Violating HIPAA regulations is a grave offense, but there is a lack of clarity regarding the exact laws and compliance if HIPAA. Here is a list regarding HIPAA compliance:
For HIPAA certification the thumb rule is that it has to be essentially that no healthcare data can be used in online marketing. The do’s of the HIPAA compliance are as follows:
1] Create an email list- With the help of forms create a list of the emails that specifically state that the information will be used for marketing purposes.
2] Provide testimonials- under the statement that presents the honest opinions, beliefs, and experience of the patient that will be similar for most the patients that are using the same product. If the testimonial is not the typical one then authorization from the patient should be attained well in advance.
3] Share the medical information with other doctors for the best interest of the patient’s health- This is common practice whereby the personal medical information of the patient is shared with fellow doctors and this called as “care coordination”. This is not considered as the violation of the HIPAA laws.
4] Remind the patient of their prescription- It is very much in compliance with HIPAA if a reminder has been sent to the patient for the collection, pick up or order of the prescription.
5] Disclose information to communicate with the government- The health information can be shared with the government to consider eligibility for the various Medicare, Medicaid or any other government health program.
The list of the don’ts of the of the HIPAA compliance:
1] Don’t overestimate- Even if you think that you have provided sufficient HIPAA training to your staff, revise their skills at periodic intervals.
2] sharing information regarding celebrity- if ever you treat a celebrity do not share the information to gain popularity as this is one of the biggest breaches of HIPAA laws.
3] Include patients in a newsletter- If you are starting a newsletter campaign, do not include them in the campaign without there written consent. Inclusion with verbal consent will also be considered as a violation of a law.
4] share a patient’s own post about their experience- if a patient shares his or her experience on the online forum, it is not compliant that you can share their information with your followers if they have not given written consent. This will also be considered as the violation.
5] share information with telemarketer- only with proper HIPAA authorization, you can share the information with the telemarketer or else even this will be considered as the breach.
What should be included in HIPAA authorization:
1] a detailed description of the information that will be disclosed.
2] the details of the person or company who will use the information
3] detailed reason for sharing the information
4] written, dated and signed an agreement of the patient of whose information will be shared.
5] it should have a clause that once the information has been disclosed it will be re-disclosed to individuals, organizations and will no longer be protected by HIPAA.
