Medical Marketing Websites & HIPAA Compliance
Question: I Operate a Medical Clinic, Do I Need to Have a HIPAA Compliant Website?
Short answer is YES.
If you have a healthcare business, medical practice or a clinic with a medical website, and potential or existing patients communicate with you using the website you are likely receiving Protected Health Information (PHI). If patients use your website to call you, book appointments, ask questions, send Emails, or send forms, it can be subject to HIPAA laws. PatientGain.com highly recommends that all websites should an SSL certificate, and servers should NEVER BE SHARED SERVERS. They should DEDICATED SERVERS and server hosting company must have an infrastructure that complies with HIPAA and HITECH laws.
If you have been audited for a HIPAA violation, you may be asked to provide a Business Associate Agreements (BAA) from all vendors, including your website provider, who may have transported, viewed, stored or handled PHI. As a healthcare business owner or manager it is your responsibility to address BAA requirements from all providers of services to your medical practice.
As a medical provider, you must following information, ALL the time. There are 18 things or identifiers that make health information PHI . These are:
- Dates, except year
- Telephone numbers
- Geographic data
- FAX numbers
- Social Security numbers
- Email addresses
- Medical record numbers
- Account numbers
- Health plan beneficiary numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers including license plates
- Web URLs
- Device identifiers and serial numbers
- Internet protocol addresses
- Full face photos and comparable images
- Biometric identifiers (i.e. retinal scan, fingerprints)
- Any unique identifying number or code – For example if a patient has a pacemaker, there is a unique service number for each pacemaker. This would be considered a PHI
One or more of these identifiers turns health information into PHI and PHI HIPAA Privacy Rule restrictions will then apply, which limit uses and disclosures of the information. HIPAA covered entities and their business associates will also need to ensure appropriate technical, physical, and administrative safeguards are implemented to ensure the confidentiality, integrity, and availability of PHI, as stipulated in the HIPAA Security Rule.
Medical Marketing HIPAA Compliance
PatientGain.com provides BAA for its customers upon request. In order to understand what is covered, let’s review four major areas of HIPAA and some definitions.
What is PHI: Protected Health Information (PHI) refers to information about a patient you are about to treat (prospect patient), or an existing patient’s personal information, that must be guarded and treated as determined by HIPAA laws.
What is a Covered Entity: In HIPAA’s legal language, the Covered Entity is the healthcare business, medical practice providing services to patients. References to “Covered Entity” mean your practice, your clinic, or your medical facility.
What is a Business Associate: A business associate is a service provider or a vendor that provides services, technology, websites, electronic storage, software databases, etc. to a Covered Entity. This means your website provider is a Business Associate.
What is a Business Associate Agreement (BAA): A BAA is a legal document provided to your clinic, that states in detail that the Business Associate has taken necessary steps, in accordance with HIPAA regulations, to provide security and other measures to protect PHI.
It is important to note that Covered Entities and their Business Associates need to protect the privacy and security of protected health information (PHI). But, it gets more complicated when you start to put together a to-do list. Covered entities are required to apply the appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information. This applies to all forms of protected health information. As such, covered entities are not permitted to abandon protected health information or dispose such information that it will be accessible to the public or unauthorized individuals. Covered entities are required to train their workforce on the proper disposal of protected health information. It is important to note that under federal standards, the “workforce” includes volunteers. Covered entities should also determine what steps are reasonable to dispose protected health information while comply with the HIPAA Privacy and Security Rules.
There are four key rules:
1. HIPAA Privacy Rule
2. HIPAA Security Rule
3. HIPAA Enforcement Rule
4. HIPAA Breach Notification Rule
Each Covered Entity needs to follow all four rules. HIPAA Privacy Rule and the HIPAA Security Rule are very detailed and require a lot of effort. To stay in accordance with the Breach Notification Rule, you need to provide notification following a breach of unsecured Protected Health Information.
This article is not a definitive list of what is required for HIPAA compliance, you should assign a Privacy Officer to review each rule in its entirety. This article is intended to point you in the right direction. PatientGain.com will provide BAA for your clinic, if requested. PatientGain.com apps for healthcare clinics save the PHI information in a secure server that meets HIPAA guidelines. Contact us for more information.
6 Key Pillars of Healthcare Medical Marketing for Physicians. Used by the Top Clinics in USA and Canada.
Your patients start their journey to find your medical services in many ways. They may have immediate need for specific service, like a parent looking for a “pediatric urgent care near me” and over 78 percentage of the time they will go to Google and search. And majority of the time, this is done on a mobile cell phone device. You may have a client looking for specific MedSpa service like “Coolsculpting clinic near me” for non-invasive weight loss. There are millions of ways patients search and look for your services, every day, however, majority of the patients use online mediums like, Google, Facebook, Instagram, Yahoo, Bing etc to find a medical service provider.
6 Key Pillars of Healthcare Medical Marketing
Pillar No 1 - Patient Trust is the Foundation of Medical Marketing Success for Your Practice.
Provide excellent patient care and medical services to your target patients. Treat every patient like they are your first patient. Healthcare practices who focus on high customer/patient service have a solid foundation. From medical marketing perspective, Patient Trust starts from the moment they land on your website or read your online reviews.
Pillar No 2 - Medical Practice's Website.
Your website is the face of your practice. Your website can be an asset or a liability. Your website should look and perform better than your clinic's practice. Moreover your website should always build your brand.
Pillar No 3 - Medical Practice's Online Reputation.
Your online reputation – Number of 5 star reviews on Google is the most impactful strategy you can employ. Facebook, HealthGrades, Yelp and other sites are also important however Google Reviews ranking of 4.3 or higher with 100 or more reviews will make a huge impact on your business. We have seen the data and we are excited to help you achieve this.
Pillar No 4 - Medical Practice's Online SEO and Advertising.
SEO and Advertising. Having a nice website is a Step 1 – But if you are not improving the SEO on a monthly basis, you will be left behind. Advertising on Google and Facebook will further improve your patient acquisition.
Pillar No 5 - Medical Practice's Social Media Strategy.
Social media strategy to engage with existing and potential patients. Key strategies include
1) Installing intelligent apps on your Facebook business page
2) Posting weekly on Facebook business page
3) Posting daily on your Google Posts.
3) Advertising on Social Media - Start with Facebook
Pillar No 6 - Medical Practice's Patient Communication Strategy.
Effective patient communication strategy. Here is a great starting list
1) HIPAA compliant communication from your website
2) HIPAA compliant communication from Facebook.
3) SMS-Texting from your website
4) EMR integration
5) Monthly Email marketing
6) Daily Posts on Google Business Page
7) Weekly Posts on Facebook
8) Monthly Promotions offered
9) Conversion Technology and Techniques
SIX PILLARS OF HEALTHCARE MARKETING
This is the GOLD Solution From PatientGain
PatientGain.com is a certified premier google partner for healthcare.
To learn about Website Strategies and Website Examples for Doctors & Medical Clinics, please go here.
To learn about How Much Do Doctors Spend On Advertising, please go here.
To learn about Search Engine Optimization for Doctors & Medical Clinics, please go here.
To learn about Pay Per Click PPC Advertising for Doctors & Medical Clinics, please go here.
To learn about Content Marketing Strategies for Doctors & Medical Clinics, please go here.
To learn about GOLD Package Marketing for Doctors & Medical Clinics, please go here.