Avoid HIPAA Headaches: Marketing Mistakes Dental Offices Make


Could you be making major HIPAA mistakes and not even realize it?

You know how serious HIPAA is. But not a lot of office managers know that compliance extends to marketing.

So our very own Kelsey Halvarson went on AADOM…Click to open in a new tab Radio to spread the word for fellow dental offices.

He’ll share:

  • 6 HIPAA marketing mistakes often overlooked.
  • An action plan to fix those mistakes and fast.
  • Why HIPAA could skyrocket your SEO rankings and visibility.
  • Our HIPAA Marketing Toolkit, which is packed with checklists and audits to keep your marketing compliant but fun.

Listen to AADOM’s podcast above and get the outline of his conversation below:

Why did Roadside Dental Marketing become a HIPAA-certified digital marketing agency?

As a dental office, you understand the importance of protecting your patients’ sensitive data.

That’s why it’s crucial to work with a digital dental marketing agency that’s HIPAA-compliant.

At Roadside Dental Marketing, we made the decision to become HIPAA-compliant to better serve our dental clients and protect their patients’ sensitive data.

Maintaining HIPAA compliance as a marketing agency requires ongoing training and education.


We’re committed to doing the hard work to protect our clients.

By working with a HIPAA-compliant marketing agency like ours, you gain peace of mind and a huge host of benefits.

Google is very serious about being accessible to everyone.

  • You’ll notice an increase in your online visibility.
  • You can reach your target audience more effectively.
  • Your search engine rankings will improve and drive more traffic to your website.
  • You’ll develop more targeted and personalized digital marketing campaigns that resonate with your audience.

This helps you stand out from the competition.


It protects your brand reputation and builds trust with your patients and clients.

6 common HIPAA marketing mistakes most dental offices are making (and how to fix them)

Now the mistakes we’re about to list…

This is NOT to scare or overwhelm you.

In this list, we’ll give you actionable steps you can take to quickly correct these mistakes and get you on the right path.

Mistake #1: Responding to reviews

I know you’re probably thinking…

What?!? You told me to respond to reviews.

And you should! But HOW you respond could be in direct violation of HIPAA.

Responding to a review that mentions a patient receiving treatment at your office can be a violation of PHI (Protected Health Information).

This can result in serious consequences for your practice.

So how should you respond to reviews that are HIPAA compliant?

Focus on your office policies and use generic terms that don’t offer any specific patient information.

For example, a bad response would be:

We’re so glad you enjoyed your experience with us and look forward to seeing you again soon!”

This response mentions the patient’s experience and could potentially reveal that they received treatment at your office.

On the other hand, a good HIPAA-compliant response would be:

GOOD RESPONSE: “We aim to deliver the best care to patients and love to hear positive experiences! Thanks for sharing this feedback!”

This response doesn’t mention the patient or their specific experience, making it safe and compliant with HIPAA regulations.

We listed more great examples in our blog: How to Respond to Reviews in Compliance with HIPAA Guidelines

Mistake #2: Your website isn’t secure

Unfortunately, many dental offices make the mistake of not having a secure website that meets HIPAA compliance requirements.

Here’s what you need to know:

  • Having an SSL (Secure Sockets Layer) on your dental website is required for HIPAA compliance.
  • This ensures that all data transmitted between the website and the user’s device is encrypted, creating a secure connection.


How do you know if your website is secure?

  • Look at your website URL.
  • Look for a lock right by your website URL.
  • Make sure it’s closed.

Look for a closed lock by your website URL to confirm your website is secure.

If you don’t see these signs of a secure website, it’s time to talk to your website company about getting it secure. They should be able to easily do that for you.

By ensuring that your website is secure, you can protect your patients’ sensitive data and maintain HIPAA compliance.

It’s a small but crucial step in safeguarding your patients’ privacy and building trust with them.

Mistake #3: Your website forms aren’t HIPAA compliant

We know…

We’re going after the most beloved featured for dental practices and patients:

Website forms!

Don’t kill the messenger 🫣

But when patients fill out website forms, they’re providing sensitive information that needs to be protected.

You’re collecting their PHI.

If your website forms aren’t HIPAA compliant, you could be exposing your patients’ sensitive data to potential security breaches.

So, what can you do about it?

Ask your website company if your forms are HIPAA compliant.

If they aren’t, then ask them what needs to happen to make them HIPAA compliant.

At Roadside, we’ve built a HIPAA-compliant CRM system. What does that mean?

  • All website forms on your website are HIPAA-compliant
  • Any patient information given to us will be protected and secured
  • All your marketing campaigns and SEO work are protected from HIPAA

Mistake #4: You don’t have a Notice of Privacy Practices on your website

You’re required to have a Notice of Privacy Practices (NPP) that explains how you use and disclose patients’ PHI.

But did you know that HIPAA requires you to have the NPP on your website as well?

Here’s what you need to know:

  • Your website should have an NPP that explains how you use and disclose patients’ PHI.
  • The best place to put it is on your New Patient Information page, where you keep all of your forms.

Mistake #5:You don’t have written authorization for using patient photos and videos

Let’s paint a picture:

You did this amazing cosmetic case for your patient. She’s happy – sings your praises!

You want to showcase your best work and share success stories with potential patients.

It’s how you’ll get more new patients.

It’s great social proof for your marketing. You snap some photos. Take some videos.


If you don’t get her WRITTEN permission to market it (not just verbal), then you’re in a HIPAA violation.

Here’s why that’s a problem:

  • Using patient photos or videos without their written authorization can be a violation of their PHI.
  • This can result in serious consequences for your practice, including fines and loss of patient trust.

So, what can you do about it?

Mistake #6: You don’t have Business Associate Agreements in place with third-party vendors

You work with various third-party vendors to manage different aspects of your business.

However, many dental offices make the mistake of not having Business Associate Agreements (BAAs) in place with their third-party vendors.

Here’s why that’s a problem:

  • Anyone who deals with patient PHI should have a BAA in place as part of the HIPAA Privacy and Security Rules.
  • Without a BAA, your third-party vendors may not be taking the necessary steps to protect your patients’ sensitive data, which could result in HIPAA violations.

So, what can you do about it?

  • Identify all third-party vendors who handle PHI, including your marketing vendors.
  • Obtain a written BAA from each vendor to ensure that they’re taking the necessary steps to protect your patients’ sensitive data.
  • Monitor your vendors’ compliance with HIPAA regulations.
  • If a vendor is non-compliant, terminate your relationship with them immediately.

The HIPAA Marketing Toolkit with a marketing audit checklist, patient consent form, and review templates.

HIPAA Marketing Toolkit: Your Guide to Compliance

We know HIPAA compliance can be overwhelming, especially when it comes to marketing your practice.

But don’t worry – we’ve got your back.

Check out our HIPAA Marketing Toolkit…Click to open link in a new tab…, which includes everything you need to stay on top of HIPAA compliance and market your practice effectively.

Here’s what’s included:

  • HIPAA Marketing Audit Checklist: Make sure you check all the boxes to remain HIPAA compliant.
  • Patient Consent Form: Have your patients sign this form if you want to use their videos and photos in your marketing.
  • Review Templates: Use our templates and examples to respond to reviews that are HIPAA compliant.

It’s yours – 100% free because we really do care about protecting dental offices.

People need their smiles, and we don’t want the fear of HIPAA to prevent offices from marketing and being authentic.


Leave a comment:

Your email address will not be published. Required fields are marked *