Is digital marketing HIPAA compliant? The answer isn’t so simple. The nature of digital marketing requires businesses to analyze customer data through several types of tools such as SEO, ad platforms, CRMs, and other marketing software. However, to be HIPAA compliant each of the tools that you use must be compliant. To provide guidance on the subject, below is our take on HIPAA compliant digital marketing.

Digital Marketing HIPAA Compliant Use

Is Digital Marketing HIPAA Compliant

Although some digital marketing tools are HIPAA compliant, many are not, and openly ask healthcare organizations not to filter protected health information (PHI) through their software. Tools that are not HIPAA compliant include several popular digital marketing tools such as Facebook Ads, HubSpot, and MailChimp.

So how can you use their tools for digital marketing while maintaining your compliance?

There are no clear cut answers on whether or not using these tools will compromise your HIPAA compliance, however, healthcare entities should never use a tool that is not HIPAA compliant. Some sources suggest using digital marketing tools to target potential patients, but once the contact reached through the portal becomes a patient, to delete the contact’s data to preserve HIPAA compliance. While others suggest that you should create a look-a-like audience to mimic your target audience. However, to create a look-a-like audience that truly represents your key demographic would require you to input your existing patients’ data through a tool that is likely not HIPAA compliant. 

Let’s Simplify Compliance

Do you need help with HIPAA? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance

But there may be a work around to this, although it requires a little extra work on your part. Instead of setting a look-a-like audience for digital marketing, you could analyze your patient data on your own by using a spreadsheet, and input ONLY the demographics that you identified as your target audience into your marketing tools. For instance, if you find that most of your patients are males between the ages of 45 – 60, you can set this demographic as your target audience without having to filter any PHI through the software. 

*When using a spreadsheet for PHI, you must ensure the spreadsheet software is HIPAA compliant, and you have a signed business associate agreement (BAA) with the software provider. Some HIPAA compliant spreadsheet providers include Microsoft Excel and Google Sheets, but they are ONLY considered HIPAA compliant if you have a BAA signed with Microsoft or Google before their use.