Introduction to Audio-Only Telehealth and Access Benefits

Audio-only telehealth, or phone calls, is key for reaching many patients, particularly in rural areas. Because audio-only telehealth doesn’t require fast internet or smartphones, it’s an essential modality to access telehealth services for those without access to modern technology.

According to a 2021 FCC report, over 14 million Americans lack broadband internet access, and rural households are 16% less likely to have broadband than urban ones. Low-income families are hit hard, with 44% of U.S. households earning under $30,000 per year having no home broadband. For them, a phone is a lifeline to medical care when video isn't possible.

During the COVID-19 pandemic, audio-only telehealth showed its worth in bridging accessibility gaps. For example, in California's low-income clinics, audio-only visits made up 1 in 5 primary care visits and 2 in 5 mental health visits as of August 2022. Many health centers continued using phone consults following the end of the COVID-19 pandemic. This helped them reach patients who faced technology or transportation barriers. As one AMA expert noted, “Audio-only [telehealth] is key for patients with lower incomes and seniors who may not have audiovisual capability, as well as patients in rural areas with limited internet access.”

In short, audio-only telehealth makes healthcare more flexible and accessible. It helps patients without smartphones, reliable internet, or tech skills get medical advice. By using simple phone calls, healthcare can close accessibility gaps for those who might miss out on care.

But audio-only telehealth is not without its risks for providers. Regulators continue to scrutinize the use of audio-only telehealth services more closely than audio-visual services, opening up providers to fraud risk if services are not appropriately condcuted and documented. This article discusses key compliance considerations for providers when providing audio-only telehealth services.

Key HIPAA and Privacy Compliance Requirements for Audio-Only Care

Healthcare organizations must follow the same HIPAA privacy and security standards for phone care as for telehealth. The HIPAA Privacy Rule allows audio-only telehealth if providers use reasonable safeguards to protect patient PHI. Clinicians should call from private settings whenever possible and avoid disclosures that could be overheard by others. If a provider must share an office or is in a semi-public area, they should lower their voice and refrain from using speakerphone. This helps limit any incidental exposure of PHI.

Another HIPAA Privacy Rule requirement is patient identity verification. If the caller’s identity is not known, the provider must verify the individual’s identity, either orally or in writing, before proceeding. This can be achieved by asking the patient to confirm unique identifiers like the patient’s name, date of birth, or other information only the patient would know. By verifying the patient’s identity at the beginning of the appointment, the provider and patient can ensure that the patient’s health information is not disclosed to the wrong person. The provider should also be sure to document the method they used to confirm the patient’s identity to demonstrate full compliance with HIPAA requirements. Having this paper trail is key in the event of an audit.

HIPAA’s Security Rule also applies to audio-only telehealth in certain circumstances. The Security Rule governs electronic PHI, so it does not apply if a clinician is using a traditional analog telephone line for the call. A standard landline call is not considered “electronic” transmission of PHI under HIPAA.

By contrast, modern phone communications often use digital channels. VoIP calls, cellular calls, internet calling apps, or any system that converts voice to electronic data are subject to the Security Rule. In those cases, covered entities must implement security safeguards to protect ePHI during transmission (i.e. using encryption for voice data, ensuring the phone system has access controls, and conducting a risk analysis of possible eavesdropping or data interception risks). If calls are recorded or transcribed electronically, providers should be sure to secure those records as well.

In summary, providers should treat audio telehealth over mobile phones or internet lines with the same rigor as other digital health data. Employing technical protections keeps conversations private and secure.

HIPAA rules also apply to deals with third-party phone services. Usually, providers must execute a Business Associate Agreement (BAA) with any vendor handling PHI for their practice. However,  HHS has specified that a BAA with a common phone carrier is not required if the carrier is merely  connecting the call, and is not otherwise managing PHI. However, a BAA is still required where a provider uses any app or service that records, stores, or accesses PHI. Providers should be sure to evaluate the services they utilize for audio-only services and determine whether they have an active BAA in place where applicable to ensure they are satisfying all HIPAA requirements.

Practical Strategies for Ensuring Patient Privacy in Audio-Only Interactions

Keeping patient privacy during phone visits needs both technical steps and professional manners. Here are some practical tips for providers to keep audio-only telehealth private:

• Choose a Private Environment: Make calls in a secure, private spot. Don't call from public places or busy offices where others might listen. If you're in a shared area, close doors or use a screen to block sound. Also, alert colleagues or family who may be in the same location as you that you are on a confidential call to ensure they are not able to listen in.
• Avoid Speakerphone and Eavesdropping Risks: Use a handset or headset instead of speakerphone. Speakerphones can leak PHI to anyone nearby. If you must use speakerphone, ask who is present on both ends and ensure all listeners are authorized. Keep your voice low to prevent inadvertent disclosures of the patient’s information. A headset not only improves audio quality but also prevents others from hearing the patient’s voice on your end.
• Utilize Secure Call Technology: When possible, use phone systems with security features. Many VoIP or digital phone services offer encryption for calls in transit scribejoy.com. Consider dedicated telehealth communication tools or apps that are HIPAA-compliant. These tools provide end-to-end encrypted voice calls and secure voicemail. While a plain landline is acceptable, upgrading to encrypted VoIP can add an extra layer of privacy to guard against interception. Make sure any call recording or transcription features are disabled unless absolutely needed, and if used, that recordings are stored securely.
• Verify Identity Before Discussing Details: At the start of the call, confirm you are speaking with the correct patient (or their authorized representative). For instance, ask the caller to verify at least two identifiers (e.g., full name, date of birth, address). This prevents disclosing sensitive information to a wrong number or an unexpected person who answered the phone. If someone other than the patient is on the line, obtain the patient’s permission before continuing. Never share PHI until the identity of the caller is confirmed.
• Practice Minimum Necessary Disclosure: Be careful about how much information you share over voicemail or with unknown people. If you must leave a message, keep it brief. For example, “This is Dr. Smith’s office calling for John. Please call us back at 555-1234.”
• Don’t share detailed medical info in voicemails or with anyone but the patient. Even in live calls, only share necessary health details. Avoid mentioning unrelated conditions or personal data not directly relevant to the call. This follows HIPAA’s minimum necessary rule and protects against accidental disclosure.
• Educate and Partner with Patients: Encourage patients to find a private space for phone appointments. At the start of a call, ask: “Is now a good time to talk privately?” Tell them to avoid speakerphone in public and be cautious of who might overhear on their end. If they can’t secure privacy, they should reschedule. This way, you protect their confidentiality outside your clinic.
• Maintain Professional Etiquette: Treat audio-only visits with the same professionalism as in-person visits. Schedule calls securely, document them properly, and ensure no interruptions. Avoid putting patients on hold where they could be overheard by others in the office.
• Train your staff on privacy protocols like confirming identities and handling sensitive topics carefully. This is key to protecting privacy in all audio interactions.

By following these best practices, providers can significantly reduce privacy breach risks during phone calls. Simple steps like the no-speakerphone rule, identity checks, encryption, and a private setting help mirror the privacy of the exam room in a virtual audio space. Both clinical and administrative staff should adopt these practices for all audio-only interactions to uphold patient confidentiality.

Documenting and Verifying Patient Identity in Audio-Only Sessions

Proper documentation and identity verification are key in audio-only telehealth. Verifying the patient’s identity is not just a good idea—it's often required by law. The HIPAA Privacy Rule says you must verify identity for unknown callers.

At the start of a call, the provider should confirm the person on the line is the patient. You can ask for two or more personal identifiers like name and date of birth. Some places even ask for a third piece of information, like an address or medical record number, for extra security.

Industry best practice is to use more than just a name because anyone could know a patient's name. For recurring appointments, establishing a pre-shared PIN or code word with the patient may be beneficial to provide an extra level of security by asking the caller to verify information that those other than the patient are unlikely to know.

It's also vital to document the audio-only session thoroughly in the patient's medical record. All states now require obtaining and documenting a patient’s consent for telehealth services before they are rendered. Start the call by checking if the patient agrees to a phone visit and understands the limitations of an audio-only visit. Providers should also record the time and date of the call, the participants, and confirm identity was checked (e.g., “Patient identity verified by name and DOB”). If the provider asks the patient to confirm their location, a step that is often recommended for telehealth in case of emergency or licensure requirements, this should be documented in the encounter notes as well (e.g., “Patient states she is located at home in XYZ County at time of visit”).

Other details of a call should be documented just like an in-person office visit. This includes subjective notes (the patient’s reported symptoms or questions), your assessment/medical advice, any instructions or prescriptions given, and follow-up plans. It should be noted that the encounter was via audio-only telehealth.

For example: “Telehealth (audio-only) visit note: Patient called complaining of X... History discussed... Advised Y... Plan...”. This makes it clear it was not an in-person exam. If any limitations affected your decision-making, document that too.

For patient identity verification protocols, offices can use a script for every call. A sample script could be: “Thank you for calling [Clinic]. Before we discuss your health information, I need to verify your identity. Could you please confirm your name and date of birth?”.

If the caller is a representative, make sure you have their authority on file. For example, “Verified caller identity: patient’s mother (Jane Doe) confirmed patient’s DOB and address; consent on file to speak with mother.” If an interpreter or a third-party was involved, include their name in the note. Ensure a BAA is in place if needed. This is important for interpreters who are bound by confidentiality and often require a BAA if arranged by the provider. Take care to note any patient preferences, like no voicemail or phone communication.

Finally, be sure document that privacy was maintained during the visit (e.g., “call conducted from clinician’s private office via secure line.”).

In summary, treating an audio-only telehealth encounter with the same formality as any other visit is key. Verify and document identity, obtain and log consent, record key details of the interaction, and note that it was conducted by phone. This ensures a robust record that protects both patient and provider. It also meets regulatory and billing requirements and provides continuity of care.

By following a standardized protocol for phone visit identity verification and documentation, practices can confidently integrate audio-only care into their services. This keeps them on solid legal and clinical ground.

Addressing the Limitations of Audio-Only Telehealth

Audio-only telehealth makes healthcare more accessible. Yet, it has important limitations. It's key to know when a phone call is sufficient to address a patient’s needs and when a patient needs to be evaluated in person.

Phone visits are best for situations that don't require a visual evaluation or hands-on assessment. For example, many doctors conduct behavioral health counseling and psychotherapy through phone calls. These conversations mainly involve talking and listening, and a provider can generally treat and evaluate the patient without needing to see the patient in real time. Medication management and prescription follow-ups can also be completed via phone, provided that the treating provider can effectively check a patient’s symptoms or side effects and change their medications without a physical exam.

Discussing test results or routine check-ins for chronic disease management can also be done over the phone. For example, reviewing lab results and planning next steps for diabetes management. Audio-only visits are often used for “discussing medicines, test results, and other brief medical subjects,” usually in calls under 15 minutes. Established patients with straightforward needs (like a blood pressure medication refill or a progress update on depression treatment) can be well-served by audio telehealth, as long as both the patient and provider are comfortable proceeding without a visual evaluation.

However, audio-only telehealth is not suitable for all medical issues. Any situation needing a direct physical examination, visual inspection, or procedure can't be handled over the phone. For instance, a skin rash, injured limb, or infection requires a visual check.

Synchronous audio-visual telehealth also has distinct advantages over audio-only care because the provider can observe the patient’s condition and non-verbal cues to assess the patient’s needs. Without video, a clinician might miss important information. This includes a patient’s pallor, degree of swelling, rash characteristics, or non-verbal expressions of pain or confusion. The inability to see the patient is a major limitation of phone visits, and providers should carefully consider whether seeing the patient is necessary to conduct an appropriate assessment of the patient.

Using audio-only telehealth can also affect diagnostic accuracy and clinical decision-making. For example, managing new, complex symptoms like “severe abdominal pain” or “shortness of breath” over the phone is risky. These symptoms usually need an in-person evaluation or at least video to assess the patient’s condition.

Providers should also consider whether an audio-only appointment is suitable for the individual patient beyond their medical needs. For one, patient engagement and rapport can be lower with audio-only telehealth. Some providers find it harder to build trust without face-to-face interaction. Patients can also be more distracted, as they might be multitasking during the call. Further, certain patient populations, like those with hearing impairment or speech difficulties, might struggle with phone-only communication, and may benefit from video’s visual aids or in-person interaction.

Healthcare experts say audio-only telehealth should be used as a backup, not as a first choice. Medicare’s post-pandemic policy shows this– the 2025 Physician Fee Schedule allows it for most services. But even where the provider believes that audio-only telehealth is appropriate for a given patient, the provider must still be able to provide video and the patient must either be unable or unwilling to utilize an audio-visual modality.

This means audio-only is appropriate when it’s the only feasible way to reach the patient. If video is available and acceptable, it's usually preferred. CMS advises that providers should use video instead of audio-only whenever possible to ensure the highest quality of telehealth encounter.

There is also the risk of misdiagnosis or delayed diagnosis if a phone call fails to capture something a physical exam would catch. As a best practice, providers should screen patients/issues first before determining what type of telehealth modality would be most appropriate. If a patient’s complaint sounds like it might need a direct look or hands-on assessment, the provider should advise an in-person visit or, at minimum, set up a synchronous audio-visual telehealth consultation, if possible.

Despite these limitations, audio-only telehealth is a valuable method of care delivery. It shines for behavioral health and for follow-up care that might be skipped if it is difficult for the patient to attend visits in person. But both providers and patients should be aware of its limitations. Clinicians should educate patients about the limits of phone care upfront and be sure the patient understands these limitations, informing the patient of the need for in-person follow-up care where necessary.

In sum, audio-only telehealth is best used selectively. While it is highly effective for certain communications and ongoing care needs, it is not a wholesale replacement for an in-person physical exam or the richer context that video can provide. Finding the right balance ensures patients get the convenience of phone access without compromising patient care quality.

Key Takeaways and Compliance Checklist for Audio-Only Telehealth

Audio-only telehealth can greatly enhance healthcare access for hard-to-reach populations, but it must be implemented with careful attention to privacy and regulatory compliance. Providers should leverage phone visits to bridge access gaps in rural, low-income, or elderly patient groups. Below is a summary checklist of best practices and compliance tips for audio-only telehealth:

• Ensure Patient Access Needs are Met: Use audio-only telehealth for patients without internet or devices. This helps rural, low-income, and older patients get access to needed care. Always offer video or in-person visits when possible, and have phone visits as a backup that is available to patients where appropriate.
• Obtain and Document Consent: Get the patient’s consent for telehealth before the first call. Explain what a phone visit means and the limitations of audio-only visits. Confirm consent at the start and record it in the patient’s chart.
• Verify Patient Identity: Check the caller’s identity with at least two details before sharing personal health info to ensure your patient’s information is protected. Note how you confirmed their identity in all patient encounter documentation. If making calls, make sure you reach the right person before offering any information about the patient’s condition.
• Protect Privacy During Calls: Make sure calls are in a private area; avoid speakerphone unless it’s safe to use. Speak softly if others are around. Tell patients to call from a private location. Don’t share sensitive info if you or the patient is in public.
• Use Secure Communication Tools: Use phone lines or apps with encryption and security for calls. Encrypting calls adds protection under the HIPAA Security Rule. Password-protect voicemail boxes or recordings with PHI. Make sure mobile devices used for calls are locked and secure.
• Apply HIPAA Safeguards and Policies: Treat audio telehealth like any patient encounter under HIPAA. Implement reasonable safeguards (i.e. no unwitting disclosures, careful handling of any records). Have Business Associate Agreements in place for third-party telehealth apps handling PHI. Train staff on HIPAA-compliant phone communication, including the “minimum necessary” rule for sharing information.
• Document Thoroughly: Create a record of the phone visit like an office visit. Note it was an audio-only telehealth encounter. Document the patient’s concerns, advice given, any prescriptions or referrals, and follow-up plans. Include verification details (identity, consent) and if relevant, the patient’s location. Good documentation ensures continuity and supports billing compliance.
• Recognize When Audio-Only Isn’t Enough: Be aware of the limitations of phone care. If a patient’s issue requires visual evaluation or is beyond the scope of a conversation, arrange for a video visit or in-person exam. Do not attempt to manage emergencies or complex new symptoms solely over audio – send those to the appropriate setting. As a general rule, use video over audio whenever feasible for clinical scenarios that benefit from visual assessment.
• Educate Patients and Set Expectations: Let patients know when audio visits are suitable (e.g., follow-ups, counseling, simple issues) and when they should be seen in person. Provide guidance on how they can protect their own privacy during calls and encourage them to speak up if they are uncomfortable with phone care for any reason. Managing expectations will increase patient satisfaction and safety with audio telehealth.

With the right tools in place, audio-only telehealth can be a valuable way to provide patients with the care they need. Questions about using audio-only telehealth in your practice? Contact one our our attorneys today; we’re here to help.