HIPAA Compliance in Health Care Marketing

By Kayla Matthews, HealthIT writer and technology enthusiast, Tech Blog
Twitter: @ProductiBytes

Everyone needs a doctor now and then, but how can patients choose which doctor they want to visit?

Doctors’ offices and hospitals have to take the time to market themselves to attract new patients to their humble halls — and these advertisements also have to be compliant with HIPAA regulations regarding patient privacy and protection.

How much effort do these practices need to make to ensure their marketing strategies are HIPAA compliant, and what steps can they take to ensure their advertisements do not violate patient privacy laws?

Marketing Emails
Emails are a huge part of the marketing world. It’s estimated that roughly 95 percent of online shoppers use email, and more than 90 percent of them check their email account at least once per day, so email marketing for health care makes perfect sense.

Traditional retail businesses see roughly $40 in returns for every dollar that they spend on email marketing — why not transition some of that growth into the medical industry?

HIPAA rules regarding email marketing aren’t clear. In fact, they’ve often been described as murky — which has kept many medical practices from even trying to implement an email marketing plan.

The first, and perhaps most important, step is to ensure the chosen email provider is HIPAA compliant as well. Email breaches happen, but if the provider isn’t on top of any potential problems, practices that use their services could be facing serious fines for HIPAA violations.

This is less important if the practice only uses the email service for outgoing marketing emails, but if any patient information is being discussed via email, HIPAA compliance should be a requirement.

Patients also need to opt-in to receive marketing emails. The new GDPR laws for email marketing in Europe are a good baseline for the kind of opt-in practices should provide for their patients. All unsubscribe requests should be addressed immediately.

Traditional Advertisements
Traditional advertisements, such as billboards, placards and imaging, are among the most popular types of advertisement in the medical community because they are visible and can convey the necessary information without any fear of violating HIPAA.

Even ads that use testimonials from current or former patients are protected. They usually don’t offer any patient information, and if they do, the patient in question is required to sign a release form.

These forms of advertisement are ideal for most medical practices. Large, high-resolution images in strategic places throughout your local market or even inside the practice can convey information clearly and effectively and bring more patients into the office.

Where HIPAA is concerned, this is one of the most secure ways to advertise and bring in new patients. It is also one of the most expensive forms of marketing, so make sure to take that into account before opting for this form of advertisement.

Social Media Marketing
According to MarketingSherpa, 95 percent of online adults between the ages of 18 and 34 are likely to follow a brand on some form of social media, and more than 2.5 billion people worldwide use social media.

It is almost impossible to have a business presence in today’s world without at least one social media account, but HIPAA laws mean this can be dangerous for medical practices.

If a practice is planning to set up a social media account for their patients, the first step to ensure it is compliant with HIPAA laws is to implement a very strict social media policy and limit the number of people who will have access to that account.

At the same time, consider investing in some tracking software that archives all the practice’s online communication. Not only does this software protect the practice in the event of a breach, but it also provides vital evidence that will be needed in the event of a HIPAA lawsuit.

Providing a basic script for the social media staff can also help the practice stay in control of the kind of content that is being posted.

For questions that happen outside of the set script, implement an “ask first” policy. Either don’t respond or say “We’re looking into your question and will get back to you soon.” This keeps the account engaged without accidentally violating HIPAA or inadvertently posting patient information.

Advertising to bring in new patients is a great way to improve a practice’s bottom line and ensure it can help the most people, but it has to be done carefully to ensure none of the emails, social media posts or advertisements violate HIPAA laws.

If it is done right, it can bring new patients to the practice. If it’s done wrong, professionals could find themselves facing HIPAA lawsuits or steep fines that could cause even more trouble for their practice.