How to play it safe with healthcare marketing regulation (HIPAA) and avoid hefty $1.5M fines

March 28, 2018




Written by Adam Troudart,

Content Manager at Umbrella







The Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its regulations (the "HIPAA Rules") were designed to protect personal health information (PHI). Formed by the Health and Human Services (HHS), these rules were amended and became stricter in 2013, with regards to marketing and sales of PHI.

According to the 2013 Amendments to the HIPAA Rules, marketers and advertising agencies fall under the definition of “Business Associates”, meaning they have to stick to the FDA and HIPAA regulations.

Violating the HIPAA Rules could result in fines up to $1.5M per year, plus criminal sanctions.

But hey, we’re talking about a $1.5 Billion niche here, so how can marketers still crack it without getting fined?

“Marketing” - what does it even mean?
According to Duane Morris, the HIPAA Rules define “Marketing” as “making a communication that encourages the recipient to use a product or service, with certain excepted activities that relate to an individual's specific treatment (e.g., communications about refills, treatment plans, alternatives to treatment, new services, additional benefits, case management services, etc.) or the operations of a provider or plan to provide general information about case management and other services.”

In plain English, most common marketing activities, such as advertising and email marketing are considered “Marketing” in the eyes of the HHS and OCR.

What marketers can do to stay in the clear
The good news is that the HIPAA Rules are mostly about patient confidentiality, meaning marketers can stay out of trouble by following two simple rules:

1. Avoid using PHI
As CEO of Futures of Palm Beach told Forbes, “Complete patient anonymity is key. Once marketers understand that, they can plan their campaigns accordingly.” As a marketer, avoid using any type of information that could identify the protected health information (PHI). 


If you need such information, either get the individual’s written authorization to use it, or stay on the safe side by completely anonymizing such data. Alternatively you can use publicly available studies, surveys etc.


Plus, remember to protect secure your computers and servers,  and keep all your data private.


2. Stay informed
As a healthcare marketer you should always stay informed with the latest HIPAA-HITECH Regulations.


If you’re an agency, make sure that all your employees are HIPAA certified.


MDs, health plans and healthcare institutions are well aware of these rules. They will only work with marketers and agencies who are committed to comply these rules. 

Feel like breaking into the lucrative local healthcare niche?

Here’s your chance to get medical professionals and other businesses seen everywhere and generate tons of sales, with uYea!


Disclaimer: This article has been created for informational purposes only and is not offered, nor should be construed, as legal advice.



Share on Facebook
Share on Twitter
Please reload

Featured Posts

4 Client Conquest Tactics to secure non-stop clients for your Digital Marketing Business

April 7, 2019

Please reload

Recent Posts
Please reload

Please reload

Search By Tags
Please reload

Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square

© 2020 All rights reserved to Umbrella Micro Enterprises Inc.