Patient Privacy

Consider Patient Privacy When Marketing Your Practice

Advertisements, patient testimonials must be HIPAA compliant

With limited exceptions, the HIPAA Privacy Rule requires that a healthcare provider, as a covered entity, obtain the written authorization of the patient prior to any use or disclosure of the patient’s PHI for marketing purposes. 

HIPAA exceptions

The two stated exceptions to the HIPAA Privacy Rule are:

• face-to-face communication between the personnel of the healthcare provider and the patient
• promotional gifts to the patient of nominal value (e.g., pens, toothbrushes, key chains, coffee mugs with the healthcare provider’s name on it).

Absent an exception, the healthcare provider would need to obtain the written authorization of the patient.

What information must be included in the written authorization? The HIPAA Privacy Rule details a list of core elements and required statements that need to be included in the written authorization for it to be effective.