Datica Blog

4 PHI Marketing Special Cases

Kris Gösser

Kris Gösser

VP of Marketing

May 3, 2016

In modern daily practice, healthcare professionals can utilize patient protected health information (PHI) to “market” various alternative remedies or products, without formal authorization from the patient / beneficiary. To start off clearly, marketing is the communication of a product or service that encourages the purchase or use of said product or service. Under the HIPAA Omnibus Rules legislation passed in 2013, marketing interaction in healthcare is severely limited. Within the Omnibus Rules is stated that prior to a compensated covered entity recommending third party products or services, that entity must first receive the proper authorization to use patient PHI. For example, an entity must officially notify and authorize patients to obtain or distribute supplements from a third party that also pays the entity a commission. Furthermore, if the entity apportions any products and receives payments/discounts for bulk purchases, the entity must have a statement of disclosure that patients can review that states the entity may sell them products or services in return for recompense of sorts from a third party. Doesn’t that sound like a very uncomfortable conversation? Thankfully, it doesn’t have to be.

The best method to proceed with the desired marketing is to add an explanatory statement about the participation in these business arrangements within the necessary HIPAA Patient Acknowledgement form. Entities must ensure the phrasing is concise, simple, while stating the patient advisement in agreement with the current HIPAA legislation. Often highly encouraged is to include a Third Party Remuneration paragraph just in case of participation in third party compensation promotions or programs. This rhetoric can be suitably customized but must clearly advise patients of participation in all programs that provide repayments.

Much the same, Business Associates who receive similar payment models must also receive patient authorization, even in cases where the covered entity receives no gains. All addressable under the Omnibus Rule are four special cases to making use of PHI in marketing efforts:

1. Direct Marketing

Firsthand, personal marketing communications are actually not liable to the authorization requirement, such as a pamphlet presentation to a consumer.

2. Refill Reminders

Excluded from patient consent are reminders for refill services. There is a catch though; Omnibus Rules states compensation for a refill reminder service must be sensibly related to the covered entity’s cost. Specifically, these costs are limited to supplies, labor, and postage. Additionally, there are other services similarly classified: generic equivalents communication, directed medication adherence, self-administered biologics or drugs, and delivery systems, such as an insulin pump.

3. Payments-In-Kind

Payments in absence of actual money or payments that execute a disease management program are admissible.

4. Reasonable Propaganda

Everyone loves presents, but be mindful as to what is legally admissible and inadmissible. Miniscule valued propaganda gifts are not bound to the authorization requirement.

**There you have it. Those are the four special cases to marketing with PHI. Hopefully this was insightful, and provides a sense of necessary awareness. HIPAA and all of its accompanying mandates are intense and complex. At Datica, we are trying to simplify as many of these convoluted healthcare topics as possible so you don’t have to. Don’t do it solo! You are not alone in feeling overwhelmed by the incessant twists and turns of this industry. Many healthcare professionals feel the same way. That is our motivation. **

Questions? Reach out to us directly, tweet us, or provide us your contact information to the right. We’ll solve your problem so you can focus on your solution.

Earlier

Data-Enabled ≠ Data-Driven

In healthcare’s current transformational model, organizations are moving from paper-based organizations to data-enabled organizations. Healthcare should not become completely data-driven nor rely solely on decision automation because there is a human component that must be addressed. Besides some necessary operational alerts and such, there are nuances involved in a primary care relationship that simply cannot be captured by a machine.

Next Post

Joint Commission Allows Secure Texting

In last month’s edition of the Joint Commission Perspectives, the Joint Commission ended its ban on text messaging for healthcare providers, reversing its 2011 prohibition for these recognized healthcare entities. The Joint Commission is finally embracing modern technology, and these updated regulations permit customers like ours to freely produce, promote, and integrate their secure text messaging solutions.