HIPAA and marketing solutions

Click here for August 14, 2002 modifications.

The safeguards of data integrity, confidentiality and availability that the Health Insurance Portability and Accountability Act (HIPAA) mandate are familiar territory for Creative Marketing Programs.

In fact, we've been building and maintaining databases with these since 1985. And we've been using them to produce successful healthcare marketing based on sound business practices and the highest ethical principles.

HIPAA certification attests that CMP is compliant with the Act's requirements relating to privacy, confidentiality and security of individually identifiable health information.

The strict mandates of this sweeping legislation are complex and have great bearing on your relationships with business associates who help you market your products and services. Because of HIPAA's complex mandates, and the ramifications on your healthcare operations, you will be in a better legal defensive position if your business associate has a certification of HIPAA compliance.

CMP's unique expertise in healthcare customer relationship and data management, along with our sophisticated information systems technology, has prepared us well to follow HIPAA guidelines, including:

the maintenance of a suppression database file (e-mail, direct mail, telemarketing) that contains people who have chosen to "opt out" of communications, as well as those who have had an unpleasant experience at your facility
running all marketing communications lists against suppression files, and updating suppression files with National Change of Address (NCOA) monthly
developing appropriate messages that communicate benefits and provide justification for communications
writing appropriate business contracts for marketing services that comply with HIPAA regulations
applying appropriate HIPAA requirements to all marketing communications, including opt-out language as necessary
designing secure customer relationship databases to mitigate risk and comply with legislation
understanding and following individual state laws affecting HIPAA
continually monitoring industry developments

Creative Marketing Programs can help you maximize the impact of your healthcare marketing while in compliance with the latest HIPAA regulations. To maintain successful ongoing prospect and patient relationships, you can't afford not to have a partner like CMP.

Find out more about how you can benefit from Creative Marketing Programs' expertise. Please send us an e-mail (getresults@cmpkc.com), or give us a call at 800-373-6843.

Final Ruling of the Health Insurance Portability and Accountability Act of 1996

Department of Health and Human Services

Filed Wednesday August 14, 2002

The final modifications to the Privacy Rule were published in the Federal Register on August 14, 2002. The final regulations have been published on-line at http://www.hhs.gov/ocr/hipaa/finalreg.html.

What follows are direct quotes from page 53188 of the final ruling which sum up how patient communications from hospitals and other covered entities will be affected by the final ruling.

The essence of the final ruling is that covered entities, such as hospitals and physician groups, can communicate freely with their patients using protected health information (PHI). It doesn't matter if it is considered "marketing" or "health and wellness" as long as the communication is about the entities' own products and services.

In addition, healthcare organizations can disclose PHI information to a "Business Associate" such as Creative Marketing Programs of Kansas City to assist the entity in making those patient communications, provided there is a signed Business Associate Contract.

Pages 53262-53266 of the final ruling cover the changes to Business Associate Contract Provisions and a sample contract. Creative Marketing Programs is having our legal firm, EMR Legal, revise our standard Business Associate Contract to reflect these changes.

One of the main areas of concern by the ruling is the use of PHI to promote a third party's products and services. They stated that marketing is defined expressly to include:

"An arrangement between a covered entity and any other entity whereby the covered entity discloses protected health information to the other entity, in exchange for direct or indirect remuneration, for the other entity or its affiliate to make a communication about its own product or service that encourages recipients of the communication to purchase or use that product or service" If a communication qualifies as marketing, as stated above, you will need signed authorization from the patient.

There are State and Federal Online Privacy Regulations, which may be applicable to your organization if you collect information about individuals via your website. If you take a Permission Strategy approach asking for permission to send future communications (e-mail or direct mail), provide easy opt-out options that you honor and do not share collected information with other entities you will not violate any of the current regulations.

The Health Privacy Project website www.healthprivacy.org also has a section on the latest state privacy laws.

Although the current version of the final HIPAA rules do not require adopting a Permission Strategy approach, you may want to learn more about the benefits of taking this proactive approach to patient privacy.

Creative Marketing Programs is currently scheduling online demonstrations of "Permission Strategies for Healthcare Providers". If you or any of your staff are interested in sitting in on one of these sessions please e-mail us at getresults@cmpkc.com.

Back to top.


	TouchPoint Database New Mover Programs 1:1 Communications New Parent Programs CRM Strategies and Applications Testing E-Relationships Database Management Audience and List Selection Strategies Fulfillment Services Patient Privacy/Permission/HIPAA


	Click on the links above to find out more about CMP Programs and Services.