If you have a hair restoration, dermatology, medispa, dental, or weight loss medical practice; before-and-after photos are crucial to your marketing plans. However, you are also legally required to follow HIPAA regulations… which affects your marketing.
HIPAA is the acronym for Health Insurance Portability and Accountability and comes from the HIPAA Act of 1996. The law primarily addressed two issues – privacy and insurance exclusions.
The portability portion means that if a person has a creditable health insurance plan when a medical condition occurs, their next insurance company is prohibited from (or extremely constrained in) excluding coverage related to that medical condition – as long as there has been no gap in coverage and the person provides proof of creditable coverage. It was designed to make it easier for consumers to change health insurance plans.
How Does HIPAA Affect Medical Marketing?
In terms of marketing medical services that affect people’s appearance, the privacy portion of HIPAA is the concern. HIPAA requires doctors and medical facilities to keep the patent’s personal identifying information private and secure – as well as providing copies of the patient’s medical records when the patient requests.
Also referred to as Protected health information, PHI is any information that can be used to identify a person. For most practices, this focuses on medical history, billing information, documentation of patient questions and conversations, etc. For medical services that involve a person’s appearance, like dental care, dermatology, hair restoration, and weight loss, it affects the before-and-after photos commonly used to promote their practice.
Do I Have to Follow HIPAA Regulations?
Legally, yes… you do, and if you’re smart you will. Willful violations of HIPAA regulations involve a minimum financial fine of $50,000 in addition to restitution paid to the victim. A jail term is also possible for criminal HIPAA violations.
How to Make Before-and-After Photos HIPAA Compliant
While before-and-after photos are one of the best ways to demonstrate the results your medical practice can provide and attract prospects, you are also legally required to protect the privacy of your patients. Can you do both?
Yes, HIPAA-compliant before-and-after photos are possible. However, doing so involves a few concerns and layers of privacy protection.
First, your patient must provide consent in writing. This consent form should not be buried in a pile of documents to sign for insurance purposes, medical history documentation, etc. To protect your practice, it’s best if you or a staff member thoroughly trained in HIPAA compliance explains to the patient how the photos will be used before having them sign the consent form. Describing it as just something to help them see their progress or for documentation purposes and then using them later for ads or marketing is misleading and a HIPAA violation.
Have a lawyer with HIPAA experience create – or at least review – the consent forms. It’s probably best to have two sections: One for consenting to internal use, such as documenting your progress for your medical records, and one that provides consent for their photos to be used in marketing and advertising. That can help ensure the patient doesn’t misunderstand the two distinct purposes and consents appropriately.
Second, the before-and-after photos should not show any personal identifying information. Part of that involves not showing full faces. If you have a dental practice, focus on the person’s mouth/smile without showing the rest of the face. For a hair restoration practice, only show the head above the eyebrows, for example.
Weight loss practices tend to crop out or digitally obscure faces. If doing the latter, make sure it’s done in such a way that someone downloading the image can’t reverse it and reveal the original image.
Cropping and careful image framing won’t solve everything though. Even when not showing a person’s face; a distinctive birthmark, mole, tattoo, etc. could still identify a person. Make note of any such identifying marks in the area to be photographed. Digitally removing them, with or without using actual concealer makeup as a further precaution, is probably the best option… but then it’s even more important to ensure the digital erasure can’t be reversed by a third party.
Additionally, all such images must be stored in a HIPAA compliant fashion. Photography or video equipment should be stored securely and not leave the office unless the data is wiped. Don’t use patient names on the image files. NIH has further guidance on imaging and HIPAA compliance.
As you can see, as valuable as before-and-after photos can be to the marketing of your medical practice, it also involves some serious regulatory concerns. Experience counts in avoiding HIPAA violations.
Note that the advice in this blog should not be misconstrued as legal advice. Consult with an attorney to ensure that any consent forms involving before-and-after images meet HIPAA compliance regulations as well as your image storage process.
Efferent Media Is the Medical Marketing Experts
If you’re a medical practice, HIPAA compliance is essential. Unfortunately, not all marketing agencies are created equal. At Efferent Media, we specialize in medical marketing and all of the related regulatory and HIPAA concerns. If you have a medical practice, medispa, hair restoration business, etc. give us a call to learn how our medical marketing experience can increase your leads and grow your business. Contact us today.