1. Overview
VoiceCare Pro is a software-as-a-service (SaaS) platform that processes voicemail audio files on behalf of US healthcare clinics, hospitals, and medical facilities. Because voicemail messages may contain Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA), VoiceCare Pro may function as a Business Associate under 45 CFR §164.502(e) and §164.504(e).
This notice describes our practices regarding PHI and the steps clinics should take to ensure a HIPAA-compliant deployment of VoiceCare Pro.
Important: This notice is informational and does not constitute legal advice. Covered entities should consult qualified legal counsel regarding their specific HIPAA obligations.
2. Business Associate Agreement (BAA)
If your clinic is a Covered Entity under HIPAA and you intend to forward voicemails that may contain PHI to VoiceCare Pro, you are required to execute a Business Associate Agreement (BAA) with us before doing so.
Request a BAA
Contact our team to receive, review, and sign a Business Associate Agreement. We typically respond within one business day.
Email mani@getvoicecarepro.com →The BAA establishes the permitted uses and disclosures of PHI by VoiceCare Pro as your Business Associate, and outlines our obligations with respect to safeguarding that information. We will not knowingly process voicemails containing PHI from a Covered Entity that has not executed a BAA with us.
3. How We Handle PHI
VoiceCare Pro processes PHI only as permitted under an executed BAA and solely for the purpose of providing the contracted service. Specifically:
- Voicemail audio files are processed by our AI systems to generate text transcriptions, summaries, department classifications, and recommended actions
- Processed output (patient name, caller number, callback number, AI summary, recommended action) is delivered via email and displayed in your clinic's dashboard — accessible only to authorized staff
- PHI is not used for advertising, product improvement involving identifiable data, or any purpose outside of service delivery
- PHI is not sold or disclosed to third parties except as required to deliver the service or comply with law
- Audio files and transcriptions are retained for 90 days from receipt, after which they are permanently deleted
4. Safeguards
VoiceCare Pro implements administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of PHI, including:
Technical safeguards
- Encryption of PHI in transit using TLS 1.2 or higher
- Encryption of PHI at rest using AES-256 or equivalent
- Role-based access controls limiting PHI access to authorized personnel and automated processing systems
- Audit logging of access to PHI
Administrative safeguards
- Designated HIPAA compliance point of contact
- Staff training on PHI handling and privacy obligations
- Policies and procedures governing access, use, and disclosure of PHI
Physical safeguards
- PHI stored in cloud infrastructure with physical security controls
- Access to server infrastructure limited to authorized providers
5. Subcontractors
VoiceCare Pro may engage subcontractors (such as cloud infrastructure providers) who have access to PHI in the course of providing services. We require all such subcontractors to execute appropriate Business Associate Agreements and to implement safeguards consistent with HIPAA requirements.
6. Breach Notification
In the event of a breach of unsecured PHI, VoiceCare Pro will notify the affected Covered Entity without unreasonable delay and no later than 60 calendar days following discovery of the breach, consistent with 45 CFR §164.410. The notification will include the information required by HIPAA's Breach Notification Rule to the extent available at the time of notification.
7. Clinic Responsibilities
Clinics using VoiceCare Pro are responsible for:
- Executing a BAA with VoiceCare Pro before forwarding voicemails containing PHI
- Ensuring that only authorized staff members have access to the VoiceCare Pro dashboard and email notifications
- Configuring softphone or voicemail forwarding settings appropriately to route messages to the correct unique VoiceCare Pro address
- Maintaining their own HIPAA compliance policies, including patient authorization where required
- Promptly notifying VoiceCare Pro of any suspected security incidents or unauthorized access involving our platform
8. Contact
For HIPAA-related questions, BAA requests, or to report a potential security concern:
- Email: mani@getvoicecarepro.com
- General support: support@getvoicecarepro.com