In the current age of social media savviness and digital service reviews, it is extremely easy to violate HIPAA rules and regulations. In fact, it is strictly prohibited for you to respond to an online review posted about your service regardless of the channel, whether it is Google, Facebook or other social media outlets.

These violations could be tough to spot especially when most marketing techniques begin to slip into these dark and grey areas. At our agency, we are well versed at understanding the best techniques and practices for conducting marketing campaigns that are in full compliance with HIPAA regulations and best practices. Being one of a few handful organizations with these competence, we understand what steps must be taken to avoid such precarious situations.

Getting Great feedback and Reviews is a vital step when marketing as a medical professional

Great reviews serve as a powerful boost to the practice and helps new clients experience the advantages of your services from other individuals. This increases the spread of word-of-mouth thereby building trust, confidence and assurance in your practice. As much as presenting these reviews give new clients great perspectives and helps you grow, there are a few highly technical guidelines that you MUST follow when conducting marketing campaigns for your medical practice. Here, it is important that you are absolutely certain that your practice does not violate any of these rules.

What is the Heath Insurance Portability and Accountability Act?

The Health Insurance Portability and Accountability Act was enacted in 1960 and is a section of American legislation that safeguards patients’ medical information alongside providing data privacy and security provisions for all protected health information.

While the HIPAA covers a comprehensive area of the medial practice, we have spoken to a substantial number of top medical lawyers in order to gather the most vital areas that would likely interfere with HIPAA compliance in your practice. These would span from medical reviews, to posting information that could lead to the public identification of the patient.


To be HIPAA compliant when marketing for a medical practice, You MUST follow the steps listed below;

  1. Do not upload any patient list, document or private information on any part of the internet. This means that all patients lists must remain in a secure location in your office and must not be shared with anyone who is not a part of the health care team for the patient.
  2. All patient related information must not be uploaded to a third party email software. This means that only HIPAA approved email systems can be used and you/all medical professionals must refrain from sending this information through MailChimp, Constant Contact, Active Campaign, GetResponse and any other email software.


  1. Avoid the use of physical snail mail in sending postcards and other physical materials to patients.


  1. Do not use a call tracking software when interacting with a patient. An example of such software is CallRail. This is particularly a grey as there is always a line as to when exactly they become patients. When individuals come for consulting, they are not yet patients and you can use this software. However, you must stop using this software when they become patients as their personal information is getting stored and saved online with these call tracking platforms. This is a very delicate situation that MUST be avoided entirely.


  1. Avoid digital lead generation/phone number and email gathering through landing pages, sales funnels and Facebook links. There is no prohibition to this with the general public as long as you follow the laws regarding this issue. With patients however, the case is absolutely different. The violation happens when your leads become patients through your existing clientele which automatically puts their information on the internet via sales funnel platforms like Clickfunnels, Facebook or Unbounce. Generally speaking, it is safer to stay away from opt-in lead generation entirely when marketing for a medical practice.


  1. Do not reply to any and all online reviews you receive from patients of your medical practice. Whether it is On Google, yelp or other review platforms. This account for all kinds of feedback including positive and negative reviews.


Aside from these violations listed above, there are many other ways you can violate the HIPAA guidelines. It is important to note that the consequences for violations are not lenient and involves both the marketer and the medical professional. The penalties can include jail time and a fine to the tune of $250,000 for every violation. Ironically, even with this strict regulations, the infringements remain quite common.

While the HIPAA may not be the biggest government regulatory agency and definitely not the most funded, top credence has always been given to their activities giving them a good number of personnel hired specifically to stay on the lookout for violations amongst marketers and medical professionals.

Therefore, if you would like to grow your practice and ensure that you are safe from any kind of danger. You should endeavor to conduct a thorough audit of your medical marketing campaigns and strategies to ensure that your activities are HIPAA compliant.