Does HIPAA Impact Your Digital Marketing Plans?

In 1996, Congress passed the Health Information Portability and Accountability Act (HIPAA) to ensure patient health information is kept secure and can only be accessed and used to enhance patient care.

Of course the way we create and access data is much different in today’s digital world. Some groups have even requested updates to HIPAA to reflect the current state of digital healthcare – especially on the mobile side.

Beginning in September 2013, the Omnibus Final Rule requires that providers, payors and their business associates update privacy and security policies. The rule makes it clear to business associates (anyone accessing patient data in any capacity) that all marketers must have patient permission in advance of sending them any marketing materials.

The simple truth is that HIPAA guidelines for marketing are not clear when it comes to mHealth and other new technology that we’re using or developing. But, companies are still getting started in the healthcare industry, focusing on patient engagement and hoping for HIPAA clarity soon.

So, while the industry waits for potential updates from Congress, we thought we’d share our best knowledge of how HIPAA can impact your digital marketing plan.

First, always remember to respect patient privacy:

• If you deal with patient data in any way, you may not use it for any other purpose than to enhance their care.
• You may not share the information with anyone else without the patient’s expressed written consent.
• You cannot contact a patient unless they’ve previously given you permission (usually through their healthcare provider).

Second, make sure your data is secure. If your company is using best practices to secure your data, whether in the office or cloud, you are likely meeting current HIPAA guidelines.

As the healthcare industry shifts its focus to patient engagement, remember to treat your customers as unique individuals. Send individual emails, as opposed to massive email blasts that can compromise patient contact information.

Don’t forget that your other marketing content – from blog posts and white papers to social media posts, eBooks and other content – should never share or use patient data or testimonials without expressed written permission from that person.

Still hesitant about how HIPAA guidelines for marketing apply to your business? Check out this HIPAA Risk Assessment Tool! Ready to take the next step into healthcare marketing? At Pyxl, as industry experts, we understand and have experience navigating the complexities of digital marketing in healthcare, especially the importance of maintaining compliance with HIPAA. We’d love to work with you – let us know how we can help!

Updated: Apr 13, 2022