Blogging can do a lot for physicians and other healthcare providers. When you have custom content at your website, you’re offering reliable patient education information, demonstrating your authority in your field, and giving your website the SEO boost it needs to show up when prospective patients look for it. Many healthcare providers worry about keeping track of regulations, but this isn’t the problem you might think it would be. HIPAA compliant blogging requires thoughtful consideration of patient privacy. To make sure you’re compliant, be aware of the HIPAA identifiers.
What are HIPAA identifiers?
The Office of health and Human Services has listed 18 specific identifiers for HIPAA compliance:
- Names of patients and their family members and employers. Names of physicians and other team members can be used.
- Location, meaning any regional information smaller than a state
- Dates, including dates of birth, death, or medical procedures, plus ages over 89.
- Phone numbers
- Fax numbers
- E-mail addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers
- Certificate or license numbers
- Vehicle identification numbers, including license plate numbers
- Device identifiers and serial numbers
- URLs
- IP addresses
- Biometric identifiers such as fingerprint
- Identifiable photos, including faces but also any identifiable images
- Any other unique identifying information
Number 18 is intentionally very broad. If you have one judge living in your town, the name of the town and the fact that your patient is a judge is going to count as identifiable information.
Why focus on the HIPAA identifiers?
Since #18 basically says, “and anything else we didn’t think of,” you may feel that using the identifiers won’t help you ensure HIPAA compliant blogging. However, it may be easier for your blog editor to skim for names and numbers than to rely on his or her own judgement.
The identifiers also specify some issues that you might not think of offhand. Describing a patient as “a 96 year old woman living in a small community in Central Arkansas” may narrow down the total number of people you could be referring to significantly. Referring to a “13 year old patient in Texas” would include a much larger pool.
You’re not likely to share a patient’s IP address in a blog post, but you might link to a patient’s blog. You probably never type out a medical record number, but there are other ways to inadvertently share that kind of information. Numbers can accidentally show up in photos — you might not even notice a file folder with an identifying number on it or a readable license plate number in a picture of a building. Using the identifiers as a checklist can help with this kind of information, which can easily be overlooked.
Being HIPAA identifier aware
Here at Haden Interactive, we’ve written for so many organizations that need to follow HIPAA requirements that HIPAA-compliant blogging is second nature for us. That might not be true if your blogger is a college student or another less-experienced individual.
Many small businesses, including private healthcare providers, know that blogging is important for patient education, thought leadership, and SEO. Yet they pass the job over to someone whose main qualification is that they have some free time. The primary consequence, most of the time, is that their website doesn’t show up well in search or doesn’t provide great value for patients.
Consider hiring a professional content firm like Haden Interactive instead. The ROI will probably be much higher. We’d love to talk with you about your HIPAA-compliant blogging needs. Use the simple form below to tell us more about your organization.
Leave a Reply