4 Tips for Staying HIPAA Compliant with Your Healthcare Marketing Efforts

The internet and social media have provided a number of highly targeted, efficient promotional channels for health providers. However, overlooking HIPAA compliance is something you can’t afford to do within healthcare marketing.

The following is a look at several important tips to help you reach your patients with an impactful message, while holding to HIPAA regulations.

Don’t Share Patient Information

This point seems obvious, given that the point of HIPAA is to protect the rights of patients to medical confidentiality. However, it is tougher than you think in healthcare marketing, given the value that case studies offer as a common promotional tool used in other industries.

Never execute a promotion that includes a patient’s name, contact information or other personal identifiers covered under HIPAA.

Avoid Real-Life Pictures

Every time you look at a healthcare marketing brochure or on a website, it seems like you see pictures of patients receiving care. How do these providers get away with displaying their real-life patients in marketing pieces?

Theoretically, they don’t. If you want to include pictures, source stock photos or use actors that portray patients.

It is also a good idea to prevent external followers or fans from uploading pictures on your social media accounts. You could get into hot water if someone on Facebook shares private patient pictures on your page, for instance.

Remember the Little People

Many healthcare marketers are savvy enough to recognize that you can’t post private information through mass social messaging. However, it is easy to forget that even direct messages about patients violate HIPAA as well.

Imagine someone calls you on the phone and wants some background on a treatment plan. You wouldn’t pull out Jane Doe’s file and explain the successful care for her as a patient. In the same way, don’t share confidential information protected by HIPAA even to single individuals through direct messaging.

Sharing isn’t Caring

Naturally, some patients and their families want to share their own medical experiences online. You typically don’t and shouldn’t have control over patient posts.

However, realize that a patient’s decision to share publicly doesn’t authorize you to forget HIPAA. Sharing a patient’s private post with your practice’s followers is akin to posting it yourself. One strategy some medical professionals enact is to create separate personal profiles that allow for more flexible interactions with patients. It is still a good idea for individuals to consult with their legal team for guidance.


Given the importance of case studies and personal testimonials in promotional strategies used in other industries, HIPAA definitely hamstrings healthcare marketing. However, it is possible to develop and deliver impactful messages to your target market while remaining compliant.

To improve your chances of success, work with a marketing partner that has experience preparing compliant healthcare marketing, did you know RMI had a HIPAA compliant call center?. Contact our Business Development Manager, Amanda Sparks, to learn more!

Response Mine Interactive