In 2020, Premera Blue Cross got hit with a $6,850,000 settlement for exposing the private health information (PHI) of 10,466,692 people. If you think there’s no way your company could ever make that kind of mistake, you should also know that many healthcare companies received over $100K in fines for HIPAA violations affecting only one person.
When you’re sending healthcare communications on such a massive scale, it’s all too easy for compliance issues to get overlooked. A HIPAA-certified direct mail partner that provides automation and tracking will help you stay compliant and avoid a multi-million dollar fine.
While HIPAA only has five “rules,” each of these rules is broken down into a variety of sub-rules, lists, and more. Memorizing these HIPAA laws word for word just isn’t realistic. You need a cheat sheet.
When it comes to direct mail in particular, the most important thing to remember is what you can and cannot send. Direct mail is important for patient correspondence, but you cannot include any information that could expose a person’s identity, such as:
What you can send:
Healthcare companies should avoid using standard mail to send any health information. Not only does it violate HIPAA, but it also poses a privacy risk if someone other than the intended recipient were to open the mail. Your options are:
Using these methods will protect your patients’ privacy and protect you from unauthorized disclosure fines.
Manually printing and mailing invoices, educational brochures, and EOCs isn’t scalable when you have thousands (or millions) of patients. Instead, automate it! Find a direct mail service like Lob that can integrate with your current systems to trigger statements, invoices, and more based on digital events.
No more printing, filling envelopes, and delivering letters by hand days or weeks after an appointment. You can send direct mail with automatic triggers almost immediately—at scale—and have it delivered within a few days.
This not only helps you deliver communication more quickly, but it also helps you save thousands of hours of employee time. For example, healthcare company VillageCareMax saves over 4,000 hours a year by using Lob to automate their direct mail communication with patients.
This automation also improves the patient experience and removes the friction that often results in delayed payments or miscommunication. In fact, trigger-based sends helped women’s health company Myriad improve collections by 20%.
Even if you’ve done everything you can to stay compliant, the threat of an audit can still have you and your employees constantly scrambling to check and recheck your records and mailings. Luckily, there are even more measures you can take to ensure compliance and ease the fear of audits. Companies like Lob offer HIPAA-compliant mailings and full encryption during the production process.
For example, Clover was spending a huge amount of time preparing for audits. Now they use Lob’s API to remain compliant, so their employees can focus on more high-level concerns.
Manually typing or writing addresses—whether it’s you entering addresses into your system or your patients filling out a form—leaves too much room for error. Plus, sending medical records to the wrong address, even by accident, is a HIPAA violation.
Find a direct mail platform like Lob that offers address verification and tracking so you can make sure your direct mail gets delivered to the right person. This will help you stay compliant and reduce the likelihood someone other than your patient will open the mail.
Remaining HIPAA-compliant is necessary, but it doesn’t have to be difficult. Partnering with the right direct mail service that knows its stuff will help you rest easy knowing your mail is compliant, on time, and reaching the intended recipient. When you’re not worrying about HIPAA, you can spend more time caring for and engaging with your patients and improving your provider-patient relationship.