Skip to main content

The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress and signed into law by the Clinton administration in 1996. It requires that any company in the healthcare industry dealing with sensitive personal healthcare information – whether that’s related to treatment, payment or operations – and any subcontractor or related business associate in the healthcare sector comply with security protocols put in place to keep that data safe. This includes patient data, information on treatments or services received, or any personal healthcare insights.

In the 21st century, with paper records having passed into history, there’s so much more to it than just keeping records in a locked room. With stiff punishments for negligence, if you’re in the healthcare industry, HIPAA compliance is something you literally can’t afford to take lightly.

Why Do These Rules Exist for the Healthcare Industry?

There were several reasons behind the HIPAA legislation. An important aim was to modernise the flow of healthcare sector information, while at the same time protecting people’s personally identifiable information (PII) from being stolen or used to commit fraud. It also aimed to address some of the limitations in healthcare insurance, like portability or pre-existing condition coverage.

If you work in a healthcare organization which creates, receives, transmits or maintains healthcare data, you’re obligated to:

  • Ensure its confidentiality, integrity and availability.
  • Detect any threats and safeguard it against them.
  • Provide protection against its illegal use or access.
  • Certify the compliance of everybody with access to it.

What Kinds of Healthcare Marketing Data Are We Talking About?

The range of what’s protected is pretty broad. Names, addresses, phone numbers, Social Security numbers, medical records, financial information, and full facial photos are all included – basically anything that could be used to identify a person individually. But it doesn’t end there; billing information, phone call data, medical records and even records of conversations between medical professionals and patients are also included. Data sharing is strictly controlled for these categories of information.

There are some exceptions where data can be shared without permission, but they’re very specific. They include legal proceedings and post-mortem organ donation. But frankly, if you don’t know the law, and your own obligations, you could find yourself in real trouble. Get it wrong, and the punishment depends on the degree of negligence.

Four defined tiers of non-compliance mean fines range between $1,000 and $1.5 million for breaches you couldn’t reasonably know about, to a minimum of $50,000 and possible criminal charges for wilful neglect. In short, HIPAA compliance matters.

What Data Can Healthcare Marketers Use?

In short, very little. Typical marketing strategies attempting to create a patient journey struggle in the healthcare sector. You shouldn’t even send marketing emails, for example, that relate to your customers’ personal health information (PHI) without their written permission, as even encrypted emails can be intercepted. If you’re considering using an anonymised but real case as a case study for marketing purposes, think again – the risk of somebody who knows that person identifying them leaves you liable. Healthcare consumers are protected like no other target audience.

For the same reason, stock photography is preferable to photos of your actual practice or office, too. You may accidentally reveal information or identities in an image, so it’s better to take no chances. And if your marketing is gathering any data from response forms, make sure the platform it’s gathered from is encrypted. Don’t use social media or other platforms to gather this sort of data; they’re just not secure enough.

If you’re producing creative content for the healthcare sector, you want to know that your production partners take security as seriously as you do. Ideally, you are looking for companies who can build encrypted websites or apps, and work collaboratively with your organisation to produce multi-channel campaigns quickly and cost-effectively.

Security as Standard

While we may not be handling your PHI or PII data, we take the security of your work extremely seriously and apply the very highest standards of data security. We Are Amnet realise that for the healthcare industry and health systems in particular, you can’t afford to take chances.

If you’re working with sensitive, confidential or embargoed information, or simply need to keep your new product or campaign to yourselves, you can rest assured that nobody unauthorised will see or hear about it. That goes not just for any marketing data you may have passed on to us, but your work itself.Our Smartshoring® model is designed to make scaling quick and easy, save time, lower costs and secure content production. If you need content production, content management, web and app development or corporate communications services and you need to know it will be produced in a strictly secure operational model, talk to us.

Saskia Johnson

Author Saskia Johnson

More posts by Saskia Johnson