Can I Record Patient Telephone Calls and Visits?

It’s easier than ever to record phone encounters with patients. But is it legal to do so? We discuss the considerations.

There are many reasons a healthcare professional might want to record a phone call with a patient, ranging from guarding against malpractice liability to boosting the quality of the patient’s medical record. But what, if any, laws apply?

Telephone Recordings In General: the Role of Consent

First, let’s start with whether you can record any phone call. Healthcare regulations aside, the states have established requirements for anyone who wants to record a phone conversation.

Some states are known as  “one-party consent” states. In these states, only one party to the phone conversation must consent in order to record the conversation. If you are trying to record a conversation to which you are not a party, one of the parties must consent. One-party consent states include New York, Texas, Wisconsin, and the District of Columbia.

Other states require “all-party consent” (often just called “two-party consent” because most conversations occur between two people). All-party states include Illinois, California, and Michigan. In these states, all parties to a phone conversation must consent before a party may record. 

Some states specify the types of conversations that require the consent of all parties before recording. The all-party states listed above require consent for confidential or private conversations. If there is no expectation of privacy or are no steps taken to keep the conversation confidential, the conversation is not likely to garner the same protection. Meanwhile, the states above prohibit recording any private or confidential conversations where the recording will be used for criminal activity. 

Consent to Record Telephone Patient Encounters

So how do one-party and all-party consent laws apply in the healthcare setting?

Say that a telehealth provider serves patients in more than one state. In this case, calls between a one-party state and an all-party state should follow the all-party rules. 

Moreover, healthcare practices should create written policies regarding how to ask a patient for consent to record a phone call and remind patients each time a phone call is being recorded. For example, procedures might include having patients sign an additional informed consent for telephone visits that acknowledges each call will be recorded. They can also include a recorded message on the providers’ or practice’s phone system alerting patients that their calls will be recorded. 

Even in one-party states, healthcare providers may find it best practice to ask patients for consent to record. At this time, the provider can educate the patient on why the provider is recording, how it will be used, where it will be stored, and whether the patient may access the recording. 

HIPAA and Recording Patient Phone Calls

Suppose a patient consents to be recorded during a telephone visit. The subsequent recording becomes protected health information (PHI). If the provider is a HIPAA covered entity, the PHI is subject to the HIPAA Privacy and Security Rules.

Thus, covered entities that record patient calls should ensure that their phone system is HIPAA-compliant. The covered entity and the call recording software must have protocols for keeping the PHI generated from each call secure. Additionally, if a covered entity contracts with another company to provide the call recording services, the covered entity must sign a business associate agreement (BAA) with that company. 

See our related video, “Business Associate Agreements in Healthcare.”

The practice policies for recording calls should specify which employees within the entity have access to the PHI. It should also describe where the practice stores PHI and the security measures taken to protect against unauthorized access.

Finally, covered entities should establish procedures for verifying the identity of individuals with whom they have phone conversations, both for recording purposes and so that the covered entity does not disclose PHI to unauthorized individuals over the phone. 

Remember, the government mandates that you have written HIPAA policies and procedures that guide the handling of all PHI. This applies to all media, including paper records, electronic health records, or voice recordings. If you don’t have a HIPAA policy or need an update that more closely reflects how you practice now, seek the help of an experienced healthcare attorney in your state.

Get Legal Support

The attorneys at Jackson LLP are experienced with HIPAA compliance. We can help your practice establish and maintain adequate policies and consent forms. If you operate in any of the states where we have licensed attorneys, contact us for a free consultation to find out if we fit your needs.

This blog is made for educational purposes and is not intended to be specific legal advice to any particular person. It does not create an attorney-client relationship between our firm and the reader. It should not be used as a substitute for competent legal advice from a licensed attorney in your jurisdiction.