HIPAA Compliance and Healthcare Marketing
Despite popular opinion, healthcare entities can market to and attract patients with full HIPAA Compliance. Though not associated at all with SocialClimb, several recent HIPAA violations by medical groups attempting to track the value of their marketing spend have highlighted the difficulty in using modern marketing techniques while remaining compliant with HIPAA regulations.
Using popular digital marketing tools like Google, Facebook, or Bing often requires tracking pixels, which are small snippets of code that allow you to gather information about visitors on a website. These pixels are placed on websites to identify visitors and help target your marketing efforts; however, they can pose immediate issues when placed behind login pages or patient portals.
Patient portals typically require the visitor to be a patient of the healthcare practice and require anonymity in a HIPAA-compliant world. Tracking, recording, and monitoring patient use of password-protected areas of your website can be difficult or impossible to do while maintaining HIPAA compliance. Most tracking systems are not compliant, as they store Protected Health Information (PHI) in non-compliant online locations, with Google, Facebook, and other platforms.
There’s a lot of fear and misunderstanding around using tracking tools to identify website users and connect them with relevant marketing activities in healthcare. Website tracking is commonplace in most industries but, in healthcare, violations are often the result of storing patient data, including patient logins, in non-HIPAA compliant locations and then using that data for marketing purposes.
The image below helps explain some of these details. On the left, we see named individuals who are clearly identifiable. They’re not yet patients and haven’t passed through the HIPAA curtain, which means we can track and market to them in a wide variety of ways. Once they become patients, however, HIPAA applies to them, and we no longer see any identifiable information about them. Tracking these individuals after they become patients is more complex, and HIPAA is very specific about the information that can be used to market to them or others like them.
All is not lost, though! There are still ways to track marketing efficacy while staying HIPAA compliant.
Three keys to follow when tracking marketing effectiveness in healthcare are:
- Choose HIPAA-Compliant Marketing Partners – Necessity is the mother of invention, and in recent years, there’s been an increase in HIPAA-compliant marketing and technology partners. Check to see if your agency or technology partners are work in HIPAA compliance and can track your marketing return on investment – it’s possible.
- Don’t Track on Login Screens – Only track patients and potential patients outside of authenticated sessions (login screens) on your website. Treat the “authentication required” areas of your website as neutral zones for patient tracking technology.
- Settle For Data, Not Probabilities – Many marketing solutions assume that upticks in new patients mean their campaigns are working, even when there’s no direct way to identify whether those patients even interacted with their marketing. There are technology providers that remove the guesswork from healthcare-specific ROI calculations. They do this by integrating with your practice management system and are able to clearly identify the new patients attracted from specific marketing programs. These vendors are HIPAA compliant, will sign a Business Association Agreement (BAA) with you, and can provide data-driven reporting so you can base your tracking and conversion on actual patient appointments whenever possible.
SocialClimb is a HIPAA-compliant healthcare marketing platform. Contact us to learn more about our suite of HIPAA-compliant patient tracking tools and how we can help you track the return on your marketing efforts.
