How We Help Practices Stay HIPAA Compliant with Their Marketing
From the beginning, a key part of our mantra at P3 has been to “protect the client.” Patient data is one of the most important things that practices need to protect, so we take HIPAA compliance seriously.
There are several ways that you can collect, store, and share potential PHI with online marketing, intentionally or unintentionally, so our goal is to provide HIPAA compliant marketing solutions for our clients.
These are some of the ways we are helping medical practices maintain HIPAA compliance in their marketing:
Business Associate Agreements (BAAs)
As you likely know, BAAs are a key component of HIPAA compliance when medical practices are working with third-party vendors. We have BAAs in place with all of our clients.
Appointment Requests & Form Submissions via Your Website
All of the forms used on our websites are HIPAA compliant. Form data is not transmitted via email; rather, an email notification to designated employees at your practice with a prompt to log into the admin area to view the data. This gives you the ability to restrict access to form data to only those who need it.
Website Data Collection & Reporting
We understand the importance of tracking the traffic on your website and how patients interact with it. However, guidance issued by the U.S. Department of Health & Human Services indicates that the use of certain website tracking tools, like Google Analytics and Facebook’s Meta pixel, may not be HIPAA compliant (more on that here). We do the following to help practices track their data in a HIPAA compliant manner:
- For website analytics tracking, we use a self-hosted version of Matomo Analytics, which is hosted on a HIPAA compliant server.
- We offer HIPAA compliant website call tracking via CallRail.
- We do not use the Meta pixel for tracking traffic related to Facebook campaigns; campaign-specific links allow us to track Facebook traffic in Matomo. This way, no analytics data is collected or shared with Facebook/Meta.
Access Control
You can control who has access to your website, contact form data, and analytics data. We will never grant an access request without first confirming with our primary contact at your practice.
Team-Wide HIPAA Training
Our entire team at P3 has completed HIPAA training. We stay up-to-date on the latest developments in online marketing to understand what can and cannot be implemented for our clients with regard to HIPAA.
Third-Party HIPAA Compliance Verification
P3’s policies, processes, and services have been reviewed by Compliancy Group as part of their HIPAA compliance program. P3 has been issued a Seal of Compliance by Compliancy Group, which is recognized as a third-party HIPAA compliance verification standard for healthcare professionals, vendors, and IT professionals across the healthcare industry. The Seal of Compliance verifies and validates that P3 has made every effort to satisfy the HIPAA regulations, and has the documentation to illustrate it.
Our goal is always to provide effective marketing solutions to our clients, but we want to do it in a way that protects you from HIPAA violations. If you have any questions about our HIPAA compliant services, please feel free to reach out. We are here to help!
