How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask taxmanrog Your Own Question
taxmanrog, Certified Public Accountant (CPA)
Category: Tax
Satisfied Customers: 485
Experience:  Licensed CPA, MA, MST with 31 years' experience. Teach Accounting and Tax courses at Masters level.
Type Your Tax Question Here...
taxmanrog is online now
A new question is answered every 9 seconds

This question is for Lane, JD I have a Health Care

This answer was rated:

This question is for Lane, JDI have a Health Care professional who is calling in potential patients. These are people who responded favorably to promotion and may have come into the practice, but they are not paid patients. She has a lack of desktop phones in her office in Tennessee. I suggested she call in prospective patients on her cell phone and she said she could not do so as it violates HIIPA as it was an insecure network. She also said a patietn sign in could never allow a patient to see another patient's naem.. She also told stories about how if she sends a gmail to a patient from her office she can get fined 10000 dollars per word or if she sends a Facebook message to a patient that it could be a HIIPA violation. These stories were told her by another eimployee. She never read HIIPA. Is this for real? Can she really not call a potential patient on her cell phone if other phones are filled up?

Welcome to Just Answer! Thank you for giving me the opportunity to assist you! I will do my best to help!

Lane is not online now, so I hope that you don't mind if I answer. I am a CPA with 30+ years' experience and we audit several doctors. I also spent 15 years as a volunteer firefighter, and became very aware of HIPPA and all its extreme requirements. My wife is currently fighting cancer, stage 4, and due to HIIPA her many doctors spend more time trying to be HIIPA compliant than they spend treating her. I have seen first hand how this law can really hamstring doctors who are just trying to treat patients.

First of all, your doctor is correct in that she cannot use a cell phone in most cases because it is not on a secure network. There are some (very few) apps that are HIIPA compliant, but for the most part cell phones are not secure enough for HIIPA. So if she get a HIIPA compliant app, then she can use her cell phone. Otherwise she is in violation.

She is not correct in that a patient sign-in list is not compliant. HIIPA does allow some minor disclosure, and a sign-in sheet is allowed as long as the patient's medical information is not on the sheet. If it is simply the patient's name, this is legal. Furthermore, a nurse is allowed to call patient names for appointments out loud and not be in violation of HIIPA. For example, the nurse is allowed to say "Mr Jones? Mr Jones, the doctor will see you now" without being in violation.

Gmail (standard), Yahoo mail and other emails, including Facebook, are not considered compliant because they do not have "at rest" encryption for stored data, and they do not have active encryption. In rough terms, the data stored in the "cloud" is not encrypted enough to be compliant.

However, Gmail does have an app that is HIIPA compliant. Google has Business Associate Agreements that provide the required encryption and other safeguards to make their email HIIPA compliant. You can read more about it at

Violation of the HIIPA guidelines do result in penalties, ranging from $100 to $50,000, but they are NOT per word. They are per incident, which usually means per email. If the noncompliance is due to an oversight, the penalties are usually $100 to $1,000 per incident, which could mean per email, or per complaint. On the other end of the spectrum, wilful neglect is a flat $50,000 penalty, so if they are not compliant and know that they are not in compliance, and chose to do nothing about it, they get hit with a $50k penalty.

I hope that you have found my answers helpful. IF you have any more, please feel free to ask and I will be happy to answer.

Thanks! Have a great week!


Customer: replied 4 days ago.
Thank you very much.
Thanks for your response. I appreciate your assistance.I send you my best wisher for your wife.One follow up question:
Now if the potential client has never done any treatment in the center, and has simply responded to an ad and come in to talkt ot someone, and if someone calls them back later on OMG A CELL PHONE is that a HIPPA violation???? We are talking no paid service and the office manager calling her back. ////////If it is a problem, how does one get a HIIPA compliant cell phone app? Any idea?

I do not believe that simply calling by the office manager to set up an appointment, when no medical services have yet been provided, would be a violation. If the phone call is made over the office's password ***** Wi-Fi, this would make even talking about patient information possibly protected.

Customer: replied 2 days ago.
Is that what you meant by a HIIPA compliant app?

No, this is just a procedure that may allow you to comply with a cell phone, by making calls over the secured WiFi network instead of the cellular airwaves. This deals with network and firewall security. In addition, there are specific apps that are HIPAA compliant.

If you Google "Hipaa compliant apps" you will find several sites that offer apps that will work for your purposes.



taxmanrog and 2 other Tax Specialists are ready to help you

Related Tax Questions