When protected health information (PHI) is made public, a consumer’s most valuable asset – their identity – becomes vulnerable.  The privacy rule of the Health Insurance Portability and Accountability Act (HIPAA) makes individually identifiable health information sacrosanct. It can’t be disclosed without express permission from the patient.

Of course, it’s rare that a healthcare provider intentionally signs away patients’ information. Instead, headlines pertaining to HIPAA violations reveal that many such violations are unintended:

• Dental Practice Pays $10,000 to Settle Social Media Disclosures of Patients’ Protected Health Information
• Texas Nurse Fired for Social Media HIPAA Violation
• Jackson Health’s HIPAA Violation Costs US$ 2.15 million fine

Unfortunately for offenders, ignorance of the law doesn’t offer protection from it. If you violate HIPAA, you’re at risk of criminal prosecution even if you didn’t know your actions were prohibited under the law. That puts healthcare marketers in a precarious situation if they’re unaware of HIPAA regulations and requirements regarding protected patient information.

What is protected health information?

HIPAA Journal defines protected health information as any data that:

relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual that is transmitted by electronic media; maintained in electronic media; or transmitted or maintained in any other form or medium.

The journal’s list of items identified as PHI is extensive, including but not limited to:

• demographic data
• medical histories
• test results
• and insurance information.

How do healthcare marketers lose control of PHI?

Modern marketing relies heavily on interactive touchpoints such as online review sites, Facebook groups, and healthcare portals. Each of these platforms gather and analyze data to refine and customize future touchpoints. The social aspect of these online channels can be a powerful way to personalize communications and build community. However, they can also be a HIPAA pitfall.

• In the case of the dental practice, staff responded to several Yelp reviews using the patient’s last name and providing details of the patient’s medical condition. 
• The Texas nurse posted comments about a rare case of measles in her hospital. Without providing even a patient name, the court found that she’d made available information that could be used to identify a patient.  
• Jackson Health Systems in Florida circulated a photo of an operating room screen that revealed patient information on social media.

In each of these cases, a powerful tool for marketing became a stumbling block through carelessness. Cases like these do more than damage profit margins. They also damage the reputations of healthcare providers and trust within the community.

How you do anything is how you do everything

Healthcare professionals dedicate their lives to protecting the well-being of their patients. We would be appalled by a doctor or nurse who refused to wash their hands or sterilize equipment. We intuitively understand that these “insignificant” processes are absolutely essential to our best interests. 

Those charged with healthcare marketing, whether an in-house staff member or a marketing agency project manager, should be just as cautious is protecting patient information. It’s not just for the protection of the consumer; it’s for the protection of your business reputation. 

At Morgan & Co., we have decades of experience building comprehensive marketing campaigns and buying ad space for professionals in the healthcare industry. Our media planners specialize in identifying and capitalizing on healthcare-related audiences, influencers and advocates. We stay on top of industry trends and stay apprised of the regulations and requirements that impact healthcare marketing. Get in touch with us today to learn more.