Since its passage in 1996, the Health Insurance Portability and Accountability Act (HIPAA) has ensured health care providers avoid sharing the protected health information (PHI) of their patients with unauthorized parties. This law is as complicated as ever, especially with the advent of online marketing and revenue streams.
As a dental healthcare provider, compliance with HIPAA rules and regulations requires practices to implement carefully thought out policies and enforcement strategies to avoid the heavy consequences of a violation. To ensure your team and business partners don't expose your office to a non-compliance risk, we've updated this guide with the best practices of 2023 so you can protect your patients' PHI effectively and consistently.
One of the biggest frustrations of HIPAA guidelines is that this legislation came into being nearly two decades before social media ad campaigns existed. To be successful at dental marketing, one has to understand what information the Act protects to avoid violating HIPAA policy.
Below are just a few of many forms of patient information protected by this important law:
As you can see from this list, PHI is comprised of two primary pieces of information:
For example, sharing a photo on social media or sharing this information in a private conversation on a social media messenger program like WhatsApp violates HIPPA law. While this may seem harmless if shared with someone you trust, the reality is it isn't adequately protected in these online spaces, and you don't have patient permission.
Fortunately, avoiding violations is much simpler than it may sound if you have the proper guidance when creating your new policies for HIPAA-compliant marketing.
The following are best practices for different forms of dental marketing online:
PPC advertising has skyrocketed in popularity on social media sites like Facebook and through ad campaigns provided by Google. This form of digital marketing is ideal because it ensures your dental office gets in front of new patients currently searching for your services. However, while this form of marketing is relatively straightforward, the graphics and content you use in PPC ads could put your brand at odds with HIPAA.
Generally, Google Ads uses an automated review system that approves submitted advertising campaigns. Any of the following is considered a violation of this platform's terms of service, even if technically not a HIPPA violation:
Reviews are one of the single most powerful forms of marketing for your dental business. Some might even say that such feedback is the bread and butter of any successful company. But, when it comes to responding to patient testimonials on social media platforms like Google and Facebook, you must be HIPAA compliant.
Any response you make to a review should not reveal any protected health information. Instead, use terms of general appreciation and resist the urge to share any specific details about their condition, appointment, family, or other identifiable details.
You should also avoid sharing the review received on any other platforms. Why? If you do violate PHI privacy guidelines, you then have multiple instances you can be penalized for, which gets costly.
Social media marketing has quickly become a critical piece to any successful dental marketing strategy. Unfortunately, however, it's also shown to be increasingly easier to accidentally or intentionally commit HIPAA violations by oversharing personal health information about your dental practice, its patients, and more.
One of the primary ways to ensure you do HIPAA-compliant marketing the right way on sites like Instagram and Facebook is to create a practice-wide policy with designated roles. You'll find it's easier to manage the type of content getting posted to your online communities if you only allow certain members of your team to use these accounts. Having guidelines in place will also ensure that your employees are fully aware of what can and cannot be shared in these very public forums.
PIH on social media is a huge no-no, and the following are examples of identifiers your dental office shouldn't allow to pop up on your company feeds:
At Adit, we recommend that you prioritize managing your social media accounts and not overlap your personal and professional profiles. Also, keep in mind that new patients sometimes overshare in their comments, so it's crucial you monitor their posts on your page, as well.
HIPPA compliant marketing is an essential piece of a comprehensive digital advertising strategy for any practice in 2023, but it takes planning and commitment. At Adit, we can help you and your team learn and implement a sound compliance policy to avoid slip-ups that can lead to costly HIPAA violations.
From emails to PPC ads and posting to your community of followers on social media, knowing what can and cannot be shared is crucial. Our HIPAA consent tool makes asking for consent a breeze. This can prove extremely useful when marketing, and you need before and after patient photos.
Adit is here to help you do what you do best while we handle all the details. Contact us today to learn more about the many HIPAA compliant marketing tools we have available.
Angela is a former English teacher turned marketing content specialist. Over the past 10 years, she’s developed marketing strategies to forge enduring bonds between B2B, B2C and SaaS companies and their clients through holistic education, effective communication, and captivating storytelling that moves audiences to act.
Offer ends December 27, 2024, and is limited to prospective customers who sign an annual agreement before December 31, 2024. Gift card will be emailed to the company owner or established representative within 4 weeks of signing the annual agreement. Offer may not be combined with any other offers and is limited to one (1) gift card per office. Offer is not available to current customers or to prospective customers or individuals that have participated in a Adit demo during the prior six (6) months. Recipient is responsible for all taxes and fees associated with receipt and/or use of the gift card as well as reporting the receipt of the gift card as required under applicable federal and state laws. Adit is not responsible for and will not replace the gift card if it is lost or damaged, is not used within any applicable timeframe, or is misused by the recipient. Adit is not responsible for any injury or damage to persons or property which may be caused, directly or indirectly, in whole or in part, from the recipient’s participation in the promotion or receipt or use of the gift card. Recipient agrees to indemnify, defend and hold harmless Adit from and against any and all claims, expenses, and liabilities (including reasonable attorney’s fees) arising out of or relating to a recipient’s participation in the promotion and/or recipient’s acceptance, use or misuse of the gift card. This offer is sponsored by Adit Communications, Inc. and is in no way sponsored, endorsed or administered by, or associated with Amazon.
Cut your software bill by up to 60% when you merge everything your dental office needs to run under one roof.