Since its passage in 1996, the Health Insurance Portability and Accountability Act (HIPAA) has ensured health care providers avoid sharing the protected health information (PHI) of their patients with unauthorized parties. This law is as complicated as ever, especially with the advent of online marketing and revenue streams.
As a dental healthcare provider, compliance with HIPAA rules and regulations requires practices to implement carefully thought out policies and enforcement strategies to avoid the heavy consequences of a violation. To ensure your team and business partners don't expose your office to a non-compliance risk, we will share some common best practices you can implement today to protect your patients' PHI.
One of the biggest frustrations of HIPAA guidelines is that this legislation came into being nearly two decades before social media ad campaigns existed. To be successful at dental marketing, one has to understand what information the Act protects to avoid violating HIPAA policy.
Below are just a few of many forms of patient information protected by this important law:
As you can see from this list, PHI is comprised of two primary pieces of information:
For example, sharing a photo on social media or sharing this information in a private conversation on a social media messenger program like WhatsApp violates HIPPA law. While this may seem harmless if shared with someone you trust, the reality is it isn't adequately protected in these online spaces, and you don't have patient permission.
Fortunately, avoiding violations is much simpler than it may sound if you have the proper guidance when creating your new policies for HIPAA-compliant marketing.
The following are best practices for different forms of dental marketing online:
PPC advertising has skyrocketed in popularity on social media sites like Facebook and through ad campaigns provided by Google. This form of digital marketing is ideal because it ensures your dental office gets in front of new patients currently searching for your services. However, while this form of marketing is relatively straightforward, the graphics and content you use in PPC ads could put your brand at odds with HIPAA.
Generally, Google Ads uses an automated review system that approves submitted advertising campaigns. Any of the following is considered a violation of this platform's terms of service, even if technically not a HIPPA violation:
Reviews are one of the single most powerful forms of marketing for your dental business. Some might even say that such feedback is the bread and butter of any successful company. But, when it comes to responding to patient testimonials on social media platforms like Google and Facebook, you must be HIPAA compliant.
Any response you make to a review should not reveal any protected health information. Instead, use terms of general appreciation and resist the urge to share any specific details about their condition, appointment, family, or other identifiable details.
You should also avoid sharing the review received on any other platforms. Why? If you do violate PHI privacy guidelines, you then have multiple instances you can be penalized for, which gets costly.
Social media marketing has quickly become a critical piece to any successful dental marketing strategy. Unfortunately, however, it's also shown to be increasingly easier to accidentally or intentionally commit HIPAA violations by oversharing personal health information about your dental practice, its patients, and more.
One of the primary ways to ensure you do HIPAA-compliant marketing the right way on sites like Instagram and Facebook is to create a practice-wide policy with designated roles. You'll find it's easier to manage the type of content getting posted to your online communities if you only allow certain members of your team to use these accounts. Having guidelines in place will also ensure that your employees are fully aware of what can and cannot be shared in these very public forums.
PIH on social media is a huge no-no, and the following are examples of identifiers your dental office shouldn't allow to pop up on your company feeds:
At Adit, we recommend that you prioritize managing your social media accounts and not overlap your personal and professional profiles. Also, keep in mind that new patients sometimes overshare in their comments, so it's crucial you monitor their posts on your page, as well.
HIPPA compliant marketing is an essential piece of a comprehensive digital advertising strategy for any practice, but it takes planning and commitment. At Adit, we can help you and your team learn and implement a sound compliance policy to avoid slip-ups that can lead to costly HIPAA violations.
From emails to PPC ads and posting to your community of followers on social media, knowing what can and cannot be shared is crucial. Our HIPAA consent tool makes asking for consent a breeze. This can prove extremely useful when marketing, and you need before and after patient photos.
Adit is here to help you do what you do best while we handle all the details. Contact us today to learn more about the many HIPAA compliant marketing tools we have available.