Kessler Creative HIPAA Compliance
At Kessler Creative, we work to protect our client's information no matter what industry they are in. From the government and financial industry to those working in insurance, nothing is more important than protecting their information. This is particularly true for our healthcare clients, as HIPAA compliance is a serious matter that can result in considerable financial and legal penalties should a violation occur.
How does the need for healthcare data security tie into marketing? Well, to provide our clients with the best possible support, it’s important to eliminate as many barriers as possible. If our team is unable to engage with certain sensitive information, it can become a large barrier. Kessler became a HIPAA-compliant agency to provide guidelines for our staff and clients on handling their sensitive data.
Guidelines such as protecting the privacy of a patient’s personal/health information include providing physical and electronic security of personal health information. They also include implementing standardized Code Sets and Transactions for simplified billing.
By becoming a HIPAA-compliant vendor, we open the door for a closer working relationship with our clients. This allows us to fine-tune their campaigns and provides us with a clearer picture of how effective their marketing has been -- all while ensuring their data is safe and secure.
What is HIPAA?
According to the CDC, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 is “a federal law that requires the creation of national standards to protect sensitive health information from being disclosed without the patient’s consent or knowledge.”
There were many objectives for this piece of legislation, one of the most significant being the protection of Private Health Information (PHI). PHI includes patient information that is transmitted or maintained in any form relating to the past, present, or future physical/mental health condition of an individual.
Over the years since the act was passed, HIPAA regulations have slowly become more defined through the addition of several different rules. Important sections of these rules are included below.
Privacy rules pertain to a patient’s rights to either allow or deny access to their Protected Health Information (PHI) to a given entity. Kessler routinely receives PHI information such as the combination of addresses, dates (Birth, Marriage, etc.), telephone (Home, Mobile, Business, etc.), medical & patient numbers, insurance plans, and email addresses. Any type of patient health information is considered protected at Kessler and will not be shared with anyone not involved in processing the client’s work.
This rule includes a set of standards highlighting the protocols that must be followed in the event of protected health information or electronic protected health information data breach. The State of Florida also has laws regarding the protection of confidential patient information FIPA (Florida Information Protection Act) and reporting breaches.
The security component includes a set of standards for the ways that electronically protected health information should be maintained, handled, and transmitted.
The omnibus rule mandates that all business associates be HIPAA compliant.
Important Note: Kessler employees are trained annually on these HIPAA policies and procedures that affect their work.
In a world where more marketing is being done online, it’s critical for your marketing agency to be HIPAA compliant. Keeping our clients aware of how sensitive data is handled may seem unnecessary, but clients often do not realize just how much their data is considered protected health information.
HIPAA’s biggest concerns revolve around protecting against the dissemination of incredibly sensitive information, such as Personally Identifiable Information (PII). But it also ensures policies are put in place in the organization to minimize areas where a breach can occur such as through emails or data storage. Your marketing agency will most likely need access to some PHI or PII to effectively work with you.
The following are examples of areas in which a marketing agency will likely require access to Protected Health Information.
Whether it’s in a blog/video, social media post, or in any kind of ad campaign, patient testimonials can be a powerful tool shedding light on your services and what they can do for potential customers.
However, to create that sort of content, HIPAA compliance is a must. Revealing anecdotes about one of your patients can potentially expose their Protected Health Information.
Many healthcare websites must collect sensitive information, so they must be heavily protected to ensure HIPAA compliance. If a marketing agency requires access to your website, they must also be HIPAA compliant to ensure data access is safeguarded to only authorized users.
If you plan to use any sort of email marketing, you’re likely going to provide patient emails to your marketing agency. Emails are considered electronic Protected Health Information (PHI) making HIPAA compliance vital in email marketing as well.
Many companies encourage patients who have had a positive experience with them to leave a review online. In the case of healthcare companies, putting this task in the hands of a marketing agency means that the agency must be HIPAA compliant, as phone numbers and emails are considered Protected Health Information (PHI).
At Kessler Creative, one of our primary concerns in working with our clients is to ensure the protection of their sensitive data. We follow all national guidelines for the secure maintenance, transmission, and handling of electronic private health information in all our marketing services.
Whether your data is HIPAA sensitive or not, we transfer all marketing mail lists and data files through Citrix ShareFile, an encrypted file-sharing platform. This process is quick and simple:
- An access link to your personalized Citrix ShareFile will be emailed to you by an account executive
- You can create an account and log in
- You’ll drag and drop your file into the folder or browse your file locations to find the file you're looking to transfer
- Once you’ve uploaded your file, you can log out
Ensuring HIPAA compliance in your marketing is a serious matter, but it doesn’t have to be overly difficult or complicated. At Kessler Creative, we strive to make it as simple and easy as possible for our clients.