Third-party tools and your healthcare website

There are a myriad of tools available, but practices should still be cautious.

In 2022, there is no shortage of tools and integrations available for your marketing website. Many of them take little more than a few clicks to implement and tout lengthy lists of benefits. We’re all looking to save time and money and enhance efficiencies, but I’d encourage healthcare organizations to proceed with caution when it comes to these types of offerings.

Now, I’m not suggesting that all third-party tools are off-limits. That’s simply not the case. But the reality is that — like all other portions of your healthcare organization’s marketing plan — the tools you use on the web are subject to the rules and regulations set forth by the Health Insurance Portability & Accountability Act (HIPAA).

Today, I’d like to discuss a few questions you should ask before implementing a new tool on your website to prevent opening yourself, your practice, or your patients up to the ramifications of potential HIPAA violations.

  1. Is this tool HIPAA compliant? This one may seem obvious, but I’ve seen healthcare organizations make mistaken assumptions about HIPAA compliance. Any information a prospective patient submits online is considered protected health information (or PHI) and is therefore subject to stringent rules about storage, access, and more. If a tool you’ve placed on your website is not HIPAA compliant, you run the risk of costly violations.
  2. Is this really necessary? Hear me out on this one: I’ve worked with organizations of all types, and it’s a common knee-jerk reaction across all industries to want the latest and greatest tools on the market. However, I’ve also seen very smart people spend an exorbitant amount of time and money attempting to solve a problem that never really even existed.

    When you’re considering a new technology solution — whether it’s an out-of-the-box solution or a custom programming project you’ve been discussing with your developer — consider the reality of what that solution will do. In some scenarios, spending large sums of money to save a couple of hours of work a week may not be the wisest solution.
  3. Does my team understand the potential implications? HIPAA regulations don’t stop at how a tool is implemented and how it stores data; many of the compliance rules have to do with the ways in which the information is accessed — and by whom. If team members are unaware of these requirements, they may jeopardize your organization's ability to remain compliant, even when utilizing data gathered from a HIPAA compliant tool.
  4. Should I loop in my cybersecurity team? With the ever-growing complexity of marketing funnels in the healthcare space, I think it’s safe to say that if your marketing department doesn’t already have a strong relationship with your cybersecurity team, now is a great time to start those conversations. Data breaches have, unfortunately, become extremely common, especially in the healthcare sector. In fact, the HIPAA Journal recently reported that the healthcare industry averaged roughly two breaches per day in 2021.

    And don’t worry: Bringing in your security team to evaluate a potential tool or a new strategy for collecting leads doesn’t signal that you’re incapable or that you lack critical knowledge in your industry. From my perspective, it’s quite the opposite. By leaning on the security experts to understand data and technology risks, you’re enabling them to do what they’re best at while freeing up your time to focus on strategic marketing.

In general, when I think of the common thread between these considerations, it’s about uncovering individual needs, individual responsibilities, individual strengths, and individual knowledge, and then leveraging those capabilities to accomplish a unified goal of connecting with more patients. Although the marketing and technology landscapes become increasingly automated with every passing month, placing value and effort into the human element remains key. Invest in the individual who is analyzing the data that’s being collected, the person who’s tasked with staying well-versed on security compliance, and the patient who is in need of your organization’s services. Each of these individuals plays a critical role in the overarching success of your organization, and considering how a technology decision impacts each of them can provide a great deal of insight as you evaluate potential risks and benefits.

Kevin West is a founding partner, Executive Vice President, and Chief Technical Officer for Full Media, a Chattanooga, Tenn.-based digital marketing agency specializing in health care. Full Media offers a full spectrum of HIPAA-compliant digital marketing capabilities within the healthcare space, including website design, online advertising, SEO, patient experience optimization, and analytics.