In most industries, marketing has gone digital. In healthcare, however, many providers are reluctant to use digital marketing techniques due to concerns about HIPAA, related privacy and security concerns, and technology compatibility issues. While most industries move away from the distribution of widespread email campaigns in favor of targeted social media and demographic-driven efforts, healthcare marketing lags behind. David M. Adler will discuss the changing nature of marketing, barriers to entry for digital healthcare marketing efforts, the growing use of content marketing and social media, and how electronic marketing strategies (email marketing, online scheduling, etc.) and customer-oriented services can help market to providers, patients, and third-party service providers.
3. Barriers to entry for Digital Healthcare marketing efforts
Unique
Challenges
Privacy &
Security
Tech
Compatibility
4. Legal Obstacles
There are Issues around Patient Access & Data
• Traditional Marketing Methods are Changing
(Online)
• Physicians
• HIPAA
• Affordable Care Act
• FTC
• Devices/IoT
• State Laws/Regulations
5. Legal Obstacles: Online Access
Online
Health
Info
72%
Searched
35% Self
Diagnose
52% Use
Smartphones
70% Track
Health
Indicators
15% Track
Using Med
Device or
Phone
6. Legal Obstacles: Physician Considerations
Physicians control ACCESS to Patients:
• Prescribe/Test New Devices
• Role as Medical Directors
• Investors
• Participation in studies
• NOTE: Subject to Self-Referral & Anti
-kickback Rules
15. Thank You!
David M. Adler | ADLER LAW GROUP
Safeguarding Ideas, Relationships & Talent®
866.734.2568
www.adler-law.com
David@adler-law.com
adlerlaw.wordpress.com
@adlerlaw
Editor's Notes
There is a LOT to discuss when it comes to Marketing.
Depending on your role and your goal, there can be any number of intellectual property, reputational, advertising, privacy and security issues.
At the industry or market level there are additional state and federal regulatory and ongoing legislative concerns.
Healthcare is the most-heavily regulated industry so marketing legal and regulatory compliance is additionally burdensome.
Awareness of the regulatory landscape will help one identify trends and reduce compliance risks and headaches.
Data consumption. diagnostic reports, patient treatment histories, records, communications
Improved communication. Email, messaging, social networks
Portal technology. Patients access personal information remotely
Remote monitoring. Telehealth
Accelerated adoption. Changes in healthcare laws, insurance forcing changes
Mobile apps. Personal health monitoring and treatment.
Challenges: highly regulated
Privacy & Security: HIPAA, FTC, Third-party Controls (Cloud Services, EHR/EMR, Messaging, Platform/Network (Telehealth).
Tech: Many platforms, many unique standards and low interoperability, Payor-directed systems and software applications
Pew Internet is populated by reports that show Americans increasingly turn to digital resources to access information about and directly contribute to their own participation in the health care of themselves or loved ones.
The digital channel is the premier method to contact and provide services to patients, etc.
Success is dependent on two factors, access to actionable patient intelligence and 2) privacy and security compliance.
HIPAA Privacy Rule -marketing purposes.
Framework – authorization for any use or disclosure of PHI for marketing.
“Marketing” generally a communication about a product or service that encourages recipients of the communication to purchase or use the product or service.
Permits face-to-face
Permits promotional gift of nominal value.
Prior to HITECH Act, three communications were excluded:
(i) plan of benefits;
(ii) communications made for the treatment of the individual; and
(iii) case management, care or treatments.
Platform Issues
FDA: Product Labeling: 4 sources info: (1) toll-free #; (2) referral to print ad (QR code); (3) referral to a healthcare provider; (4) an Internet web page.
HIPAA: (1) Responding to patients; (2) posting photos/comments (training); vendors (marketing partners)
Who is responsible for Data security?
PHI- anonymization and de-identification
Mapping data-location and control (vendors change)
Empowerment/enforcement
WHERE is the data?
Multiple access
Multiple stakeholders
External factors v internal factors
Review and updates privacy & security policies periodically
Web & App Privacy Policies
Information security Plan
Consider Privacy/Data Risk assessment inputs:
IT
OPERATIONS
LEGAL
HR
FINANCE
PRODUCT
SALES
MARKETING
ENGINEERING
OTHER
FTC v. Wyndham
1) Store sensitive information in encrypted format;
2) Prohibit use of easily-guessed passwords (especially changing “default”/factory-settings);
3) Use “readily available security measures” such as firewalls to limit access systems, company’s network, and the Internet;
4) Implement information security policies and procedures that prohibits out-of-date operating system and failure to maintain security updates;
5) Prohibit use of “default user IDs and passwords;
6) Maintain an inventory of computers connected to the network;
7) Restrict access of third-party vendors by specified IP addresses or temporary, limited access;
8) Employ reasonable to detection and prevention measures; and
9) Follow “proper incident response procedures” (e.g. failing to identify similar attack methods or malware).