Call analytics Header
a guide

HIPAA-compliant call centers

Is your healthcare practice or organization taking a high volume of calls from patients or prospective patients every day? If so, you may need a HIPAA-compliant call center platform. See how Dialpad Ai Contact Center can help—or, skip ahead to keep reading.


Healthcare clinics and practices often handle patient data and other sensitive information over phone calls. With the importance of privacy—not to mention industry compliance requirements—these organizations may need a HIPAA-compliant call center.

Not all practices will need medical call center software, of course. If it’s just a single therapist or physician in a small clinic, for example, a basic medical answering service may be enough.

So, if you’re working in the healthcare industry and receive a large volume of calls from patients or prospective patients regularly, how can you make sure your call center or contact center platform will help you avoid HIPAA violations?

That’s what we’ll cover in this guide.

👉 Quick note on “call centers” vs “contact centers”:

Traditionally, call centers took phone calls from patients. Today, people are reaching out through other communication channels as well, such as SMS messaging, live chat, and more. Because of this many call centers have evolved to become contact centers that can handle these other channels as well.

What is a HIPAA-compliant call center?

A HIPAA-complaint call center is essentially a call center that follows the guidelines of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA was passed in 1996 and stipulates guidelines that all companies and organizations collecting protected health information (PHI) must follow.

HIPAA-compliant call centers will have measures in place that determine how PHI is handled according to specific HIPAA rules (for example, how PHI is recorded on calls or in other communications and how it's shared with third parties like vendors).

If you are a healthcare provider and have a call center team, you need to make sure you’re using HIPAA-compliant call center software.

HIPAA compliance requirements that call centers should be aware of

Privacy rule

The Privacy Rule, also known as “Standards for Privacy of Individually Identifiable Health Information,” provides privacy for anyone seeking medical care. Its goal is to ensure that individuals’ health information is properly protected while also making health information available to healthcare providers where necessary to provide a good patient experience.

Security rule

The HIPAA security rule, also known as “Security Standards for the Protection of Electronic Protected Health Information,” protects health information that’s stored or transferred in an electronic form, otherwise known as electronically protected health information, or ePHI.

The Security rule enforces all of the protections outlined in the Privacy rule. So if you're running a HIPAA-compliant call center, you need to ensure that ePHI (including call recordings, voicemails, voicemail transcriptions, SMS, caller information, and so on) is secure.

This HIPAA compliance also extends to your contact center provider or software!

Business Associate Agreement (BAA)

Unfortunately, you can't just sign up with a VoIP or contact center provider that says they’re HIPAA-compliant and call it a day. You’ll also need to complete a business associate agreement (BAA) to prove to your patients and regulatory bodies that HIPAA rules are being followed.

A BAA is a legal document between the provider and a covered entity or another party, like a doctor's office or an insurance company. BAAs are required by law and must include a specific set of safeguards.

Dialpad Ai Contact Center, for example, is a platform that’s being used by a variety of healthcare practices, surgical clinics, and more. (We'll get into examples below.) Fun fact: You can complete a BAA from inside Dialpad!

How the right call center software can help you stay HIPAA-compliant

Scrupulous security risk assessment

Security needs can change, and staying on top of risk assessment is critical for maintaining HIPAA compliance. The right contact center service should include a rigorous security risk assessment annually.

Dialpad, for example, is SOC2 Type 2 certified, annually audited, and undergoes regular penetration testing. Dialpad has also completed the Cloud Security Alliance's Consensus Assessment Initiative Questionnaire (CAIQ), which addresses the controls listed in the HIPAA Security and Privacy Rule and meets the needs of the HIPAA Security Risk Assessment.

📚 Further reading:

Identity and access management (IAM)

Identity and access management (IAM) is critical to ensuring only the right people can see the information they need to keep workflows streamlined—while keeping data protected.

As an example, Dialpad provides users with stringent IAM controls like single sign-on (SSO) and automated user provisioning, so you can set specific permission levels as you need them and maintain HIPAA compliance.

If you decide to use passwords, authorization is communicated over HTTPS and is secured under the admin's choice of OAuth2.0, SAML 2.0, or by email and password combination.

24/7 emergency response

Healthcare organizations often run 24 / 7 /365 operations, so ideally, your contact center software will also be available around the clock in case you run into any technical issues or have questions about certain features.

Dialpad Ai Contact Center comes with 24/7 support across phone, live chat, and web channels. And there’s a comprehensive online Help Center too in case you want to find answers on your own.

Failovers and backups

You don't want to lose private and sensitive information in a disaster or climate event, so it's crucial to choose contact center software for your healthcare call center that includes robust failover and backup plans.

Customizable data retention policies

Many call center and contact center platforms offer retention policies (a major piece of HIPAA compliance), but often it's on the platform's terms, and you, as the customer, have little say in what you can keep and for how long. Make sure your service provider lets you customize your data retention policies to keep exactly what you want—for as long as you want.

(And yes, Dialpad Ai Contact Center lets you set custom data retention policies.)

3 examples of HIPAA-compliant healthcare contact centers that work remotely

Metropolitan Pediatrics

Remember we mentioned the importance of 24/7/365 emergency response? Metropolitan Pediatrics, a practice of six clinics in the Portland area, was struggling with a lack of 24/7 customer support from their old contact center provider. They couldn’t even do basic phone system tasks, like transferring calls, easily.

In addition to helping them stay HIPAA-compliant, they needed a healthcare phone system that let their pediatricians stay connected with patients. So, they choose Dialpad Ai Contact Center, which also has a fully integrated unified communications platform for internal communications with team members.

“What sold me on Dialpad was being able to actually be more involved and being able to make changes in real-time, not having to put in a ticket and never hearing back about it. If we need to close the office for a meeting, add people, get a new phone number, or add a new license, all those things can be done really easily,” says Kathy, their Practice Manager.

How easy? She can add or manage phone numbers with just a few clicks:

Managing or adding phone numbers v3 blog size

Not only that, Kathy and the rest of her team can also work remotely on either their laptops or mobile devices if they want to, without sacrificing the patient experience.

“Dialpad is easy to use, and if I happen to be working remotely, I can still access it and call patients,” says Kathy. “I can call from my cell phone and they’ll think I’m at the office because it all comes from Metropolitan Pediatrics. I can call an extension if I need to get anyone at the office. So those things have saved a lot of time.”

Proliance Surgeons

Faced with exponential growth and increased communications demands, Proliance Surgeons needed a contact center platform that would allow them to keep over 80 care centers connected while maintaining the usual healthcare contact center best practices.

Because Proliance Surgeons specializes in everything from orthopedics to reconstructive surgery, CIO Curt Kwak had his hands full.

“Before Dialpad, we had a variety of technologies, some implemented without any consultation, so we didn't even know what some care centers were working with,” Curt reflects. “When we got our first care center on Dialpad, it opened up so many doors—even for simple things like being able to access voicemails remotely or the voicemail transcription services. The nurses were saying, ‘Oh my goodness, do you know how much time you saved us?’”

Even though sometimes patients still need to come in physically for surgical consults or diagnosing injuries, Proliance Surgeons’ team can use Dialpad for when appointments can be done over video calls:

Meeting transcription on a healthcare video call

And when patients do call in (whether they use voice or video), the calls go much more smoothly than they used to before Dialpad. “One of the biggest benefits for us in IT is reduction in telecom-related trouble tickets by at least 35 to 40%—all gone,” Curt says.

Fenway Health

Fenway Health, a community health center with 15 locations in the Boston area, was using an outdated and expensive PBX system. Luckily, they had moved to a cloud contact center platform before the pandemic hit, which meant that their 600+ agents were able to smoothly transition to working from home.

According to Jon their IT Director, "We didn't have equipment to send home with folks, but they were able to use smartphones and web browsers to access the call centers, and our call center service levels were unaffected. It was a very easy transition."

Not only did Dialpad Ai Contact Center help them maintain HIPAA compliance, it also helped them improve the patient experience.

“We have a lot fewer mistakes. Before Dialpad, our call center managers had to be very hands-on with their training, and now we have coaching groups so it’s easier to shadow calls,” says Jon. “We can review analytics around call lengths, listen in to the audio, and make adjustments based on the agent, so our call center managers are more well-equipped to train them.”

Need a HIPAA-compliant call center platform?

Maintaining a HIPAA-compliant call center is a challenge, but with the right tools, it doesn't have to eat up all of your time and resources.

Dialpad Ai Contact Center can help you maintain HIPAA compliance while streamlining other aspects of patient care like how patient information is shared and stored, appointment scheduling, how your teams and offices interact, and much more.

Book a product tour to see how Dialpad can meet your practice’s call center needs!

See how you can improve patient satisfaction with Dialpad!

If you’re looking for a healthcare call center service provider, see how Dialpad’s cloud-based platform can help your practice stay connected with both colleagues and patients—no matter where you’re working. Or, take a self-guided interactive tour of the app first!