HIPAA, the 24-year-old law that regulates the release of patient medical information, doesn’t restrict data use for what many might consider marketing by healthcare organizations.
If a hospital kicks off an email campaign about a new medical group affiliation, new equipment at the facility or—more recently—information about offering COVID-19 testing or pandemic-related changes to operations, that doesn’t count as “marketing” as defined by the Health Insurance Portability and Accountability Act.
As a result, some software systems used to coordinate patient outreach can be linked to hospitals’ electronic health record systems, bringing information collected as part of patient care directly into the fold. But a patient’s protected health information is still covered by HIPAA, even once it’s pulled into such a system.
That approach makes it easier to send patients the types of communications that are most relevant and of interest.
A hospital in Milwaukee, Children’s Wisconsin, brings encounter data from its EHR into its customer relationship management, or CRM, system, which it uses to coordinate digital marketing campaigns.
The information helps the marketing team target messages to patients by service line or specific clinics they’ve visited, said Richard Hanson, the health system’s marketing manager.
Hospitals use CRM systems to coordinate email, direct mail and other types of communications, tailoring outreach by what consumers say they prefer, as well as tracking how they’ve interacted with the health system previously.
CRM systems build profiles on patients, mingling demographic and health data from the EHR with consumer and household data from third parties like credit bureaus.
The goal, according to vendors, is to understand what messages are relevant to different consumers at different times, as well as managing preferences for how they want to be reached.