HIPAA Marketing Policy
Developing a HIPAA marketing policy is an important part of ensuring that your communications are HIPAA compliant. Your HIPAA marketing policy should include procedures for receiving patient authorization for marketing communications, what to do if you’d like to use patient testimonials or reviews for marketing, and opt out procedures.
HIPAA Marketing Opt Out
Part of HIPAA compliant marketing is giving patients the ability to easily opt out of marketing communications. All of your marketing communications should include a way to easily unsubscribe from them. This may include an unsubscribe link in marketing emails, or the option to text STOP to opt out of text message marketing.
HIPAA Marketing Restrictions
The Privacy Rule defines “marketing” as making “a communication about a product or service that encourages recipients of the communication to purchase or use the product or service.” Generally, if the communication is “marketing,” then the communication can occur only if the covered entity first obtains an individual’s “authorization.”
The HIPAA Privacy Rule dictates certain HIPAA marketing restrictions, “The HIPAA Privacy Rule gives individuals important controls over whether and how their protected health information is used and disclosed for marketing purposes. With limited exceptions, the Rule requires an individual’s written authorization before a use or disclosure of his or her protected health information can be made for marketing. So as not to interfere with core health care functions, the Rule distinguishes marketing communications from those communications about goods and services that are essential for quality healthcare.”