Why Your Marketing Vendor May Be a HIPAA Landmine in Disguise – Diffusing Marketing Landmines – Part IV

Maintaining compliance with HIPAA, TCPA, the FTC, and the host of other regulatory boards is complicated. An inadvertent error can result in massive fines, but there is much to be gained from a smart online strategy if you avoid the minefield of potential violations. For the next five weeks, we’re breaking down five marketing landmines that risk HIPAA and regulatory compliance. Each article will cover one of the five landmines, and each article will conclude with an opportunity for readers to download a white paper that explains all five landmines in greater detail. Our goal is to help you ask the right questions about your practice; and ask your vendors the right questions. If they get HIPAA wrong, you will be the person who burns. Let’s get started.


If you work with a third party vendor (also known as Third Party Administrators or Business Associates) to capture reviews for posting online, HIPAA applies. With the potential for steep consequences, covered entities should be vigilant about third party business agreements. This means the vendor should be a formal HIPAA Business Associate with signed documentation acknowledging as such and they must securely store and transmit Protected Health Information (PHI). We already know random HIPAA audits are here. Do NOT take shortcuts.

If the vendor is not a HIPAA Business Associate, and you provide PHI to this vendor, you need a valid HIPAA compliant authorization from each patient to disclose Protected Health Information to this vendor. Even if a vendor IS a HIPAA Business Associate, they will still need a valid HIPAA compliant authorization if they disclose PHI to the public – a patient review, for example. Make sure your Business Associate agreement indemnifies you if the vendor creates a HIPAA problem.

Consider this real life example…

A plastic surgeon took before and after pictures of his patient. The patient gave written authorization to use these photos on his website. The patient’s only restrictions: Her eyes must be covered with black stripe and her name not be revealed. The surgeon’s vendor had software to make these changes for upload. While the doctor’s website (also managed by the vendor) honored these requests, Google indexed the full set of pictures exposing the patient’s full face and her name. Both were revealed in a search of the patient’s name. Perhaps the vendor’s software was inadequate. The practice had properly engaged the vendor with a formal HIPAA Business Associate Agreement obligating it to appropriately safeguard protected health information as required by HIPAA and HITECH. The agreement also indemnified the surgeon for any legal or regulatory fallout.

Download Full White Paper
By | 2017-07-14T11:08:22+00:00 May 16th, 2017|Compliance, Marketing, Practice management|7 Comments

About the Author:

Helping patients find the best doctors online. Helping the best doctors be found online. At eMerit®, we focus on managing your Dental or Medical Identity toward a sustainable and growing business – where both doctors and patients thrive. And we minimize distractions away from patient care while meeting your business objectives by transforming everyday patient interactions into growth drivers. At eMerit, we take your Medical Identity® personally.

7 Comments

  1. xsmb soi cau bach thu May 22, 2017 at 4:31 am - Reply

    Ꭲhat is гeally attention-grabbing, Уߋu’re ɑn overly professional blogger.
    Ι havᥱ joined yօur feed and sit up foг in quest of extra of үour great post.
    Also, Ι’vᥱ shared yoᥙr site in my social networks

  2. http://thongkemb.com/ June 16, 2017 at 2:45 am - Reply

    Јust wanna sɑy that this іs handy, Thanks foг taking your timе to wrіte
    this.

  3. house business June 16, 2017 at 3:07 am - Reply

    Oh my goodness! Incredible article dude! Many thanks, However I am experiencing issues with
    your RSS. I don?t know the reason why I am unable to subscribe to
    it. Is there anybody else having identical RSS problems?
    Anybody who knows the answer can you kindly respond?
    Thanx!!

  4. du doan xsmb hom nay June 20, 2017 at 2:35 pm - Reply

    Respect to website author, ѕome excellent entropy.

  5. nội thất số 1 June 20, 2017 at 8:53 pm - Reply

    I ɑm continually browsing online for articles that can hеlp me.
    Thanks!

  6. dollescort.com June 21, 2017 at 5:39 am - Reply

    Awesome! Itts really remarkable piece of writing,
    I have got much clear idea about from this piece
    of writing.

  7. linkbong August 9, 2017 at 3:12 am - Reply

    Hi, I think y᧐ur site migһt be hɑving browser compatibility issues.
    Ԝhen I look at your blog іn Chrome, іt ⅼooks fine bսt
    ѡhen ߋpening in Internet Explorer, it һas some overlapping.
    I jᥙst wanted to give you a quick heads up!

    Ⲟther then thɑt, terrific blog!

Leave A Comment