Here's some basic information that might help you get a better understanding of what HIPAA is—and how it affects your direct mail.
While there are very stringent privacy guidelines around the use of PHI for marketing purposes, it’s okay for healthcare providers to use it when sending communications about their own products and services.
This means a healthcare provider can use its patient list to announce a new piece of equipment or service. For example, it's okay for a healthcare provider to send a flyer about its new weight loss program to all clients defined as obese, even if the treatment they received was not for obesity. It’s not okay to sell that same patient information or share it with another organization who wants to use it for marketing though, which brings us to the next, and perhaps most important, part of the HIPAA guidelines as they relate to direct mail: data security.
Note: Wellness programs generally do not fall under the HIPAA guidelines, and so are not subject to the same regulations.
If you’d like to use your PHI for a direct mail campaign, you likely can do so; you just need to work with a HIPAA compliant direct mail printer to ensure your data will not be compromised. Contrary to what’s often implied, there is no official “HIPAA certification,” but the closest a printer can get is to undergo a rigorous third-party audit of their systems, data security measures, and general plan and processes. This is something we at Design Distributors do regularly.
HIPAA compliance is not a “one and done” process, and is not based on a single certification. Complying with the HIPAA regulations is an ongoing process, that we are very committed to in our facilities. We continuously make sure we have security processes in place to handle data from organizations that maintain Protected Health Information (PHI). This is supported by our data management systems that were created to conform to strict ISO 27001 standards.
Design Distributors is a secure facility. The rigorous audit process we’ve passed to become HIPAA compliant will give you the peace of mind that your data is safe. We enforce these high standards across all clients—even those who do not fall under HIPAA guidelines—so your security is hard-wired into the core of our organization. You take great pains to keep patient data safe, and when you share it with Design Distributors, you can trust that we’ll keep it secure as well.
BACK TO THE BASICS
HIPAA stands for the Health Insurance Portability and Accountability Act. It contains five parts—or titles—and was designed for two reasons: to make sure everyone would be able to maintain health insurance between jobs, and to create guidelines for secure handling of Protected Health Information (PHI).
Title 2 specifically contains The HIPAA Privacy Rule, which went into effect in 2003. The Privacy Rule regulates the use and disclosure of Protected Health Information (PHI). PHI is any information held by a “covered entity” which concerns health status, provision of health care or payment for health care that can be linked to an individual. A covered entity includes medical service providers, health insurers, employer health plans and healthcare clearinghouses.