HIPAA and Healthcare Marketing with HubSpot

HIPAA and Healthcare Marketing

Disclaimer: This is a friendly reminder that because we are not attorneys, we cannot offer legal advice. This information should not be interpreted as legal advice, and you should consult your own legal counsel for compliance issues related to your industry, state, and municipality. Regulations change regularly, and it is important that you maintain HIPAA compliance, as well as compliance with all relevant data privacy and data protection regulations. 

Here at ThinkFuel, we frequently discuss the ways that medical providers can effectively market themselves to new patients. We work with many different providers, from plastic surgeons and vein clinicians to chiropractors and podiatrists, as well as women’s health clinics, medical device providers, and more. In our experience, facilities like yours need a good inbound marketing strategy to keep growing as a business. 

Of course, your primary focus is to provide excellent medical care to your patients. We know that, and you know that, too! However, it’s hard to provide medical care to people who aren’t walking through your doors. That’s why you and many others have decided to go the extra mile and improve your inbound marketing strategies.

You probably know that HubSpot is an invaluable tool for inbound and B2B marketing. After all, it is used effectively by professionals in countless industries. HubSpot provides sales, marketing, and customer service tools that can be scaled up or down, depending on each client’s need. 

Are you aware of the unique marketing challenges that medical providers face, due to state and federal health care information regulations? 

If you’re using HubSpot to market your services, you need to be aware of some specific information that affects what you can and can’t do. 

Table of Contents

What does HIPAA have to do with marketing, anyway?
How can you abide by HIPAA and market to leads?
How does HubSpot help with this?

What does HIPAA have to do with marketing, anyway?

As you already know, HIPAA protects patients’ personal information, including their diagnoses, treatments, medications, appointments, concerns, and more. This protected health information (PHI) is governed by federal guidelines, and you do not want to risk hefty fines if you violate those rules. Even if the violation is an accident, you could end up taking a major financial hit.

HIPAA compliance means that you only use patient data in legal ways. That includes storing, transferring, accessing, and using any information that patients provide or that medical providers document in their files. 

You can abide by HIPAA privacy rules at the same time that you perform essential marketing and sales tasks. This requires you to combine different digital platforms in a HIPAA-compliant way. 

How can you abide by HIPAA and market to leads? 

Health care providers often use a combination of digital platforms in order to communicate with patients and prospective patients. Think about how many platforms you are probably already using:

  • An electronic medical records (EMR) system 
  • Marketing tools and apps
  • Email subscription databases
  • A patient portal
  • Social media platforms and apps

One of the best ways you can ensure that your marketing never uses HIPAA-protected information inappropriately is to avoid all “cross-contamination.” Essentially, you make sure that you differentiate between apps, accounts, and platforms that access protected patient information and those that are used for marketing. 

Yes, this will result in some duplication of information in a few different places, but it will keep federally protected information from ever being used in a marketing campaign. You can’t get in trouble for inappropriately using patient information for marketing if you ensure that the protected information is never used at all for marketing purposes, right? 

How does HubSpot help with this? 

Because HubSpot is a global leader in marketing, its features are complex and inventive. You are not the first medical provider to improve your healthcare marketing through its services. When you work with HubSpot or choose a marketing agency that works with HubSpot, you reap the benefits of years of troubleshooting, problem-solving, software development, and more. 

Let’s look at three of the most effective ways to use HubSpot to prevent HIPAA violations. 

1. In HubSpot, you can create different lists that access different kinds of information. 

When you create custom properties with dropdown forms for your website, you get to control what information is collected from the visitor. Limiting those drop-down fields to omit any HIPAA-related information means that you are creating a contact database, not a patient database, with that provided information. 

Here’s an example: if you ask for someone’s name, email address, and phone number, that information can be added to a marketing database. However, if you ask them to share their symptoms or medications, you are at risk of 

Once they become a patient, transfer the information from “contact” to “patient,” and ensure that any information about their health is entered through your EMR or patient portal, rather than through your website. 

Regularly update your database to ensure that you are following best practices for storing and editing information. You can delete unnecessary information from your contact accounts, and you can even remove contacts altogether once they become patients. 

We also recommend a one-way integration: don’t send information from your EMR to Hubspot. Instead, only send information from HubSpot to the EMR.

2. You can utilize opt-in strategies.

All people to opt-in to what they want! When an individual is filling out a form on your website, you can get their consent to use their information in a few different ways. 

For example, you could give them a chance to opt in to marketing emails. (You probably won’t call these “marketing emails,” of course! Use language like “I would like to receive emails about special offers and promotions” or “I want to receive information about health and wellness.”) 

HubSpot will allow you to differentiate between leads who want to receive marketing information and those who don’t. The recipients of communication will have opted in to whatever kind of information you are sending. 

3. Be smart with your marketing emails.

A final piece of advice is to avoid using HubSpot’s personalization tokens in any emails that you send because you don’t want to create a situation where people’s protected information is used to market a product or service to them. 

Use general language, which may look something like this:

  • We want to tell you about one of our most popular services!
  • Are you interested in learning more about ….? 
  • Have you heard about our new service? 

Importantly, you should never refer to a patient’s treatment or medical history in your email marketing. Of course, if you’re following the advice from earlier in this article and keeping patient and marketing information separate, that won’t be a problem! 

Are you ready to learn more about how digital marketing can grow your practice? ThinkFuel can help! Let’s talk. We’re ready to get started! Are you?

About Author
Kevin D'Arcy

As our Chief Marketing Enthusiast, Kevin strives to provide clarity, honesty, and unique insights into every one of our engagements. Kevin helps companies improve their lead generation, enhance customer acquisition, and increase revenue. With over 18 years of inbound and content marketing experience with B2B technology companies, Kevin brings a straightforward approach to marketing with results that can be measured. He also has the most adorable hound dog that frequently comes to work with him.