Those who have been in the home care industry are well aware of HIPAA – the Health Insurance Portability and Accountability Act of 1996 – which sets national standards for protecting patients and their private health information.
What you may not realize is that HIPAA also applies to home care marketing. The HIPAA Privacy Rule ensures patients have control over how their protected health information (PHI) is used and disclosed for marketing purposes. As a result, it’s vitally important for home care agencies to make sure that their marketing efforts comply with HIPAA standards.
When the information below is combined with a client’s physical or mental health condition, payment information for services, or general health care information, it becomes PHI:
- Names — full name, last name or initials
- Geographic identifiers — Anything smaller than state, including city, county, street address, and ZIP code
- Dates — Birth, discharge, admittance, and death dates
- Telephone and fax numbers
- Email addresses
- Social Security numbers
- Driver’s license information
- Medical record numbers
- Account numbers
- Health plan beneficiary numbers
- Certificate or license numbers
- Vehicle identifiers — serial numbers, including license plate numbers
- Device identifiers and serial numbers
- Names of relatives
- Internet Protocol (IP) address numbers
- Web URL
- Biometric identifiers — including finger and voice prints
- Full face photographic images and any comparable images
- Any other characteristic that could identify the individual
We recommend reviewing all of your agency’s marketing materials and taking the following steps as needed:
Website:
- Work with a third-party vendor that provides HIPAA-compliant forms for your site.
- Provide details on how data is collected and used in your website’s terms of use and privacy policy.
- Ensure that your website is HTTPS enabled.
Social Media:
- Rather than posting pictures of clients, consider featuring photos of caregivers (after receiving written permission to do so) or purchase stock photos.
- Regularly review and update your social media policy and hold routine training sessions so that staff members are aware of best practices.
Email:
- Use a third-party partner who is well-versed in HIPAA compliance, and ensure that all emails are encrypted.
- Confirm that your third-party email marketing firm executes a business associate agreement (BAA) with your agency to protect PHI.
- Make sure that any off-site servers that are used to store email addresses or client PHI are encrypted and backed up regularly.
The MOST team is skilled at marketing home health services while ensuring HIPAA compliance in all of your marketing materials. Contact us online or at 800.370.6580, to learn more about our home care marketing tools and services.
