Partnering marketing and privacy to develop a proactive privacy program

By Lisa Taylor, JD, CCEP, and Daniel S. Elmlinger, MHSA, CHPC

Lisa Taylor (lisa.taylor@uchealth.com) is Vice President & Chief Compliance Officer, and Daniel S. Elmlinger (daniel.elmlinger@uchealth.com) is Compliance Operations Analyst at UC Health in Cincinnati, OH.

Privacy programs need to take the pulse on what is going on in their organizations, but some programs may struggle to keep up with their organizations’ initiatives. Put simply, there is a limited number of people in privacy programs (sometimes only one person or a fraction of a full-time equivalent) but a multitude of information and ideas being exchanged across the organization. Sometimes privacy may get pulled into an idea or issue too late, or sometimes not until after a decision has been made, and then weeks, months, or maybe even years of work and procedures must be undone in order to safeguard patients’ privacy. Every privacy professional dreads this moment, but every privacy professional can likely remember at least one incident like this. Short of approval to hire as many members onto your team as you would like, the next best solution is to proactively partner with teams in your organization. This partnership will help encourage a culture of compliance in your organization, one team at a time. One of the best teams to work with in your organization is the marketing & communications team.

This article will provide tips and suggestions to leverage your organization’s marketing and communications (marketing) department to help develop a more proactive privacy program. This leverage comes from:

  1. More efficient social media monitoring for possible HIPAA issues;

  2. Risk-specific training and development with your workforce;

  3. Better communication about your privacy program and what it does;

  4. Compliance with the Breach Notification Rule in case the worst happens at your organization; and most importantly,

  5. Stronger safeguards for some of your organization’s high-profile patients.

First things first

Before implementing these tips and suggestions, privacy programs should examine the relationships they have with their marketing teams.

Privacy leaders:

  • Do you know your organization’s marketing leader(s)?

  • Do you meet with your marketing leader(s) regularly?

  • What is the context in which you meet with your marketing leader(s)?

  • What do you discuss with your marketing leader(s)?

Privacy operations staff:

  • Do you have contacts on the marketing team to help you with day-to-day issues?

  • Does the social media team within marketing know what to do if they see a HIPAA issue online?

  • Does the social media team know what they can say on social media when a person identifies themself as a patient on a public page?

  • Do the copywriters, photographers, and videographers know when they need to ask you to review content before publication?

If the answer to any of the above questions is “No,” or anything indicating a potential for a stronger relationship between your two teams, start working on the relationship.

Leader-to-leader relationship development

As the privacy leader for your organization, you should evaluate if you have an effective relationship with your marketing leader(s). If you do not have one, then establish one. Initiate the relationship by asking for some brief one-on-one time, and frame it as seeking to better understand what their team does, what your team does, and how the two of you can work together for the betterment of the organization. This can be a cup-of-coffee discussion, lunch, or a formal meeting—whatever you and marketing prefer. Once you have level-set with the leader, agree on recurring meetings between the two of you to check in and see if there is anything privacy can help marketing with, or vice versa.

Marketing often has a pulse on the rest of the organization and upcoming strategic initiatives, which, when appropriate, can be shared with privacy. Conversely, privacy can offer personalized training to marketing, such as when an activity is or is not considered marketing under HIPAA, when an authorization is needed, or whom to contact on the team for a specific issue. This relationship between leaders will facilitate the staff-to-staff relationship development discussed next.

This document is only available to members. Please log in or become a member.
Become a Member Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings