Successful marketing is all about storytelling, and to effectively tell stories, you need real-life narratives. When it comes to healthcare marketing, those narratives are coming from people and patients whose sensitive health information needs to be protected. The key in marketing healthcare is making it connective and relatable to an audience while protecting highly personal, sensitive, and regulated information. That’s why Lenz Marketing is proud to be a HIPAA compliant organization.
What are the benefits of working with a HIPAA certified marketing agency, and what are the dangers of non-compliance? Lenz Marketing, Atlanta’s top healthcare marketers, is answering these questions and more in the blog below!
What is HIPAA?
If you’re working within the healthcare space, it’s essential to have a comprehensive understanding of HIPAA policy. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was established to adopt national standards for healthcare transactions, health information, and security between covered entities.
The ultimate goal of HIPAA is to secure Protected Health Information (PHI). PHI includes any information that could be used to identify a patient, including, but not limited to: name, address, photos, and Internet Protocol addresses. You can view the full list of PHI at HIPAA Journal.
In 2009, the Health Information Technology for Economic and Clinical Health Act (HITECH Act) was signed into law, created to motivate electronic health records (EHR) and supporting technology in the United States. The HITECH Act expanded the scope of electronic privacy and security protections available under HIPAA compliance regarding electronically protected health information (ePHI).
Why Does HIPAA Matter for Healthcare Marketing?
HIPAA compliance is vital to healthcare marketing, especially in our technologically-driven world. A healthcare marketing agency that is HIPAA-compliant will be able to advocate for your patient’s privacy and protect your practice from HIPAA violations, fines, and penalties.
Here are a few of the top considerations for why HIPAA compliance matters with healthcare marketing:
Website
An encrypted, HIPAA-compliant website is an absolute must if you are collecting any identifiable information. If your website includes any form fills or additional requests for patient information, it’s your job to protect that information and ensure it is accessed in a secure, regulated fashion.
Social Media & Digital Content
When using patient experiences to create social media, blog, video, or advertising content, you need to meet all standards of HIPAA compliance. This should include obtaining written permission from the patient, removing personally identifiable information, and ensuring PHI is not present in any digital assets that could be traced back to a patient.
Online Review & Reputation Management
Patient testimonials and public reviews inherently contain PHI. As marketing moves more and more into the digital world, many patients opt to leave reviews in public forums, like Google, Yelp, and social media platforms. A public response from the practice or company is nearly always recommended, and should always be HIPAA-compliant. Depending on the nature of the comment or review, taking the conversation offline can be the best way to remain compliant and avoid disclosing any PHI.
What Are the Dangers of Non-Compliance?
A HIPAA violation occurs when a HIPAA covered entity or employee fails to comply with any aspect of HIPAA standards, including disclosing excessive PHI, misuse of information, and failing to notify an individual of a breach in their personal information. You can find a list of the most common HIPAA violations here.
“The danger of non-compliance is adversely affecting real people and families by leaking their sensitive information. We’ve been entrusted with that information and have a duty to those people.” – Ricky Pattillo, Lenz Compliance Officer
The penalties for HIPAA violations can be severe, ranging from $100 fines to million-dollar settlements. Multi-million dollar fines have been issued as recently as 2018, with Anthem’s breach settlement of $16 million. HIPAA violations can be discovered through internal audits or through an individual or employee filing an official complaint. Learn more about penalties for HIPAA violations here.
How a HIPAA Compliance Officer Can Help Your Business
Any business or organization that is considered a covered entity should have at least one HIPAA Compliance Officer. Compliance officers are responsible for maintaining a HIPAA-compliant privacy program, investigating possible breaches of PHI, and ensuring patient’s privacy rights. HIPAA Compliance Officers should also develop security policies, risk assessments, and training for all employees who come into contact with PHI.
Why Lenz Marketing is HIPAA Certified
Lenz has always been focused on responsibly handling health information (PHI), but in 2017 we decided to invest in a company-wide initiative to educate our entire staff on the intricacies of HIPAA laws. As healthcare marketers working with a variety of clients, it is of the utmost importance that everyone at Lenz understands the evolving world of properly marketing healthcare and protecting patients.
Every staff member at Lenz is HIPAA-certified, and we even have a HIPAA task force to help interpret and manage complicated situations that occasionally arise. – Christine Mahin, Lenz HIPAA Compliance Officer
The rules about protecting PHI are constantly evolving and needing interpretation and risk assessment – one of the reasons we have a HIPAA task force! At Lenz, our HIPAA Compliance Officers, Christine Mahin and Ricky Pattillo, ensure that our clients’ websites and owned channels remain HIPAA-compliant. Additionally, they confirm all new Lenz employees complete a HIPAA training course as part of their onboarding process.
Interested in learning more about how HIPAA-compliant marketing can help drive results and ensure patient safety? Contact Atlanta’s top healthcare marketers experts at Lenz Marketing today.