Practice Management Moment: HIPAA Compliance Issues Specific to the Digital Age of Medical Practices

Depending on the medical specialty, 61–71% of consumers choose to research providers before scheduling an appointment.

When it comes to your brand, a medical practice is like any other small business: you need positive customer reviews, and informative and trust-building website, and easy ways of contacting your staff to stay competitive and growing.

But being in a highly regulated industry, you also have to be extra careful when it comes to your digital presence.

All local businesses in the U.S. with an online presence are required to be compliant with digital ADA regulations — many of which have been developing over the past decade.

Meanwhile, HIPAA creates extra compliance issues specific to the healthcare industry.

1. Revealing Protected Health Information When Responding To Online Reviews Even if a patient reveals information about themselves when leaving a review of your practice, you cannot confirm this information in response without violating the HIPAA privacy policy.

2. Sharing A Patient Review Or Testimonial Without Written Permission Written consent is needed to disclose any PHI publicly, even if a patient has verbally agreed to you sharing the information.

3. Using Patient Images Online Without Written Consent Using any image or video of the patient without written consent is a HIPAA violation. This includes close-ups of specific body parts, x-rays, etc if these shots contain identifiable information about a person.

4. Using Non-HIPAA-Compliant Communication Tools If you’re communicating with a patient online via a form, survey, AI Chat, or even email, any tool you use either needs to be certified as HIPAA-compliant or you need a business associate contract in place with the creator of the tool to limit your liability.

Special thanks to DearDoc for contributing content!