Free Guide:

How to Decrease Patient No-Shows

The total of missed healthcare appointments in the U.S. $150 billion! Learn how you can reduce your patients no-shows & stop losing money!


How To Be HIPAA Compliant With Your Patient Testimonials

Posted by Aprillice Alvez on Nov 12, 2020 3:42:15 AM


What is the HIPAA Law on Advertising?

Before you can post any testimonial from a patient on your website, social media account, or other marketing platforms ( e.g., print, radio), the HIPAA Privacy Law demands that you should secure a legal, written authorization form from the patient involved. The patient should sign a Notice of Privacy Practices and a patient testimonial advertisement form.

What is a Notice of Privacy Practices?

Healthcare practices shall give a Notice of Privacy Practices written in plain language, to patients under HIPAA rules, containing:

  • The date on when the notice is first in effect.
  • An overview of how a treatment, reimbursement, and healthcare operations should be used for PHI.
  • The following statement, as a header, or highlighted prominently elsewhere:


  • A summary of the types of PHI uses and disclosures needs patient authorization.
  • A statement that the patient may withdraw or revoke an authorization.
  • A description of the situations where the healthcare provider can use or disclose PHI without any written authorization.  
  • The name, title, and phone number of a person or office to contact for further information or questions about the notice.

How To Be HIPAA Compliant for Patient Testimonials

  • Be Transparent by Stating the Purpose in the Form

    Present the explanation of why the patient needs to complete the form. State the basic reason(s) and a detailed explanation of what is being revealed and how it will be used. For instance:

    I, April Venice, by signing this release, authorizes DrCatalyst, and their staff to use photographs, video images, or other likenesses of myself and/or my child, and the attached written testimonials, for the following purposes: (please include a list of your purposes)

    I recognize that the above-mentioned pictures and written/oral testimonials may be used, copied, and circulated by means of different print and electronic media, such as television commercials or social media.

  • Be Very Specific to Avoid Any Future Legal Altercations

    Include particular details in concern for the purpose of the authorization form. Take note of the following for your patient’s authorization forms when their testimonials will be posted on your social media, website, TV ads, newspaper, etc.:

    • Date and Signature – If another person is going to sign the consent document, the signee must include their name on the document stating his or her relationship with the patient involved.
    • Name of the practice and contact information – include the primary contact person, address, and telephone number.
    • Expiration date 
    • Name of the Patient
  • Add a Disclosure on How They Can Revoke The Authorization

    Details on how patients can withdraw or revoke their consent and the authorization form should be written in plain language if they want to do so. 


Partner with the Right Team

DrCatalyst can triple your patient volume by utilizing top digital marketing strategies, all while staying HIPAA compliant. Yes, it’s possible!

HIPAA compliance doesn’t have to be a roadblock in achieving your branding and marketing goals. Talk to our marketing experts and let’s start building your stellar online reputation TODAY.

Schedule a free consultation today!

Topics: healthcare digital marketing, digital marketing for medical practices, Online Reputation, HIPAA Compliance

Free Consultation