It’s not always the information going out, but the data coming in, that can make for a HIPAA compliant website
Digital marketing is essential. As the owner or manager of a chiropractic practice, you’re tasked with spreading the word about what sets your business apart and grabbing the attention of potential patients. There are many different factors to consider when piecing together a marketing strategy for your business. You’re looking at how to get the best return on your investment and how to reach your target audience. One other item you should be considering? A HIPAA compliant website.
Maintaining compliance with HIPAA, the Health Insurance Portability and Accountability Act, is important enough that it should be front of mind in all your marketing efforts. But what does HIPAA, which pertains to patient privacy, have to do with marketing and advertising? You might be surprised. Many of the most common best practices for defining and targeting a customer audience can skirt the line of HIPAA compliance.
Websites are one of the biggest culprits.
How DC websites and HIPAA collide
These days nearly everyone is online. For most Americans, our decisions are driven by the information we can find at the click of a mouse or our fingertips.
That means that a business website is an essential tool. Your practice’s website likely serves multiple purposes — it’s there to provide guidance and education for your existing patients and to help persuade prospective patients of your expertise.
You probably know some of the basics related to HIPAA as it pertains to marketing. For instance, if you’re creating content that features a patient testimonial or photo, you need to ensure you have the proper documentation allowing you to do so. But the real potential HIPAA hazards on your website are a little sneakier.
The pitfalls aren’t typically in the information you provide to patients; rather, they appear when you ask patients and prospective patients to provide information to you.
Odds are that somewhere on your website there’s a form soliciting some type of information — name, email address, phone number. While it makes sense that any information patients provide related to their health issues would be under the purview of HIPAA, you might be surprised to know that any information they provide on your website constitutes protected health information, or PHI. That’s because they’ve already identified themselves as at least potential chiropractic patients by visiting your website.
Data collection and the HIPAA compliant website
Data collection is a vitally important part of marketing. It allows you to create targeted campaigns that garner more return on your investment, ensuring you’re meeting patients’ needs and wants. So, how can you ensure your data collection contributes to your HIPAA compliant website?
If you’re collecting any information from patients on your website, whether it’s through an event signup or a contact form, make certain that the form is encrypted. That’s the first step.
The second step is to talk with the host of your website to verify the strength of its security. You’ll also want to make sure you’re protecting PHI by limiting who can access data and how long they can access it. Want to dig in a little deeper to protect your practice? It’s also important to consider the tools you’re using on your website in coordination with data collection.
With tools like Google Analytics, you’re usually on safe ground, since these systems collect aggregate data, rather than showing you information like name, phone number or email. But if your efforts go beyond those basics to customer relation management (CRM) or more advanced analytics tools, do your research to ensure they’re HIPAA-compliant.
Since tools like these are typically purchased and facilitated through a product vendor, talk with the vendor about what they do with patient data. You want to know specifics about how data is handled, including who has access and why — the same considerations you have for internal handling of PHI. It’s also worth setting up a business associate (BA) agreement clearly outlining responsibilities between your practice and your vendors.
HIPAA-compliant marketing, in and out of house
Staying HIPAA-compliant isn’t a “set-it-and-forget-it” situation. Because HIPAA requirements evolve over time — and so do the marketing tools we’re all using — vigilance is required to ensure continual compliance.
If you partner with an outside agency to handle the marketing for your chiropractic practice, it’s worth finding out whether that organization is well-versed in HIPAA compliance. There are two key reasons why this is beneficial: The most obvious is that the marketing partner can help you ensure your marketing efforts are staying on the right side of the HIPAA fence.
But there’s an added benefit. We’ve talked a good bit about how common PHI is on healthcare-related websites — and how most consumer-provided information on a website does, in fact, fall under the HIPAA purview.
When you’re working with a marketing partner, in many cases, employees of the marketing agency are unable to do much, if anything, with that patient information that actually helps you understand if your marketing budget led to real live patients coming in the door. That makes it difficult to determine the ROI of existing marketing tactics. With a marketing agency to create a HIPA compliant website, that barrier is removed, making it easier for your marketing partners to determine the successes of your efforts and modify your approach as needed, connecting marketing dollars with real patients. That’s a strategy for success.
RACHAEL SAUCEMAN is the head of strategic initiatives for Full Media, a Chattanooga, Tenn.-based digital marketing agency specializing in health care. Full Media offers a full spectrum of HIPAA-compliant digital marketing capabilities within the health care space, including website design, online advertising, SEO, patient experience optimization, and analytics.