Is Your Marketing HIPAA Compliant?

Is Your Marketing HIPAA Compliant?

by Bobbie Lind October 31, 2017
hipaa compliant marketing

Is Your Marketing HIPAA Compliant?

We live in the digital age. 3.7 Billion people in the world are connected to the internet. And that number increases everyday. That’s almost 40% of the world’s population. You can find almost anything online.

Everyday millions of Americans are searching for medical information online. Which doctors to visit, how to treat certain conditions and other decision-making information for their medical needs.

And therein lies the biggest problem.

As a medical practitioner, there are certain data sets that need to be protected. The Health Information Portability and Accountability Act – HIPAA determines certain information about an individual when they are under the care of a doctor to be protected.

Violations of HIPAA privacy has some very hefty fines associated with it, and possibly even jail time.

So, what is a health professional to do? The internet is one of the best ways to increase business. But violating your patient’s privacy rights can have some major consequences.

This is where working with a company that understands HIPAA compliance with regards to marketing is well worth the investment.

In case you need some convincing that digital marketing is the way to go here are a few stats:

  • 95% of online consumers use email – and 91% check their email at least once a day.
  • There are over 2 Billion users on Facebook.
  • 72% of adult internet users use Facebook.
  • Only 29% of people want to talk to a salesperson to learn more about a product, while 62% will consult a search engine.
  • Reading or writing social media reviews and comments will influence the shopping behavior of 67% of consumers.

Working with a marketing company that understands HIPAA compliant marketing will allow you to increase your business – and keep your patient’s data private.

Here’s a quick checklist of 6 things that you can do – today – to ensure that your marketing is HIPAA compliant.


Good or bad. This inadvertently confirms that the reviewer is your patient. And unless you have written authorization to disclose that information replying to reviews is a big no-no.

2) Ensure you have written authorization to disclose from any testimonials you receive.

Testimonials drive the marketing world, but HIPAA privacy states that you cannot share certain information about a patient without first receiving written authorization to do so. Names, images, dates, medial history (as in why they came to see you) are all protected health information (PHI) under HIPAA.


Or any site for that matter. Treatments in the broad sense can be used, but when it’s tailored to an individual that’s a no-no. If anyone tries to ask for specific information, the best response is “Please contact your health professional for medical advice” or something to that effect.

On that note, be extremely careful of the information you provide on social media. Check out this article on how easy it may be to post something that gets you into trouble.

4) Never email a patient if they did not explicitly ask for emails.

Many patient intake forms have the patient fill out their email information. That alone is NOT authorization from the patient for you to send them marketing emails.  A simple check box stating that they wish to receive marketing information via email from you is a simple solution to that. However, you MUST provide an easy way for them to unsubscribe from your marketing should they desire it. And it’s always a good idea to remind them why they are receiving your emails at the bottom of your email. “You are receiving this email because you opted-in to receive marketing information from <<Your practice name here>>.”

5) Use HIPAA compliant software.

This is a big one. Gmail (or hotmail, yahoo, aol, insert other free email service here…) – is NOT HIPAA compliant. Now, G-suite is different. You CAN configure it to be HIPAA compliant. Also, several marketing platforms will provide HIPAA compliant logins and data encryption. Ask before you sign up to ensure that they can handle HIPAA protected data. And the ones that do handle the data properly will sign a BAA with you (or your marketing company).

As with anything in the health care industry – it’s going to cost. Many companies charge the extra fees or their most expensive service to sign the BAA paperwork.

6) Separate your personal social media account from your business account.

A business social media page can work wonders on increasing your business. However, it’s not secured…so post wisely…and post broad topics. Keep your personal account just that…personal. And unless you really are friends outside of your office, it’s best to not friend all your patients on the social media platform.

HIPAA is no joke. And is not something to take lightly. However, you can market your business successfully online and remain compliant. Careful planning and a solid marketing plan are essential to having a compliant marketing campaign.

Here at Right Rudder Consulting we believe that everyone should effectively market their business. Taking the necessary precautions to ensure your patient’s data is protected is one of the things that sets us apart from other marketing companies. And we’ll sign the business associates agreement with you.

If you would like help designing your HIPAA compliant marketing campaign – or are interested in our marketing services – feel free to contact us. Or schedule a consultation.

Social Shares

Leave a Comment

Your email address will not be published. Required fields are marked *