The Number One Thing Healthcare Marketers Should Be Focusing On, But May Not Be
On a day-to-day basis, healthcare marketers are looking to grow their practice, discover the most effective tactics and stand out from the competition. But many healthcare marketers are missing a critically important priority in their strategy: security.
While security is and has always been an important concern for healthcare organizations, in the digital age, staying secure and protecting patient privacy requires dedicated and ongoing focus. Unfortunately, many healthcare organizations are not keeping up.
Healthcare cybersecurity is a pressing concern and only becoming moreso.
Last year, there was a 17% increase in data breaches across all verticals. Among healthcare organizations, the number of data breaches per month has been on a steady rise since 2010, hitting record highs last year. While many of the data breaches are due to malicious phishing or ransomware attacks, others are caused simply from a lack of awareness and education concerning how data is stored on the Internet.
Just last month, Tech Crunch broke a story reporting that hundreds of hospitals, medical offices and imaging centers are uploading millions of private medical images every day to unsecure servers that anyone can view, accompanied at times by the patient’s name or even their social security number.
For healthcare organizations, data breaches can incur significant financial penalties due to HIPAA regulations. But more importantly, they reveal sensitive information, which can cause patients to lose trust in the organization. Gallup’s Business and Industry Sector ratings indicate that the Healthcare Industry is at the bottom of the list in public perception – with only the Federal Government and Pharmaceuticals viewed more negatively.
So what role do healthcare marketers play in helping their organization stay secure?
With one foot in the realm of PR, managing patient experience and public perception, and the other on the forefront of technology, healthcare marketers have a critical role to play in helping healthcare organizations. Healthcare marketers are not only gatekeepers to a lot of sensitive data for their organization, they are also directly impacted by the fallout of public breaches. This makes healthcare marketers ideal to step up as organizational advocates for security and patient privacy best practices.
If you’re ready to make security a pillar in your healthcare marketing strategy, here’s five steps to get you started:
1. Review how you are collecting and storing patient information online
Whether you have an appointment form on your website, a class sign-up, a chat or call tracking component, or any feature where patients are sending information to your organization, you may be collecting Individually Identifiable Health Information, which is protected under HIPAA regulations.
Whenever someone submits that information, do you know where that information is stored and who all has access to it? Understand that simply password protecting a patient’s personal health information does not meet HIPAA standards. This data must be stored on a server that meets HIPAA standards, and it should only be accessible by individuals and vendors who have also been trained on HIPAA compliance.
It is important to select platforms and vendors that can ensure compliance, secure your data appropriately and manage it with expertise about the unique standards for sensitive patient data.
2. Make sure your website is accessible
Lawsuits for online ADA compliance are on the rise, and healthcare organizations can be big targets. In 2018, lawsuits targeting business websites over ADA compliance rose by 30% and this number is only expected to grow.
Healthcare marketers should be aware of Web Content Accessibility Guidelines (also known as WCAG.) These guidelines are not just important to discuss whenever you launch a new website, they also impact how you continue to update and add new content or pages to your website. Anyone who has access to make changes should understand how to maintain website accessibility.
Unfortunately, many of these online standards for accessibility or privacy can be vague. We encourage healthcare marketers to have an open line of communication with legal counsel or an internal compliance director to continue to review federal regulations like the ADA or HIPAA.
3. Be proactive about new digital privacy standards
The tides are changing for online privacy, leading to big shifts in how online advertising and data collection is done.
In the past two years, two landmark privacy laws have passed, specifically targeting digital giants like Google or Facebook, who collect massive amounts of data on people as they navigate throughout the web and make that data available to marketers who want to deliver more relevant advertising. However, just because the law targets the giants doesn’t mean it won’t have a big impact on smaller organizations.
While these two landmark laws, the GDPR and the CCPA, only impact citizens of the European Union and California, many experts predict that they lay the groundwork for other states and the Federal Government to pass similar laws. While the two laws are distinct, they give people more access and control over how websites collect and use their data. So any website that has collected data about a citizen of California or the EU is subject to these laws.
Big tech and big players in healthcare may lobby against new privacy laws, influencing some of the nitty gritty details, but there’s no doubt that providers will need to be more transparent with how they collect and use patient data in the future.
4. Advocate for cybersecurity best practices in your organization
A recent study by Kapersky, a cybersecurity company, found that one third of healthcare employees said they had never received cybersecurity training. More alarming, they also found that 18% of healthcare employees reported that they didn’t understand HIPAA security. By ensuring that you and your marketing team are educated on these important standards, you will not only help protect your organization and your patients, you will also be ahead of others in your field.
Remember that you don’t have to do it alone! Many IT companies will offer training for employees and audits to help test that training. Selecting educated, security-minded vendors who understand healthcare and its unique regulations is important. Lean on those vendors to help ensure that you are current on the latest technology or regulations, your staff is trained, and that you are keeping your patients’ data secure.
5. Be prepared for a breach
Our cybersecurity landscape in 2020 is too complex to believe that it will not happen to you. Data breaches are becoming increasingly common. While taking the steps above will decrease the chances that you will experience a breach, it will also ensure that you have taken the right steps to recover from a breach and regain public trust.
If something does occur, you will have your team of experts assembled: marketers, compliance specialists and attorneys, security-minded vendors and trained employees. If each member of that team is fully educated on what measures you have in place, you can identify and fix cybersecurity risks or breaches quickly, and then reassure your patients that you have the situation well in hand.
About Full Media: Full Media is a healthcare Internet marketing and web design agency. We have eleven years of experience serving healthcare organizations as a partner in their digital marketing strategy. Learn more.