Here’s the truth. When it comes to HIPAA, many practice owners are overwhelmed by the often ridiculous and burdensome regulations and requirements. But, that doesn’t absolve you of the potential legal troubles that could arise from neglecting the requirements.

In addition to the protocols, procedures and safeguards your practice must follow to ensure compliance, you’re also required to have all vendors sign Business Associate Agreements. That includes your marketing agency or marketing service provider.

Although most HIPAA smack-downs tend to be directed at large health systems, HIPAA failures have cost practices like Allergy Associates of Hartford $125,000 in fines. Elite Dental (a now closed solo practice) agreed to pay $10,000 for a single complaint regarding a Yelp review reply (source). 

When it comes to marketing, any patient information in the form of marketing leads that contain names, phone numbers, emails and more are considered PHI and this means any marketing agency you work with needs to be trained in HIPAA compliance, follow required protocols and procedures to the best of their ability, have processes for protecting data and documenting breaches, AND they need to sign a Business Associate’s agreement.

At Med Spa Magic Marketing (dba of Shockley Marketing LLC), we receive annual training and certification from Compliancy Group to ensure we’re helping you reduce the potential financial risks your practice could face by engaging in non-compliant behavior when it comes to marketing and advertising.

Is your agency HIPAA compliant and do you have a signed Business Associates agreement in place?

Want to schedule a time to chat? Book a free strategy call with me here: