ORLANDO - The issue of patient privacy makes healthcare marketers cringe. There are no federal guidelines that govern it yet and the state policies that define it are
inconsistent.
So healthcare organizations are expected to strike the right balance between providing responsible and targeted communications while avoiding the marketing landmines that
intrude on patient privacy.
Until the Department of Health and Human Services finalizes privacy standards, which industry experts say is still another three or four years away, your communications
policies should make patient consent a top priority.
This can be a cumbersome and time-consuming project but well worth the exercise when you consider the penalties for violating patient privacy. Disclosing personally
identifiable health information could result in fines of up to $100,000 and up to five years in jail.
With the heightened scrutiny patient privacy is getting from politicians and patient advocacy groups, patient consent and permission-based marketing programs offer the best
protective shields, says John Hallick, president of CPM Marketing Group in Peoria, Ill. Hallick, along with four other marketers, tackled this subject last month at the Alliance
for Healthcare Strategy and Marketing conference in Orlando.
While you don't have to become a privacy expert, it's important to consult with your legal team and department heads to design patient databases and communication programs that
mitigate risk.
Hallick suggests:
- immediately implementing procedures to gain patient consent for follow-up healthcare communication at all contact points, including patient registration forms and
online information-gathering efforts; - signing a business partner agreement with vendors that safeguard patient privacy;
- excluding patients with chemical dependency, HIV or psychological disorders from you databases because of the sensitive nature of these conditions;
- building patient databases that obscure identifiable medical information, such as patient names, social security numbers, addresses, etc.; and
- designing communication programs with opt-out mechanisms, which allow patients to discontinue their inclusion in your marketing efforts.
Getting Permission
Getting patient consent is not the same as permission marketing. "With permission marketing, you end up with a lot more information about your customers and prospects than
simply their consent, says Lisa Simovic, VP of marketing solutions at HCIA-Sachs.
Get this permission by asking the right, dialogue-engaging questions that demonstrate your commitment to providing customized healthcare information.
For instance, include this question in your call center campaigns: "May we use information from calls you've made to our service center to notify you of programs that may be of
interest to you and your family?"
To develop a targeted patient/prospect database for marketing programs that promote specific health conditions, consider asking these questions:
- Would you like to receive information on any of the following topics: diabetes, cancer, heart disease, etc.?
- May we keep your name on our list of outpatient surgery customers so that we can let you know, as a preferred customer, of other classes, programs or screenings that may be
of interest to you and your family? - May we use medical information from your current visit to help us notify you about other classes, programs and screenings?
(CPM, John Hallick, 309/698-1037; HCIA-Sachs, Lisa Simovic, 847/475-0211)
Passing the '60 Minutes' Test
Beyond patient privacy compliance issues, the ultimate goal for hospitals and health plans is to put in place ethical checks and balances that earn trust from hospital staff,
patients, the community and the media. If "60 Minutes" were to call tomorrow inquiring about how patient information is used for marketing communications purposes, would you be
prepared with a credible response that demonstrates the priority your organization places on patient confidentiality?
The image of patient information being compromised for unwelcome marketing efforts will devastate your organization's reputation, says Corbin Riemer, VP of marketing for the
Baltimore region of MedStar Health. Riemer cited an example involving a large healthcare system that drove this point home. The health system promoted a terrible twos reunion by
targeting mothers who had children within the last 12 to 36 months. It mined patient records to identify this target and wound up inviting an unmarried teen living at home to the
reunion. The teen had given up her baby for adoption and her parents were not aware of the pregnancy.
Avoiding this kind of patient privacy nightmare requires multiple layers of internal education on patient consent and using patient databases over the last six to 12-month
period based on "consented patients" exclusively for marketing efforts, says Riemer. Until you've developed this patient database, rely on a prospect database in the interim that
does not involve specific patient information.
Distributing FAQs (frequently asked questions) will also ensure that patients understand your organization's position on patient privacy. Provide clear-cut, easily understood
answers to questions like:
- What is a "consent" to release medical information?
- Does my consent still maintain the confidentiality of my medical records?
- What information will be released?
- How many hospital mailings will I receive?
- Will you sell my name to another company for their mailing list?
(MedStar, Corbin Riemer, 410/847-6723)