a business associate according to HIPAA. In order to allow that associate access to patient PHI, you must set up a contract—or BAA—with that person or entity to adhere to HIPAA requirements.

4. Monitor All Your Integrations

Any time you integrate with Phonexa for your call tracking workflow, you will be sharing data that can include PHI. Whatever integrated third-party platforms or APIs you may be using, you will have to do your due diligence to make sure that they are also HIPAA compliant, so you avoid creating any HIPAA violation phone calls. You will most likely also enter into a BAA with those integration partners.

Phonexa Tools for HIPAA Compliant Phone Calls

There are crucial steps for becoming HIPAA compliant, from understanding what data you may be responsible for when using Phonexa call tracking, to developing your own HIPAA compliance checklist. Users should know that the Phonexa platform is also equipped with a number of advanced tools and features that can help organizations with HIPAA compliance goals. 

User Access Logs

As mentioned, knowing who is accessing patient PHI can be monitored when you assign a single login to each team member. Then use the Phonexa User Logs to see who from your team is accessing ePHI.  

Numerical Data Redaction

Allow your team to access key marketing data without creating any HIPAA violation phone calls. Use this feature to separate contact information from sensitive ePHI. 

Restricted Access to Recordings 

All your healthcare call recordings will likely include PHI. Limit who can access these recordings with two-step authentication. 

Data Encryption

Secure protections around your call data is critical for HIPAA compliance. Protect your PHI with Phoenxa’s sophisticated encryption for consumer data. 

Data Removal

Holding onto patient ePHI for longer than it is needed creates unnecessary risk. You can adjust your storage settings so that data is removed from your server soon after it is no longer needed for you to conduct business. 

Cybersecurity for HIPAA Compliant Call Tracking

For any business that is dedicated to HIPAA compliance, possessing exceptionally strong cybersecurity is an absolute must. Phonexa has always prioritized cybersecurity and has built an apparatus that gives businesses confidence in pursuing their HIPAA compliance commitments.


Phonexa’s infrastructure is built with industry-leading security and redundancies to ensure that business operations are not interrupted. Phonexa’s scalable architecture is designed for high volume operations and involves continuous monitoring and improvement of the platform, infrastructure, and security features. 

Preventive Security: Vulnerability and Penetration Testing

Phonexa’s protective security plan leverages internal monitoring and trusted partners to defend against cyber-attacks. Phonexa’s defense structure also incorporates a team of Certified Information Privacy Professionals to maintain safe business operations. 

Internal and External Testing

Phonexa tech professionals engage in a weekly vulnerability testing assessment to ensure the platform is guarded against possible incursions. These measures are conducted by internal individuals who continuously monitor and implement new trusted features in a dynamic landscape. 

Independent Ethical Hackers

Phonexa uses ethical hackers to uncover potential weaknesses in the Phonexa security system. These trusted partners use the same methods as “black hat” hackers to test suspected vulnerabilities. This testing is only performed in isolated sandbox instances containing only test data – no ePHI or client systems are ever used. 

Security Partners

Phonexa works with a number of established security partners who regularly perform penetration testing and other data security checks. 

Data Protection and Security

The security of the Phonexa platform lets businesses know that they are using a system that helps to protect all their data, including ePHI, limiting the risk of HIPAA violation calls. In addition to heavily encrypted firewalls, the Phonexa platform also contains:

  • 3 Independent levels of intrusion prevention
  • 3 Independent layers of DDoS prevention
  • Encrypted Client-to-Service channels
  • Virus-resistant software
  • CIPP/US Certified staff
  • Ability to limit user access based on user profile

To learn more about how Phonexa users maintain HIPAA compliant call tracking, or for answers to questions about HIPAA compliance or Phonexa data security, reach out to our team today!

Got Questions?

Get in touch! We are available 24/7.

Mark Kosin avatar
Mark Kosin
Mark Kosin was a Content Writer at Phonexa, covering topics such as SaaS technology, call tracking, lead generation, and digital marketing.
Related Posts

How To Turn Phone Calls into Quality Leads With Phonexa

We’ve put together this comprehensive call tracking guide to share our knowledge and help you...

Read more

Comprehensive Guide to Mastering Affiliate Marketing on LinkedIn

Affiliate marketing on LinkedIn involves leveraging the platform’s professional network to promote products or services...

Read more
SGE (Search Generative Experience) & SEO Strategy Adaptation SGE & Future of Organic Lead Generation

Google SGE: Adapting Your SEO To Search Generative Experience

While everyone is raving about the martech power of ChatGPT, another big storm is brewing...

Read more
Get Your Personalized Consultation Now
Book a Free Demo