Legal Obstacles in Digital Marketing for Healthcare Companies
•Download as PPTX, PDF•
1 like•4,058 views
In most industries, marketing has gone digital. In healthcare, however, many providers are reluctant to use digital marketing techniques due to concerns about HIPAA, related privacy and security concerns, and technology compatibility issues. While most industries move away from the distribution of widespread email campaigns in favor of targeted social media and demographic-driven efforts, healthcare marketing lags behind. David M. Adler will discuss the changing nature of marketing, barriers to entry for digital healthcare marketing efforts, the growing use of content marketing and social media, and how electronic marketing strategies (email marketing, online scheduling, etc.) and customer-oriented services can help market to providers, patients, and third-party service providers.
Recommended
More Related Content
More from Adler Law Group
More from Adler Law Group (14)
Recently uploaded
Recently uploaded (20)
Legal Obstacles in Digital Marketing for Healthcare Companies
- 1. Legal Obstacles in Digital Marketing for HealthCare Companies
- 2. Widespread Digital Tech Has Transformed Marketing Overview
- 3. Barriers to entry for Digital Healthcare marketing efforts Unique Challenges Privacy & Security Tech Compatibility
- 4. Legal Obstacles There are Issues around Patient Access & Data • Traditional Marketing Methods are Changing (Online) • Physicians • HIPAA • Affordable Care Act • FTC • Devices/IoT • State Laws/Regulations
- 5. Legal Obstacles: Online Access Online Health Info 72% Searched 35% Self Diagnose 52% Use Smartphones 70% Track Health Indicators 15% Track Using Med Device or Phone
- 6. Legal Obstacles: Physician Considerations Physicians control ACCESS to Patients: • Prescribe/Test New Devices • Role as Medical Directors • Investors • Participation in studies • NOTE: Subject to Self-Referral & Anti -kickback Rules
- 7. Legal Obstacles: HIPAA • HIPAA Privacy Rule • Framework • “Marketing” • Some Transactions Permitted • HITECH Act/Megarule • Financial Remuneration
- 8. Legal Obstacles: Content FTC tasked with Safeguarding Consumers & Markets Digital Marketing Practices = Fertile Ground For FTC • Focus on Uses/Abuses of “Big Data” • HTC - Privacy By Design • Online Advertising Disclosure Guidelines • COPPA Rule • CAN-SPAM Act • Technical Notice & Consent Issues • Civil Litigation: ★ Google Double-Click (Tracking cookies)
- 9. Legal Obstacles: Social Marketing
- 10. Best Practices 1. Review collection practices
- 11. Best Practices 2. Review marketing partners
- 12. Best Practices 3. Privacy Policy Tune-up | DNT, Online Eraser
- 13. Best Practices 4. Put systems in place
- 14. Best Practices 5. Data Collection, Storage & Use
- 15. Thank You! David M. Adler | ADLER LAW GROUP Safeguarding Ideas, Relationships & Talent® 866.734.2568 www.adler-law.com David@adler-law.com adlerlaw.wordpress.com @adlerlaw
Editor's Notes
- There is a LOT to discuss when it comes to Marketing. Depending on your role and your goal, there can be any number of intellectual property, reputational, advertising, privacy and security issues. At the industry or market level there are additional state and federal regulatory and ongoing legislative concerns. Healthcare is the most-heavily regulated industry so marketing legal and regulatory compliance is additionally burdensome. Awareness of the regulatory landscape will help one identify trends and reduce compliance risks and headaches.
- Data consumption. diagnostic reports, patient treatment histories, records, communications Improved communication. Email, messaging, social networks Portal technology. Patients access personal information remotely Remote monitoring. Telehealth Accelerated adoption. Changes in healthcare laws, insurance forcing changes Mobile apps. Personal health monitoring and treatment.
- Challenges: highly regulated Privacy & Security: HIPAA, FTC, Third-party Controls (Cloud Services, EHR/EMR, Messaging, Platform/Network (Telehealth). Tech: Many platforms, many unique standards and low interoperability, Payor-directed systems and software applications
- Pew Internet is populated by reports that show Americans increasingly turn to digital resources to access information about and directly contribute to their own participation in the health care of themselves or loved ones. The digital channel is the premier method to contact and provide services to patients, etc. Success is dependent on two factors, access to actionable patient intelligence and 2) privacy and security compliance.
- HIPAA Privacy Rule -marketing purposes. Framework – authorization for any use or disclosure of PHI for marketing. “Marketing” generally a communication about a product or service that encourages recipients of the communication to purchase or use the product or service. Permits face-to-face Permits promotional gift of nominal value. Prior to HITECH Act, three communications were excluded: (i) plan of benefits; (ii) communications made for the treatment of the individual; and (iii) case management, care or treatments.
- Platform Issues FDA: Product Labeling: 4 sources info: (1) toll-free #; (2) referral to print ad (QR code); (3) referral to a healthcare provider; (4) an Internet web page. HIPAA: (1) Responding to patients; (2) posting photos/comments (training); vendors (marketing partners)
- Who is responsible for Data security? PHI- anonymization and de-identification Mapping data-location and control (vendors change) Empowerment/enforcement
- WHERE is the data? Multiple access Multiple stakeholders External factors v internal factors
- Review and updates privacy & security policies periodically Web & App Privacy Policies Information security Plan
- Consider Privacy/Data Risk assessment inputs: IT OPERATIONS LEGAL HR FINANCE PRODUCT SALES MARKETING ENGINEERING OTHER
- FTC v. Wyndham 1) Store sensitive information in encrypted format; 2) Prohibit use of easily-guessed passwords (especially changing “default”/factory-settings); 3) Use “readily available security measures” such as firewalls to limit access systems, company’s network, and the Internet; 4) Implement information security policies and procedures that prohibits out-of-date operating system and failure to maintain security updates; 5) Prohibit use of “default user IDs and passwords; 6) Maintain an inventory of computers connected to the network; 7) Restrict access of third-party vendors by specified IP addresses or temporary, limited access; 8) Employ reasonable to detection and prevention measures; and 9) Follow “proper incident response procedures” (e.g. failing to identify similar attack methods or malware).