The practice of medicine is changing almost daily, and a big contributor to the new landscape is technology. With the ever-growing list of apps and software platforms available, physicians and other health care providers are able to find and treat their patients in ways that were not possible in previous years.

Many of the same technologies that are being used in non-medical settings have proven useful in the healthcare world. One such area is call recording.  Certain software will allow physician groups, or other healthcare providers, to track whether a patient call originates from an online ad or website. Many times those same marketing companies that can track calls and analytics can also provide a platform to easily record and store calls coming into a healthcare provider’s office or call center.

The practice of recording phone calls is not uncommon. How often do you hear “your call may be recorded for quality assurance purposes” when you settle in for that long call with customer service? There are certainly benefits to having these patient calls recorded: customer service improvement, employee training, and tracking call sources, to name a few; but in the heavily regulated healthcare world, healthcare providers must consider other factors before making the decision to hit the record button.

From a HIPAA perspective, the provider must think about who or what is recording the calls, and where the audio recordings and any other information related to the audio recordings would be stored. Any entity a provider contracts with to record and store the patient telephone calls would need to sign a Business Associate Agreement, whereby the entity agrees to protect the patient information it receives in accordance with HIPAA. Failing to obtain a Business Associate Agreement in this instance would be a violation of HIPAA.

There is also the question of consent. Do you need to inform the patient the call is being recorded? One huge factor that goes to this consideration is, “Where is the patient located at the time of the call?” Louisiana is a one consent state, meaning at least one party to the conversation needs to know about the recording — and that one party can be the physicians’ practice making the recording. This means, as long as the medical provider is aware of the recording, a patient located in Louisiana does not have to be informed the call is being recorded. But what if the patient calls from a different state? Mississippi, Alabama, and Texas are also considered one consent states, but other states, including Florida, are “two-party consent” states, meaning you need the consent of both parties in order to make the recording. If a call is made from a patient located in Florida to a physician practice in Louisiana, the general legal consensus is that the physician practice must comply with the more stringent “two-party consent” requirements. Out of an abundance of caution, we would advise all of our healthcare provider clients to inform and request consent before recording any phone calls with patients. This way there is no question as to the legality of the recording, and you never run the risk of your patient being surprised when they learn of the existence of a stored call recording when they were never made aware they were being recorded.

Medical providers need to be cognizant that these audio records are likely considered health records. This means that recordings of patient telephone conversations with your nurse line or call center should be treated like any other medical record. Providers should retain the audio recordings for as long as all other records are retained, and ensure that those audio records are released along with the rest of the medical record when a valid authorization to release medical records is received.

Just as with traditional medical records, practices must consider security measures surrounding the creation and storage of these recordings. How are the recordings being stored? Will they be stored on cloud based servers? Will they be stored on your system? Will the audio files have to be sent or received at any point?  Will the files be encrypted? Who will be able to access the files? Do your privacy policies address call recording? All of these questions should be answered before determining 1) whether recording patient calls is appropriate for the provider, and 2) which recording system is the best choice.

The issue of malpractice liability should also be considered. A recorded conversation with a patient becomes discoverable evidence in the event of a claim, and this is a double edged sword. While a phone recording can be helpful in the event of a negative outcome (to prove what information was actually provided to the patient), it, just like any other documentation, can also be harmful (to prove what information was not provided to the patient). Thus, a provider should consider whether such recordings will be helpful or harmful if an issue were to arise. Also, it may be helpful for a provider to reach out to its malpractice carrier to see if there is any opinion on recording patient calls.

Finally, while not arising from health care regulations, one last consideration relates to whether a provider would be taking credit card payments over the phone during these recorded calls. Federal security standards set out compliance rules for practices relating to the processing of credit card payments over the phone and the storage of credit card information. When deciding to record patient phone calls, providers should be cognizant of these specific laws and standards for credit card processing, and insure that any call recording system selected will allow the health care provider to easily maintain compliance when it comes to patients’ credit card information.

Technology makes it very easy to hit record, but physicians and other providers should look hard at all of the relevant factors before implementing a policy to begin recording patient phone calls.