Consider Patient Privacy When Marketing Your Practice
Advertisements, patient testimonials must be HIPAA compliant
With limited exceptions, the HIPAA Privacy Rule requires that a healthcare provider, as a covered entity, obtain the written authorization of the patient prior to any use or disclosure of the patient’s PHI for marketing purposes.
The two stated exceptions to the HIPAA Privacy Rule are:
- face-to-face communication between the personnel of the healthcare provider and the patient
- promotional gifts to the patient of nominal value (e.g., pens, toothbrushes, key chains, coffee mugs with the healthcare provider’s name on it).
Absent an exception, the healthcare provider would need to obtain the written authorization of the patient.
What information must be included in the written authorization? The HIPAA Privacy Rule details a list of core elements and required statements that need to be included in the written authorization for it to be effective.