Minimum Necessary & PHI Use [Healthcare Compliance Tips]
healthcare compliance tips
Patient Requests & Disclosures [Healthcare Compliance Tips]
Minimum Necessary & PHI Use [Healthcare Compliance Tips]
healthcare compliance tips
Patient Requests & Disclosures [Healthcare Compliance Tips]

HIPAA & Marketing Rule [Healthcare Compliance Tips]

Examine your marketing practices to ensure HIPAA compliance.

Did you know HIPAA created limitations around using PHI for marketing purposes?

Under the Privacy Rule, marketing is making communication about a product or service that encourages recipients of the communication to purchase or use the product or service.  Therefore, your practice must obtain an individual’s prior authorization.

Examples of marketing communications are:

  • When a practice contacts former patients about new EKG pricing.
  • A health insurer promoting home or casualty insurance.

The Privacy Rule has an exception to the marketing definition, which includes:

  • A communication is not marketing if it is made to describe a health-related product.
  • A service that is provided or included in a plan benefits.
  • If it is made for treatment of the individual, for example when a healthcare provider mails reminders to patients.

Here are some specific areas that require HIPAA compliance when marketing is involved, such as:

Social Media

  • Do not create ads or posts that disclose PHI of any kind without prior authorization from the patient.


  • Patient information should not be included in email campaigns. And, they must be informed that they will receive marketing information with an authorization request.

Patient testimonials

  • An authorization from the patient is required for all testimonials. Also, remind them to not share any PHI.

This tip is an overview and there is much more to consider regarding marketing.  Therefore, if you are unsure of how to market safely, always lean on your compliance team or representative to help you protect your practice during marketing campaigns.

Lastly, don’t forget to train and create policies/procedures around this topic to share with your patients, staff, and business associates.

**The opinions and observations from the group/author are not a promise to exempt your practice from fines and penalties.  Research, modify, and tailor the advice to fit your specialty.

Joi Sherrod, MPH, CPC, CPCO
Joi Sherrod, MPH, CPC, CPCO
Joi is an educator and owner of JNC Healthcare Compliance Group. After working for distinguished academic teaching hospitals and clinics, she is passionate about helping medical, dental, and behavioral health practices rethink healthcare compliance one trend at a time. Contact Joi at