As of August 2017, the US Department of Health and Human Services has received a whopping 163,277 HIPAA Privacy Rule Complaints. 2016 was deemed the second worst year in terms of HIPAA violations and the top three causes behind these data breaches were employee action, lost or stolen devices and third-party error. Glancing at these statistics, it’s no wonder that HIPAA is the proverbial hippopotamus in the room for healthcare providers, especially when it comes to digital strategy.
HIPAA tends to leave digital healthcare marketing in a grey area. In nearly every industry, effective digital advertising revolves around a surplus of information, from location to age to occupation. Healthcare plays by a different set of rules. Medical patients are a carefully guarded demographic and using HIPAA-protected information for marketing strategy could result in very expensive fines for healthcare providers.
By definition, HIPAA refers to the Health Insurance Portability and Accountability Act of 1996, a piece of legislation that safeguards patient data and medical information. Under HIPAA, patient medical records, patient-doctor and patient-nurse conversations about treatment, health insurance system information, billing information and the majority of official medical information cannot be disclosed. Moreover, HIPAA dictates that these covered entities must have procedures, including specialized training for employees, in place to ensure the confidentiality of this information.
The US Department of Health and Human Services defines “marketing” as making “a communication about a product or service that encourages recipients of the communication to purchase or use the product or service.” If you are using a person’s health story or health information for marketing purposes, it will usually require the patient’s signed authorization. It may go without saying, but a covered entity cannot sell protected health information to a third-party organization; this includes distributing lists of patient names and contact information.
Looking at these guidelines, it’s clear that targeting “former cardiology patients” in your next Facebook ad is simply not an option. That said, there are ways to effectively market your healthcare brand while remaining within the parameters HIPAA designates. Digital advertising, such as pay-per-click, provides several targeting options that allow healthcare marketers to reach parties who fit a service line’s core demographic. If a hospital is located in Orange County, CA, marketers can set location parameters within specific ZIP codes to reach patients or physicians in that area. If a service line pertains to senior care, a targeted campaign can be set to reach the 65+ age group. To promote OB/GYN services, a healthcare provider could create a targeted campaign catering to females in the 25-35 age group.
A targeted healthcare campaign can also reach key decision makers who are not the patient. For example, young mothers ages 30-45 tend to be the deciding party when it comes to household matters, including healthcare. This core demographic is a prime target for pediatric service line campaigns. Another demographic to consider is adult children who are conducting healthcare research for an ailing parent. While marketers cannot target patients with a particular condition, they can target people viewing articles and other forms of online content about a condition. This strategy proves especially effective in targeting both patients and decision makers who are researching medical treatment for a loved one.
Another way to reach potential patients while staying HIPAA-compliant is through lead generation campaigns. Relying heavily on a call to action, these types of marketing campaigns typically ask users to opt-in to learn more about a service. Once healthcare providers have this information, they can use it for marketing purposes because the user provided it voluntarily. Lead generation campaigns are also useful from a strategic standpoint as they provide measurable data. For example, if a healthcare provider is promoting an event, those in charge of marketing can easily determine the effectiveness of the campaign based on a concrete number of signups.
To raise awareness of a service line or branded initiative, healthcare providers can consider implementing a brand awareness campaign. While these marketing campaigns are less about a call to action, and thereby provide less measurable data than lead generation campaigns, they are a powerful way to spread the word. Marketers can take a look at impressions and clicks to gauge how many people the campaign has reached.
With any digital marketing strategy, it is important to clearly define expectations and, from there, develop reasonable goals. Digital ROI is notoriously difficult to measure in the healthcare world, but with the right tools, it is possible to meet benchmarks and expand your audience. Once you have the results of your digital campaign, be sure to communicate data in a way that is easily understandable for all parties. Physicians may want to see an uptick in appointments for a service line while marketing executives may want to see an increase in reach. Determining what your team is expecting ahead of time will enhance the overall impact of your digital strategy.
Navigating the world of digital marketing can be a complex experience for healthcare providers. Presenting a successful digital campaign to the right group of people can prove difficult when faced with factors like HIPAA-compliance and patient privacy. That said, launching a powerful, strategic digital campaign as a healthcare provider is possible. With the right resources and a solid understanding of how to reach patients respecting HIPAA laws, your digital strategy can start seeing results today.