<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=879451795530434&amp;ev=PageView&amp;noscript=1">

Is Your Plastic Surgery Practice Marketing & Website HIPAA Compliant?

Sep 22, 2016 9:30:00 AM


If you are determined to embrace the success of inbound for your practice you need to put more thought into your website and marketing than the restaurant down the street. As a medical based practice, you should familiarize yourself with HIPAA’s Privacy Rule, Security Rule and how data must be encrypted. 

In this blog post we will cover:

  1. High-level protection to look for from your web host & email host

  2. 7 Inbound Marketing ideas that are HIPAA compliant

As you know as a practitioner, all patients reserve the right to keep their information private, whether that be in the form of a conversation, written information, or EMR.

Federal regulations have been enacted to ensure patient privacy as more U.S. hospitals use EMRs. In fact, it was only 2003 that we saw some progress in national privacy standards for medical information.

There are two rules under HIPAA. The HIPAA Privacy Rule applies to protected health information(PHI), which includes all "individually identifiable health information" that is transmitted or maintained in any format or medium. The Security Rule requires institutions to establish data security measures only for PHI that is maintained in electronic format, called electronic protected health information (ePHI). The Security Rule does not apply to PHI that is transmitted verbally or in writing.

Medical institutions that use ordinary hosting services may be putting their patients' confidential information at risk and violating HIPAA rules.

High-level Protection From Your Web/Email Host

Data is always encrypted as it passes to and from the cloud. But to be compliant with the high-level protection needed for information, your website will require different control mechanisms to safeguard information.

Because of patients’ rights under HIPAA, it’s important to watch for security processes and policies on data dissemination. Keep a close watch on how patients implement authentication, audit controls, and access consent processes to reduce the risk of information leak.

In the event of a threat or an attack to the server, Web hosts are expected to carefully monitor systems and promptly implement lockdowns to ensure that no data will be compromised. Being attentive to details will keep patients’ data safe. When looking for a web host or reviewing your current host, check these certain data restrictions are applied in compliance with the HIPAA Security Rule.

Moreover, your host can implement these steps to further consolidate your protection:

  • Check if your host can run activity log files and audits even at the packet layer.

  • Ask your hosting if they can log in IP traffic up until the virtual server instance.

  • Clarify if they offer automatic backups for long-term storage. Under HIPAA, entities are required to have a backup plan in case of an emergency.

If you’re planning to do an email marketing campaign for your future website, it’s ideal if you can avail HIPAA-compliant services similar to these:

  • 128-bit encrypted email systems

  • “Contact Us” forms that are HIPAA-friendly

  • CAPTCHA screen security

  • Site-secure website monitoring

  • Audits for security flaws

  • Communicating with patients through patient portals

Be sure your hosting company’s services fully comply with HIPAA’s requirements. (source: kuno)


Inbound Marketing Ideas for HIPAA-Friendly Sites

Just because your site is HIPAA-compliant doesn’t mean you can’t implement marketing efforts. Here are a few tactics that often work for healthcare companies:



Check out this testimonial page from a compliance solutions company. If you offer HIPAA compliance services, testimonials from your clients can help convince others your business is reliable, boosting your authority.

These statistics bear out the theory that testimonials are powerful:


Catching a user’s attention after he exits your site can be achieved through retargeting or PPC online ads. Because 77 percent of online health seekers start with a search engine before they decide on a healthcare provider, retargeting establishes brand familiarity that helps in searches, click-through rates and eventually turning a visitor to a customer.



If you’re looking to establish your website as an authority in wellness marketing, you can drive traffic down the conversion funnel with content offers. For example, offer a free vaccine guide in exchange for non-medical information about your website visitors. Attracting interested parties to your website, converting them into leads and nurturing them down the sales funnel can create more patients or customers through your content.

While the core of your website must be HIPAA-compliant, you may want to consider using a second platform that specializes in content and inbound marketing, such as HubSpot. By integrating calls-to-action, landing and confirmation pages built on HubSpot to your main platform, you can easily track your website users’ engagement on your site.



You must be thinking it’s ridiculous to send emails, especially in this industry. To quote Content Strategist Carrie Dagenhard on healthcare and email marketing:

“Whether you run a hospital or a private practice, a healthcare tech business or a home health service, communication is essential to building lifelong trust from your customers.

“By engaging in regular communication, you can help keep your brand top of mind, share thought leadership and open up important conversations. By sending well-crafted, personalized messages regularly, you can inspire your subscribers to engage in return by viewing your blog or reaching out through a contact form.”

Again, utilizing a second platform for email marketing helps make these efforts easier to build and track.



Use your social media channels to promote and engage with your clients. Social networking sites are more personalized, and you’ll be able to attract a lot of visitors to your site with it. A Facebook Page alone can help you gain credibility with its ratings and reviews panel; the more positive reviews you have the more you will build trust around your brand. Promptly dealing with negative reviews will also help maintain brand integrity, as people will appreciate that you do your best to resolve problems.



Hospitals with EMRs will likely get inquiries from patients on how to get their information from the database. While this does not directly affect conversions, it is important to remember that word-of-mouth marketing affects consumer behavior as it can make or break your marketing efforts. A negative review handled poorly can affect your brand, especially if it violates either the Privacy Rule or the Security Rule. Patient confidentiality is top priority above anything else.



Marketing is a wash-rinse-repeat procedure. You continuously adapt your strategy to different times in the marketing sphere. However, I’d like to reiterate that we should consider marketing as a wash-rinse-sanitize-repeat procedure. It’s not enough to rinse away the negativities; you should commit to not make the same mistake again. Using feedback tools, you can gauge the effectiveness of your marketing campaign. Have you neglected anything? Are features on your site not working? Do you need more data to determine whether you need to revise your marketing strategy? Using surveys is the way to go. (source: kuno)


There’s no certain way in knowing if a hosting service is HIPAA-accredited, but asking your chosen company about their services will give you an idea if they are compliant. If you are looking at redesigning your practice website ensure you are in bed with the right partners.  Outlet Creative Group offers the highest level of quality hosting and security for our clients and can help you implement a stellar inbound marketing campaign.


Get Your Voice Heard

Start Now