On August 14th, 2002, the final edits to HIPPA were published in order to combat the rapid evolution of healthcare information technology and its effects on personal information accessibility, to establish privacy standards for individually identifiable health information, and to ensure these standards do not get in the way of excellent healthcare provisions. We’re coming up on the 15th anniversary of said legislation, and its ramifications have never been more relevant. Paying close attention to HIPPA compliance is an absolute must for a healthcare organization’s marketing team – whether that’s internal or outsourced to a marketing partner. Let’s dive in.

HIPPA Compliance Examples

Examples of HIPPA compliance violations center around the dispersal of personal health information without permission, or negligence in keeping said information secure. If a patient requests access to their medical records, and they are given access to someone else’s medical records on accident, that is a major non-compliance issue. If a major healthcare system is housing their data in an unsecure location, that’s a major non-compliance issue. If an organization releases health documents that have not been approved for release, they’ll be liable for that action.

Following proper protocal down to the minute detail is extremely important when it comes to individually indentifiable health information. “Identifiable” meaning information that carries an identity with it. If a prescription for a specific person is released, with that person’s contact information attached, the prescription is individually indentifiable. If a prescription for “x” amount of “ABC” drug is accessed without warrant, but there is no individual associated with that prescription, it’s not identifiable. Although you may not be directly violating HIPPA regulations, you may still want to tighten up your security regardless. Unwarranted access of any information, identifiable or not, is obviously not ideal.

HubSpot and HIPPA Compliance

As a HubSpot Partner, their software is our go-to for all things inbound, digital, or content marketing. A subscription to their software also includes a free CRM. In researching the topic and communicating with our points of contact at the Boston-based company, it’s been determined that HubSpot is not inherently HIPPA compliant. It is recommended that private health information is stored outside of HubSpot, and HubSpot’s data is strictly used for marketing empowerment and automation.

Contact properties in HubSpot drive a lot of the lead nurturing and information available to marketers employing the software. Being aware of medically relevant information, and leaving that out of form fields on your website is important. You don’t need to know someone’s medical history in order to understand how to nurture them into an attendee of your hospital, buyer of your medical products, or client for therapy, etc. Here’s a little breakdown regarding the types of usable marketing information, versus the kinds of data that should not be utilized in your marketing efforts.

Useful Marketing Data

Non-HubSpot Data

  • Email
  • Buyer Persona
  • Lifecycle Stage
  • Page Views
  • Phone Number
  • Conversion Path
  • Last Activity Date
  • Job Title
  • etc…
  • Diagnoses
  • Prescriptions
  • Medical Records
  • Health Insurance Plan or Coverage
  • Drivers License Information
  • Names of Relatives
  • Therapy or Counseling Session Recordings or Notes


Focusing your marketing on getting contact properties in the first column associated with website visitors will allow you to understand how to nurture your contacts without infringing on HIPPA compliance regulations. However, using a contact’s health insurance plan or coverage to segment them into a massive email campaign is dangerous and illegal, let alone unethical.

In Conclusion

Every healthcare organization is different, and faces their own set of challenges. The same is true for marketing their services effectively and legally. This specific industry is so critical to the health and strength of the population internationally, that providing useful and meaningful information to people who need it is extremely important. Marketing success centers around the ability to do so.

Inbound marketing, and HubSpot specifically, can be used by any organization in any industry, even ones who must adhere to HIPPA compliance. There is no need for the storage of private information regardless of business case in order to achieve marketing success. Lead nurturing, emails, workflows, form fields, CTAs, and more should focus on information that empowers marketing performance. Leave medically chargered data and information to more secure databases and HIPPA compliant third-party vendors.