It doesn’t matter if you work in a small doctor’s office or lab or for a large hospital chain; all healthcare professionals need to have an online presence. Healthcare and medical providers face a growing set of unique challenges in the SEO world because of the intense need for privacy and sensitivity they face. HIPAA compliance rules make it difficult to directly address some online concerns, but patients are demanding higher levels of satisfaction. They’re voicing their opinions and concerns online — loudly.
If you happen to be operating in the healthcare industry, this is an important topic. A single negative review on sites like RateMD can sink a private clinic lightning-fast, leading to a loss of patients or even eventual lawsuits.
Your job is to balance the need for privacy, respect, and sensitivity with the need to market your brand and business. Here’s how to achieve that goal and what you need to know in order to avoid a PR disaster.
Overview
Organic SEO Results in Healthcare
Let’s be realistic – just about everyone with internet access tries to look up some sort of healthcare information now and again. Don’t even pretend you haven’t tried to play Dr. Google at least once; we all do it. Healthcare providers often show up in those searches, especially if they use the right keywords and content.
How can you make the most of that? The key is to make sure you are using the right keywords and strategies as they relate to your practice or specialties. This can take a little bit of finesse and skill.
In terms of keywords, a primary care physician may want to use search terms that relate to their geographic area, to their areas of specific interest, or even to the specific age groups they treat (e.g., geriatrics or pediatrics). Some choose to focus on the type of insurance plans they accept instead, because searchers often look for what their insurance will cover first.
A specialist, on the other hand, may be able to take a broader approach regarding geographic area since people are often willing to travel further for a well-known, highly-skilled specialist. Other keywords would have to be more specific to their areas of expertise; e.g., cardiology, endocrinology, orthopedics, and related terms.
Once you have a specific list of healthcare related keywords, the practice’s website will need to be properly optimized. The site’s title descriptions, meta tags, and of course content should all reflect your chosen terms. Unique on-site content needs to be created around these terms, and not just within service and information pages, but on informative blog and article pages, too.
Healthcare providers are not exempt when it comes to creating high-quality content for SEO purposes. In fact, because most are classified as industry experts, visitors often expect an even higher level of content than they might from, say, a department store, restaurant, or hair salon. Keep this in mind at all times.
SEO and HIPAA
HIPAA, or the Health Insurance Portability and Accountability Act, was designed to create guidelines healthcare facilities must follow in order to keep patient information safe and secure. While this generally applies mostly to patient files and how they are shared among different offices and other providers, there are some things you need to keep in mind for SEO and marketing purposes.
- Your website should be using SSL (Secure Socket Layer) to prevent unauthorized access to private information. This is especially important if your website has an online portal your patients can use to connect with the office, send messages, and view records. Having SSL will help boost your rankings.
- HIPAA requires that all websites have a Notice of Privacy Practices in order to remain compliant. The notice must specifically disclose how information is collected and how it will be used.
- HIPAA guidelines require medical websites to change their passwords on a regular basis. It also dictates that only certain people in your organization should have online access to PHI (personal health information).
- In terms of website content, you must have a patient’s express, written permission to share details of their treatment or story on your website or social media platforms. This includes anecdotes, even if you switch out a few details to try and mask the possible connection of identity.
In short, everything you do must comply with HIPAA guidelines. The actual bill is almost 140 pages long, though, and most of us here aren’t lawyers. If you are ever in doubt, have your practice attorney take a look at the regulations and your plan. This is one instance in which it’s best to be safe, rather than sorry (or even sued).
HIPAA and Review Management
Review and reputation management is a huge part of search engine optimization. Every business entity should be paying attention to what people are saying about them online, but healthcare providers need to be especially conscious of this feedback. Patients can leave reviews just about anywhere, including the standards like Google, Facebook, and Yelp, as well as other narrow-themed sites like Vitals, HealthGrades, ZocDoc, and RateMD.
Some patients will leave reviews on third-party sites and write their own Facebook posts or blogs about what happened during their office visits. They may or may not call you out by name. The important thing to remember is that you simply can’t engage with these people or reply with specific details. Not only is it a HIPAA violation, but it’s also extremely ethically questionable, too.
We’ve seen business owners react emotionally to reviews time and time again, but you simply can’t do that in the healthcare industry. In most instances, best practice would be to leave a comment inviting the person to contact your office so that you can go over their issues. There is very little else, even if they disclose personal details, you can say online without violating HIPAA.
HIPAA and Social Media
Having a social media presence is obviously important to SEO, but your profiles can be a ticking HIPAA time bomb if they are not handled properly. The first problem is that too many healthcare organizations allow employees who seem social media savvy to handle their accounts without any true knowledge of social media management. They get over excited, post pictures, and share details they simply shouldn’t.
That snapshot of Carol laughing with your patient last week you posted to Facebook? If you don’t have a waiver signed for it, it just might get you in trouble.
The biggest thing to remember when it comes to social media is that nothing you share should include anything at all that could tie the post back to a specific person – directly or indirectly. It doesn’t matter if you didn’t use a name if you did use a full-face photo. HIPAA guidelines specifically forbids you to use any PHI in your marketing or social campaigns, paid or organic. Just don’t do it.
You also need to make sure your staff are trained to not discuss the details of their jobs on their personal social media accounts. VeryWell shared an article detailing some chilling examples of privacy violations gone wrong, including an EMT that posted enough details about an assault victim that the media was able to figure out where the victim lived. This can lead to real, serious harm – physical and emotional – especially in situations where a crime has been committed.
The key to good healthcare SEO is to make sure the information you distribute, whether posted on your website or on social channels, sticks to your area of expertise without using real-life examples or personal details. You can be friendly, informative, and engaging without violating someone’s privacy.
If you do want to share something about a patient, do the right thing – ask them for permission. Have them sign a waiver giving you permission to share that inspiring story or successful treatment picture. They’ll appreciate it, and so will your lawyers.