Is Online Marketing HIPAA Compliant


With patients turning to the internet more than ever to connect with medical care providers, online marketing is quickly becoming a requirement for successful and growing medical practices. The healthcare industry is often one of the last to adopt changes in marketing practices, especially because of concerns over HIPAA and other patient privacy factors. Many doctors are concerned over whether or not online marketing is HIPAA compliant. If you’re considering utilizing online marketing to sustain your medical practice, here’s what you need to know:

Patients are going online for information According to a Think with Google study, 84% of patients use online and offline sources for hospital research. Search also drives nearly three times as many visitors to hospital sites compared to non-search visitors, and on top of that, of patients who research hospitals on a mobile device, 44% scheduled an appointment.   With so much online activity connecting patients to doctors, it’s important to closely examine online marketing practices in association with HIPAA compliance.

What is HIPAA and what does it safeguard? HIPAA stands for Health Insurance Portability and Accountability Act. It’s purpose is to provide privacy standards to protect patients’ medical records, and other health information provided to health plans, doctors, and other medical providers. HIPAA protects PHI, which stands for Protected Health Information.   When we talk about how marketing needs to be structured in a way to comply with HIPAA, we’re talking about how PHI is involved. PHI includes any information about the health status of an individual, provision of health care, or payment for healthcare that can be linked to a specific individual. So, in any marketing communications a medical provider creates, specific and identifiable health information about an individual needs to avoided.

Which marketing messages are okay? In order to comply with HIPAA, marketing messages cannot share or disseminate specific, identifiable healthcare information. This means that most types of online marketing messages need to stick to general topics, unless a patient has provided written consent stating that their personal, identifiable medical information can be used (for something like a testimonial, etc.) Blog posts are a wonderful way to share information with your patients about health topics that they’re interested in, without violating HIPAA regulations.   Another instance where HIPAA comes into play is through email marketing. Obviously, email addresses are a piece of identifiable information, so in order to comply with HIPAA by not sharing PHI, the emails you send to these addresses cannot address topics that might specifically relate to a patients’ health care information.   In this case, things like test results, suggested medical plans, and other personal medical information should not find its way into an email. However, most other general informational topics can be sent to patients without violating HIPAA.   There are many ways to market your practice online while still complying with HIPAA regulations. If you’d like to learn more about how to market your practice online within these parameters, contact the Social Jeanie today!

Pinterest eBook


Leave a reply