Connect with us


Following These Simple Strategies Will Keep You HIPAA-Compliant

Here are some best practices in four key categories.




Following These Simple Strategies Will Keep You HIPAA-Compliant

MILLIONS OF AMERICANS search online for healthcare information, so digital marketing is crucial to your growth. But digital media treads a thin line between connecting with patients and violating HIPAA regulations. Here are some best practices to ensure your digital strategies are HIPAA compliant:


Data on any forms provided on your website must be encrypted. Do this by using an EHR for communicating with patients, or installing an SSL (secure sockets layer) certificate on your server. Your server should have antivirus protection, a firewall, offsite backup, OS patch management and encrypted server data. Lastly, you must have an up-to-date privacy policy written on your site.

Social Media

Social media is particularly risky. You have to ensure that outgoing messages refrain from disclosing personal health information (PHI) but you may also have people reaching out with medical queries. The rule of thumb is to treat non-patients like patients and protect their PHI in the same way. 

Keep public answers general. Avoid engaging in discourse about specific treatments, conditions or experiences and invite parties to call you. Keep in mind that personal identifiers go beyond a name and a face and can include a date, location, contact information or any other identifiable numbers or information. Keep personal accounts separate from office ones and ensure all staff are trained.



General email marketing is not problematic but when a patient or potential patient emails your office, keep responses generic and invite them to call the office. Recommend that personal information not be disclosed via email.

Online Reviews

If a patient offers PHI in the public sphere, this doesn’t mean they consent to you confirming their status as a patient. If a patient reviews your practice online, do not confirm their patient status in your response. Nevertheless, it’s important to respond to reviews. In the case of a negative review, reply that your office takes customer satisfaction seriously and invite the reviewer to call the office.

Keep in mind that in the digital media age, correspondence is easy, public and in many cases, permanent (meaning it can’t be deleted or erased). It’s also very easy for PHI to inadvertently be exposed.  Make it an office policy to keep any specific correspondence to secure networks, phone or in-person communication. Lastly, encourage your staff to stop and ask if they are unsure about how to proceed.


Nancy Rausman is managing editor at EyeCarePro, providing ECPs with educational content that helps them advance their practices through technology, management strategies and digital marketing. EyeCarePro is one of the leading providers of online marketing and practice improvement services in the optometric industry. Contact her at


Turn Patients Into Loyal Eyewear Shoppers

80% of patients are browsing eyewear online, are you influencing patients online before your competition? Join thousands of practices thriving with Optify, voted the #1 optical sales tool by EyeVote. Empower your opticians to save time, increase optical revenue, and maximize your EHR data and website with a seamless optical plug-in that keeps patients buying from YOU! Now through August 31st receive a $25 UberEats® gift card when you complete a 15 min demo. Book your demo here..

Promoted Headlines






Get the most important news and business ideas for eyecare professionals every weekday from INVISION.


Most Popular

Link partner: indobet autowin88 vegasslot77 mantra88 ligasedayu warungtoto login sbobet vegas4d indobet ingatbola88 ligaplay dewagg hoki368 qqnusa ligagg zeus138 bro138 bos88 ligaciputra