Violating the HIPAA Act by accidentally revealing protected health information (PHI) is one of the most common reasons for professionals to avoid engaging in digital marketing activities.

This includes responding to online reviews and other feedback. And because 89% of 35-54-year-olds trust reviews as much as personal recommendations, these reviews are a marketing channel you don’t want to neglect.

This blog includes a list of protected health information to help protect your digital marketing content and guidelines about how you can engage with clients while still protecting their privacy and your practice.

What Is Protected Health Information?

Simply put, protected health information (PHI) is anything that could reveal the identity of your client. There is the obvious data, like a name, that could reveal your client’s identity. But there are also less obvious details that could reveal your client’s identity, like their city of residence or even the car they drive. 

Here is a quick list of PHI you must always avoid including in any digital marketing materials:

• Name or nickname.
• Address or geographical location.
• Any dates related to an individual or treatment (birthdate, date of appointment, date of treatment).
• Any contact information or identifying numbers (phone number, social security number, account number, medical record number).
• Vehicle information (license plate, make, model, color). 
• Fingerprints or voiceprints (including any recorded voice).
• Photos (from a headshot to a hand or leg).
• Anything that could identify a client (occupation, marital status, income, race).

Also, be sure to be mindful of your background when posting videos or photos of your practice. You may inadvertently reveal private information in the background, like a client’s phone number on a sticky note.

Social Media

This is a great way to connect with clients on a new level and build a large network of potential referrals and recommendations. When people search for a new practice, they often ask for recommendations on social media or use it to search for local businesses.

Maintain HIPAA regulations on social media follows the same guidelines above. Never post any details that could potentially reveal the identity of a client. Using any form of photography or video requires written consent and should be reviewed by an attorney to make sure they follow HIPAA laws.

Be sure to keep personal and professional lives separate. Never add a client as a “friend” on your social media account. You should also never tag a client’s profile or post directly onto their profile page.

All communications must take place over a secure channel, so this means you must not message a client over a social network. For example: Facebook Messenger. These are violations of HIPAA laws.

Online Reviews

When responding to online reviews, never reveal any identifying information. This includes a name, service provided, or other PHI. But HIPAA doesn’t mean you can’t engage with clients, it just means that you have to do so in a way that protects the privacy of clients.

Keep responses short — the longer your response, the more likely you are to accidentally include PHI. You can even provide templated responses for staff to use in multiple situations so that they can respond in a way that stays in line with HIPAA regulations.

Educate Your Staff

Educate staff on HIPAA laws. It is likely that they will spend more time managing your online presence than you, and they will need to be up to speed on how to interact within HIPAA regulations.

Be sure they know how to spot a HIPAA violation before it happens. You might also consider creating a social media and digital marketing guide with HIPAA laws in mind. This creates a reference for your staff that keeps everyone protected.

By following these guidelines, you can build and engage with clients and effectively build your practice while maintaining HIPAA regulations.

Of course, make sure to consult your attorney to create a set of guidelines and consent forms for your practice to make sure you are in line with HIPAA law. This article is not a substitute for legal counsel. 

Key Takeaways

• Protected health information (PHI) includes any details that could potentially identify a client.
• Avoid revealing PHI in social media posts, get written consent before using photographs, and don’t interact with client’s profiles directly.
• Responding to online reviews increases your credibility and reputation with clients, simply be mindful of HIPAA regulations.
• Educate staff about how to interact online while maintaining HIPAA regulations, create a guide.

To learn more about how Coaching Websites can help you build a thriving coaching practice, contact us today.