A Look at the Way HIPAA Impacts Digital Marketing

Violating the HIPAA Act by accidentally revealing protected health information (PHI) is one of the most common reasons for healthcare professionals to avoid engaging in digital marketing activities.

This includes responding to online reviews and other feedback. And because 89% of 35-54-year-olds trust reviews as much as personal recommendations, these reviews are a marketing channel you don’t want to neglect.

This blog includes a list of protected health information to help protect your digital marketing content and guidelines about how you can engage with patients while still protecting their privacy and your practice.

What Is Protected Health Information?

Simply put, protected health information (PHI) is anything that could reveal the identity of your patient. There is the obvious data, like a name, that could reveal your patient’s identity. But there are also less obvious details that could reveal your patient’s identity, like their city of residence or even the car they drive.

Here is a quick list of PHI you must always avoid including in any digital marketing materials:

  • Name or nickname.
  • Address or geographical location.
  • Any dates related to an individual or treatment (birthdate, date of appointment, date of treatment).
  • Any contact information or identifying numbers (phone number, social security number, account number, medical record number).
  • Vehicle information (license plate, make, model, color).
  • Fingerprints or voiceprints (including any recorded voice).
  • Photos (from a headshot to a hand or leg).
  • Anything that could identify a patient (occupation, marital status, income, race).

Also, be sure to be mindful of your background when posting videos or photos of your practice. You may inadvertently reveal private information in the background, like a patient’s phone number on a sticky note.

Social Media

This is a great way to connect with patients on a new level and build a large network of potential referrals and recommendations. When people search for a new practice, they often ask for recommendations on social media or use it to search for local businesses.

Maintain HIPAA regulations on social media follows the same guidelines above. Never post any details that could potentially reveal the identity of a patient. Using any form of photography or video requires written consent and should be reviewed by an attorney to make sure they follow HIPAA laws.

Be sure to keep personal and professional lives separate. Never add a patient as a “friend” on your social media account. You should also never tag a patient’s profile or post directly onto their profile page.

All communications must take place over a secure channel, so this means you must not message a patient over a social network. For example: Facebook Messenger. These are violations of HIPAA laws.

Online Reviews

When responding to online reviews, never reveal any identifying information. This includes a name, services provided, or other PHI. But HIPAA doesn’t mean you can’t engage with patients, it just means that you have to do so in a way that protects the privacy of patients.

Keep responses short — the longer your response, the more likely you are to accidentally include PHI. You can even provide templated responses for staff to use in multiple situations so that they can respond in a way that stays in line with HIPAA regulations.

Educate Your Staff

Educate staff on HIPAA laws. It is likely that they will spend more time managing your online presence than you, and they will need to be up to speed on how to interact within HIPAA regulations.

Be sure they know how to spot a HIPAA violation before it happens. You might also consider creating a social media and digital marketing guide with HIPAA laws in mind. This creates a reference for your staff that keeps everyone protected.

By following these guidelines, you can build and engage with patients and effectively build your practice while maintaining HIPAA regulations.

Of course, make sure to consult your attorney to create a set of guidelines and consent forms for your practice to make sure you are in line with HIPAA law. This article is not a substitute for legal counsel.

Key Takeaways

  • Protected health information (PHI) includes any details that could potentially identify a patient.
  • Avoid revealing PHI in social media posts, get written consent before using photographs, and don’t interact with patient’s profiles directly.
  • Responding to online reviews increases your credibility and reputation with patients, simply be mindful of HIPAA regulations.
  • Educate staff about how to interact online while maintaining HIPAA regulations, create a guide.

To learn more about building an online presence and digital marketing for your practice, contact Officite today. See why over 8,000 practices and 20 healthcare associations have trusted us with their online presence.

See our other articles about digital marketing and HIPAA here: