HIPAA: How Does It Relate to Marketing?

by Patty Johnson on Tuesday, September 06, 2011 8:55 AM

Throughout the years I have been working in O&P, we have written some amazing and inspirational patient feat ures for our clients. We’ve created newsletters to tell their stories and promote new technologies for amputees and individuals with orthopedic conditions, and we have always provided a release form for patients to sign. Recently, I have started to think about the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and how it relates to marketing our clients’ businesses. Are we following the rules when we write a patient feature? Are we taking the correct steps to ensure we are sharing the right information? I decided to dig a little deeper and find out how HIPAA and marketing correlate.

First, let’s look at the definition of marketing, according to HIPAA:

  • Marketing is any communication about a product or service that encourages recipients to purchase or use the product or service. 
  • It is an arrangement between a covered entity1 and any other entity where the covered entity discloses protected health information2 in exchange for direct or indirect compensation. With this information, the other entity makes a communication about its own product or service that encourages recipients to purchase or use that product or service. 

For example, it is considered marketing when a health plan sells a list of its members to a company that sells blood glucose monitors, which, in turn, intends to send the plan’s members brochures on the benefits of purchasing and using the monitors.


If information is to be used for marketing, the covered entity must obtain authorization. Orthotists and prosthetists are considered covered entities (healthcare providers), and it’s vital to follow the correct steps when it comes to obtaining authorization, or permission, to communicate marketing messages. 

Authorization is more than a signature. It is a detailed document that gives covered entities permission to use protected health information for specified purposes. These purposes do not generally include treatment, payment, or healthcare operations. The authorization must specify:

  • Description of the protected health information to be used.
  • The person authorized to make the use or disclosure.
  • The person to whom the covered entity may make the disclosure.
  • An expiration date or event.
  • Purpose for which the information will be used.

Authorization is not required when the communication occurs face-to-face such as talking about treatment options, products, and other health-related services or involves a promotional gift of nominal value, such as calendars, pens, coffee cups, etc. Authorization also is not required for treatment reminder postcards; however, they should avoid information about the patient’s condition. If your practice sends out “Happy Birthday” cards, the year of the birth should not be included. The patient has the right to be taken off any such mailing list.


Now, the big question: Can you still use names, pictures, and personal information in your newsletters for patient feature stories? You can include this content in your newsletters, but you must give the patient advance notice and an opportunity to limit any identifiable information used in the story. If a person requests that information be withheld or refuses to give you permission, the information cannot be used. The patient also has the right to retract previous authorizations; if the patient does this, he or she must be removed from the newsletter and/or other marketing materials. 

I also wondered about the product updates that are sometimes included in a newsletter. Is it violating HIPAA rules when we feature a new product? That information can be shared if your company, the covered entity, is informing patients about a new service or product that the company provides.

This may be a dry topic, but it is an important one. The main message is to be honest with your patients, respect their privacy, and make sure follow the correct steps when marketing.  

To learn more about HIPAA and marketing, visit www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/marketing.html


  1. A healthcare provider that conducts certain transactions in electronic form, a healthcare clearinghouse, a health plan.
  2. Individually identifiable health information held or transmitted by a covered entity, in any form or media, whether electronic, paper, or oral.




Thanks mat for this wonderful information about HIPAA: How Does It Relate to Marketing. <br /> <br /> Thanks.

by Hosting Provider India on Wednesday, September 07, 2011 12:10 AM #

Great article, really worth the read! Thanks for your hard work. Please keep posting these great articles. <br />&lt;a href=&quot;<a href="http://www.snapback25.com/index.php/diamond-supply-co-snapback-hats.html&quot;" rel="nofollow">www.snapback25.com/.../...snapback-hats.html&quot;</a> rel=&quot;dofollow&quot;&gt;Diamond Supply Snapbacks&lt;/a&gt;

by Jim Bron on Saturday, July 28, 2012 5:24 PM #

I need to to thank you for this good read!! I absolutely loved every little bit of it. I have got you book marked to check out new things you post… <br /> <br />Here is my blog -&nbsp;&nbsp;okshop - <a href="http://www.okshop.com/" rel="nofollow">http://www.okshop.com/</a>

by okshop on Sunday, July 13, 2014 7:03 PM #

Add comment