The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and personal health information. All healthcare organizations are required by law to adhere to those national standards, yet many unknowingly put themselves at risk by placing their patients’ health information in the hands of untrained, non-compliant vendors: videographers, photographers, copywriters, advertising agencies, and marketing firms. Jennings is proud to be among the very few healthcare marketing firms in the United States to receive HIPAA-compliance certification from a third-party data security and compliance solutions firm.
Jennings’ decision to undergo HIPAA compliance training and certification reinforces the firm’s leadership position within the healthcare marketing industry. “I am extremely proud of the work my team has done to make us a HIPAA Compliant marketing firm. This investment demonstrates Jennings’ commitment to providing superior service to our clients, from innovative marketing solutions and thought leadership, to protecting their patients’ private health information,” said Dan Dunlop, principal of Jennings.
The HIPAA Privacy Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the use of such information without proper authorization. The rule gives individuals control over whether and how their protected health information is used for marketing purposes. Healthcare organizations routinely request that patients sign HIPAA releases to secure their consent to use their images and information in advertising and marketing. However, a patient’s consent to share their information does not exempt the hospital’s vendors or business partners from adopting HIPAA compliant behavior to safeguard private health information. Advertising agencies, marketing firms, video vendors, photographers, and copywriters are required to sign Business Associate Agreements that document their adherence to HIPAA guidelines.
To obtain HIPAA-compliant certification, Jennings worked with SecurityMetrics, a leading data security and compliance solutions firm. Jennings spent more than 150 hours training all employees—from owners to interns—to adhere to necessary precautions for the protection of personal health information. Violating the HIPAA Privacy Rule can result in civil and criminal penalties.