12 HIPAA Marketing Compliance Do’s and Don’ts Every Medical Practice Should Know
Healthcare marketing has some special challenges that differentiate it from mainstream marketing. In addition to focusing on your target audience, providing valuable content and maximizing your ROI, you also need to worry about protecting your patients’ privacy and health information. In other words, healthcare marketing is HIPAA marketing. As you might expect, there are a lot of do’s and don’ts you’ll need to keep in mind as you craft your marketing plan to ensure you’re abiding by the guidelines. Here are 12 tips to help you keep your marketing HIPAA compliant.
HIPAA Marketing Compliance DO’s
Let’s start with the things you should do. HIPAA marketing compliance means doing two key things at once. The first is protecting your patients’ protected health information, or PHI, whether it’s stored on paper or electronically. The second is understanding and carrying out your responsibilities under HIPAA.
Medical practice DO’s for HIPAA marketing include:
- DO share general information about the treatments your practice provides and share healthcare news relevant to your patients. General information does not violate HIPAA rules because it’s not specific to any one patient. More importantly, posting valuable content is a great way to draw in new patient leads.
- DO share information about new treatments you provide or new certifications and professional honors you’ve received.
- DO get your patients’ permission before including them in any email list that will involve a disclosure of or reference to their protected health information.
- DO work with HIPAA-compliant third-party vendors any time you decide to outsource your marketing.
- DO double check all images you share in your marketing and social media campaigns to ensure that you haven’t inadvertently breached HIPAA rules about sharing patient information.
It’s a good rule of thumb that, in any healthcare marketing campaign, patient privacy must come first. Doing a thorough check of anything you might share on social media or include in a printed brochure is a good way to minimize the chances of a breach — and a hefty fine.
HIPAA Marketing Compliance DON’Ts
As you might expect, there are lots of things that are forbidden in HIPAA marketing. The general rule is that you must protect your patients’ privacy, but here are some specific things to avoid.
- DON’T mention any patient by name or disclose any identifying information in your marketing materials. The patient is the only person who can disclose information about their health. Any disclosure by you or your practice will count as a breach and could lead to a fine.
- DON’T allow photographs to be taken freely inside your practice. Photographs can easily reveal or expose PHI even when they’re taken by staff members and shared with the best of intentions. For example, a casual photo could include a computer monitor that’s displaying PHI. A determined person could work with the photo to steal the information even if it’s not in focus or appears only in the background.
- DON’T collect patient-specific information on social media. Social media sites aren’t encrypted and they’re not set up to collect PHI in accordance with HIPAA rules.
- DON’T work with non-HIPAA-compliant vendors to outsource your marketing. This includes marketing companies, fulfillment companies, and any other vendors that might participate in your marketing.
- DON’T use specific patient examples on social media – even if you change the names. It’s very difficult to eliminate the risk of someone recognizing the person you’re describing.
- DON’T send your patients any marketing emails related to their PHI without their express written permission. Even encrypted emails can be intercepted and may be used by others — and if they are, you’ll be the one paying the fine.
- DON’T include any patient data in your social media profiles. There’s no way to protect it and someone may be able to guess who the patient is.
The marketing DON’Ts for HIPAA are all related to being meticulous about how and when you use patient PHI and who else has access to it. One of the most common mistakes medical practices make is using a third-party vendor who’s not HIPAA compliant.
Marketing your medical practice is a must if you want to attract new patients and grow your practice. It’s your job to understand how HIPAA marketing works to ensure that you’ve protected your patients — and to avoid paying a fine if you make a mistake. HENO can help you with HIPAA marketing compliance. Want to see how? Click here to schedule your free demo today!