Is digital marketing HIPAA compliant? The answer isn’t so simple. The nature of digital marketing requires businesses to analyze customer data through several types of tools such as SEO, ad platforms, CRMs, and other marketing software. However, to be HIPAA compliant each of the tools that you use must be compliant. To provide guidance on the subject, below is our take on HIPAA compliant digital marketing.
Digital Marketing HIPAA Compliant Use
Although some digital marketing tools are HIPAA compliant, many are not, and openly ask healthcare organizations not to filter protected health information (PHI) through their software. Tools that are not HIPAA compliant include several popular digital marketing tools such as Facebook Ads, HubSpot, and MailChimp.
So how can you use their tools for digital marketing while maintaining your compliance?
There are no clear cut answers on whether or not using these tools will compromise your HIPAA compliance, however, healthcare entities should never use a tool that is not HIPAA compliant. Some sources suggest using digital marketing tools to target potential patients, but once the contact reached through the portal becomes a patient, to delete the contact’s data to preserve HIPAA compliance. While others suggest that you should create a look-a-like audience to mimic your target audience. However, to create a look-a-like audience that truly represents your key demographic would require you to input your existing patients’ data through a tool that is likely not HIPAA compliant.
But there may be a work around to this, although it requires a little extra work on your part. Instead of setting a look-a-like audience for digital marketing, you could analyze your patient data on your own by using a spreadsheet, and input ONLY the demographics that you identified as your target audience into your marketing tools. For instance, if you find that most of your patients are males between the ages of 45 – 60, you can set this demographic as your target audience without having to filter any PHI through the software.
*When using a spreadsheet for PHI, you must ensure the spreadsheet software is HIPAA compliant, and you have a signed business associate agreement (BAA) with the software provider. Some HIPAA compliant spreadsheet providers include Microsoft Excel and Google Sheets, but they are ONLY considered HIPAA compliant if you have a BAA signed with Microsoft or Google before their use.
Another way you can use digital marketing, although a more broad way of defining your target audience, is by targeting users that live in a certain proximity to your business. However, this will probably give you a lot of bad leads, meaning that people will see the ad even if they are not your key demographic.
Is Digital Marketing HIPAA Compliant?
Is digital marketing HIPAA compliant? No, not inherently. Basically, the best way for you to use HIPAA compliant digital marketing is to live by this rule, never allow access to your patient data to software that is not HIPAA compliant. Instead, take the time to analyze your data internally, and then use your findings to define your target audience in your digital marketing efforts.