Patient testimonials can help you attract new leads, improve conversions, and increase revenue.
However, they can also cause huge problems and land you fines if you’re not HIPAA-compliant when using them. Violating HIPAA rules cost up to $50,000 per violation per day.
So do you stop using patient testimonials to market your practice?
The answer is NO! You can still use patient testimonials without running into trouble. Read on to discover a few tips to stay compliant when gathering patient testimonials.
What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US law that establishes privacy guidelines to safeguard patients’ medical records and other health information given to insurance companies, physicians, hospitals, and other healthcare providers.
The law controls access and usage of Protected Health Information (PHI). The HIPAA privacy laws protect “Individually Identifiable Health Information” that can reveal a patient’s identity, including:
- the patient’s past, present or future physical or mental condition
- the provision of healthcare treatment and services to the patient
- the past, present, or future payment for the provision of healthcare to the patient
What is the HIPAA law on advertising?
According to the HIPAA Privacy Law, before using a patient’s testimonial on your website, social media, or for any marketing purpose, you must first get written permission from the patient.
The patient must sign a Notice of Privacy Practices and a patient testimonial advertisement form. Violating the law can cost you up to $50,000 per offense or a maximum of $1,500,000 per year.
In February 2016, a Los Angeles-based PT outfit agreed to pay $25,000 to settle HIPAA violations for posting patient testimonials that include patients’ names and photos on their website without permission from patients.
3 Tips to Stay HIPAA-Compliant When Gathering Patient Testimonials
- Avoid sharing protected health information (PHI) in campaigns – Avoid revealing any protected health information in your advertisements. Before you send out a post, allow a team member to give it a second look. Also, tell your patients who may wish to drop you testimonials that they should avoid stating their protected health information.
- Secure written permission – Before using any testimonial, ensure that the patient has signed the authorization form. Let the patient know how you intend to use the testimonial.
- Choose HIPAA-compliant tools – Make sure the tools and software you use in marketing your practice are HIPAA-compliant, including tools for social media, email marketing, customer relations, etc.
The information on HIPAA-compliant tools is usually encrypted and stored with a cloud backup. You can use a video tool like CaptureMD to collect video testimonials from your patients. CaptureMD is built for the healthcare industry with HIPAA compliance in mind.
Conclusion
Violating the HIPAA privacy laws, even by accident, is costly. But if you follow the above tips, you can still use patient testimonials without trouble.
You can use CaptureMD to collect branded testimonial videos from your patients with a few clicks. No video editing experience or expensive setup is required.