Minimum Necessary & PHI Use [Healthcare Compliance Tips]
healthcare compliance tips
Patient Requests & Disclosures [Healthcare Compliance Tips]

HIPAA & Marketing Rule [Healthcare Compliance Tips]

Examine your marketing practices to ensure HIPAA compliance.

Did you know HIPAA created limitations around using PHI for marketing purposes?

Under the Privacy Rule, marketing is making communication about a product or service that encourages recipients of the communication to purchase or use the product or service.  Therefore, your practice must obtain an individual’s prior authorization.

Examples of marketing communications are:

  • When a practice contacts former patients about new EKG pricing.
  • A health insurer promoting home or casualty insurance.

The Privacy Rule has an exception to the marketing definition, which includes:

  • A communication is not marketing if it is made to describe a health-related product.
  • A service that is provided or included in a plan benefits.
  • If it is made for treatment of the individual, for example when a healthcare provider mails reminders to patients.

Here are some specific areas that require HIPAA compliance when marketing is involved, such as:

Social Media

  • Do not create ads or posts that disclose PHI of any kind without prior authorization from the patient.

Email

  • Patient information should not be included in email campaigns. And, they must be informed that they will receive marketing information with an authorization request.

Patient testimonials

  • An authorization from the patient is required for all testimonials. Also, remind them to not share any PHI.

This tip is an overview and there is much more to consider regarding marketing.  Therefore, if you are unsure of how to market safely, always lean on your compliance team or representative to help you protect your practice during marketing campaigns.

Lastly, don’t forget to train and create policies/procedures around this topic to share with your patients, staff, and business associates.

**The opinions and observations from the group/author are not a promise to exempt your practice from fines and penalties.  Research, modify, and tailor the advice to fit your specialty.

Joi Sherrod, MPH, CPC, CPCO
Joi Sherrod, MPH, CPC, CPCO
Joi is an educator and owner of JNC Healthcare Compliance Group. After working for distinguished academic teaching hospitals and clinics, she is passionate about helping medical, dental, and behavioral health practices rethink healthcare compliance one trend at a time. Contact Joi at info@jnccompliance.com.

Related posts

7 Compliance Best Practices Every Leader Should Know

Read more
Concerned leader in scrubs.

5 Tactics to Combat Healthcare Fraud

Read more

The BAA – How to Do It Right!

Read more
Patient and healthcare worker.

55% of E&M Claims Have Mistakes. Here’s How to Avoid It

Read more
Healthcare Leader

The #1 HIPAA Mindset Trap That Holds Leaders Back

Read more
healthcare compliance leader

Compliance Culture: 10 Questions Every Leader Needs to Ask

Read more
Healthcare Compliance Tips

5 Billion Recovered: Why You Can’t Afford to Ignore It [Series]

Read more

DOJ vs. Compliance Programs [Healthcare Compliance Tips]

Read more
Healthcare Compliance Tips

Office for Civil Rights [Healthcare Compliance Tips]

Read more