In this episode of the Concierge Medical Marketing Podcast, host Steven Schwartz speaks with Carl White MarketVisory Group about the critical importance of HIPAA compliance in medical marketing. They discuss the common blind spots that healthcare providers have regarding HIPAA, the necessity of Business Associate Agreements (BAAs), and the implications of using marketing tools that may not be HIPAA compliant. Carl shares insights on how to navigate these challenges, the importance of proactive measures, and resources available for healthcare providers to ensure compliance. The conversation emphasizes the need for awareness and action to protect patient privacy and avoid legal issues.

Chapters

00:00 Introduction to Concierge Medical Marketing
03:33 Understanding HIPAA Compliance in Marketing
12:36 Key Principles of HIPAA Compliance
17:07 Marketing Strategies and HIPAA Overlap
21:26 Proactive Measures for HIPAA Compliance
29:47 Final Thoughts and Resources
33:40 Introduction to Concierge Medical Marketing
33:41 Strategies for Growing Your Practice

Steven Schwartz (00:26)
Hello and welcome to the Concierge Medical Marketing Podcast. I’m your host, Steve Schwartz, and it’s my privilege to have you along today on our discussion. Today I’m pleased to speak with Carl White of MarketVisory Group. you’re based in Chicago. Welcome to the podcast.

Carl White (00:44)
Thank you for having me on, Steve. I’m looking forward to it.

Steven Schwartz (00:46)
Wonderful. Thank you. So as you know, this podcast is designed specifically for medical providers who are in the concierge medical space or direct primary care specifically, but your background is a little bit more expanded from that in healthcare marketing in general. you please share with our listeners just a little bit about yourself, like where you went to school, your background, who you’ve served in the

and the type of services you offer.

Carl White (01:17)
Sure.

Sure. Well, today our agency, I say we are a healthcare marketing agency, our niche is private practices, so all stripes. If you provide care.

whether you’re a doctor or a dentist or whatever, and you own your practice and you want to keep it that way, and we would like to help you out if you feel marketing is the help that you need. And we’ve been doing that Mark Advisory Group for about seven-ish years. I’ve been doing marketing and healthcare forever. Grew up, parents, my father was a pharmacist, owned an independent pharmacy back when that was a thing. You can still find them, but there are fewer and farther between. And I did everything. I delivered stuff, I cleaned stuff, I waited on people, you name it.

in that store for summers, nights, and weekends for years. I worked at a company called Baxter. Many people have heard of Baxter. It’s not like a household name, but if you are, it’s funny, if you’re in an intensive care unit and you’re unconscious, you’re surrounded by Baxter products, and so the doctors and such know us. Another company called Hollister did that for about

15, 20 years and then off to Mark Advisory Group. I’m from the Northeast originally, but I’ve lived in the Midwest since college, went to WashU in St. Louis, got an MBA in Michigan, go blue. And so the Midwest, longer than the Northeast, but day to day they look and feel an awful lot alike.

Steven Schwartz (02:40)
All right, and when you get a chance, come down and visit us in Vero Beach, Florida, where getting a cold snap week. It’s supposed to get down into the 60s.

Carl White (02:44)
With pleasure.

Well, we might touch 60

today and we’re all looking around going, feels great, but feels like it shouldn’t be this way. yeah.

Steven Schwartz (02:58)
Yeah, love it. Love it. Yeah. It’s

funny. Sometimes I talk to folks, you know, in February or March or something and parts farther north and they’re freezing and like, yeah, we were just out the beach. So got to rub it in just a little bit, but all good. But Carl today, let’s get on to our discussion. know, you’ve got a wealth of experience. You’ve helped clients for a bunch of years I love the growing up.

Carl White (03:10)
Yeah.

Yeah.

Steven Schwartz (03:23)
in the family owned farm, that’s great. We still have a few here in Vero Beach, Florida, know they still exist.

Carl White (03:24)
Yeah.

You can find them,

you can find them, but they’re not like it’s, yeah, not like it used to be.

Steven Schwartz (03:33)
Yeah, exactly. Well, let’s do this. topic of today’s discussion is specifically HIPAA compliance with relation to medical marketing. HIPAA compliance. So obviously, every doctor knows so much about HIPAA and probably drives them crazy, but we understand that we need to keep patient private information and medical details private.

Carl White (03:45)
Right.

Mm-hmm.

Steven Schwartz (04:00)
Everybody wants privacy. get that, but that’s a clinical level, right? We don’t want the world knowing that we have a, you know, what do call it? Ingrown toenail or whatever it might be. there’s a part of this that people, especially physicians managers don’t know about, which is the importance of making sure that your marketing of your business is also HIPAA compliant. So.

What I’d like to do is just kind of open the floor to you and can you give us some broad strokes with regards to this topic?

Carl White (04:29)
Yes.

Yeah. And I’ll just say that everything I’m about to say is based on our experience becoming HIPAA compliance per the standards. There’s no certification or anything. You just sort of meet the standards. We’re not attorneys. Everybody listening, if you don’t have a good healthcare attorney, you should have one.

the body of healthcare law. A lot of general business attorneys will say they can help you with that. Be careful, the body of healthcare law is big and different. just kind of have somebody that you trust ask around. But yeah, mean, what, you’re right. Every doctor, dentist, you name it, of course they’re aware of HIPAA.

Of course, they know that they’re supposed to protect, protect, you know, private health information. It’s just that it seems to be a nearly unanimous blind spot when it comes to marketing. And so if you are going to, you know, expose anybody to PHI, you have to do it in a HIPAA compliant way, no matter who it is, whether it’s your EMR, your delivery guy, you know, whatever, anybody in between. And you, the provider, are called the covered entity. And it’s really your job to make sure that you’re doing this.

And there’s a few boxes to check and some things to do. It’s really repetitive on what you have to do, depending on what type of marketing you’re doing. But yes, you have to be as HIPAA compliant with your marketing agency as you do with the clinical data that you share. I suppose the penalties could be different depending on how severe, but do you really care about that? You should just be HIPAA compliant. So yes.

Steven Schwartz (06:07)
Exactly.

Carl White (06:07)
And I,

you know, we, during COVID, I’ll say we had a few more minutes on our hand day to day, because the world kind of seized and stopped and things. And so I also, you know, I was aware of HIPAA, who isn’t, if you’re in this world.

But it became pretty clear to me, we’re not HIPAA compliant. We are introducing risk to ourselves, to our clients. So what does it take to fix that? And we just kind of went down the path and fixed that. So now we set up HIPAA compliant relationships with all of our clients. One client in the years that we’ve been doing this has been able to do it themselves. The rest have not. And so we knew, I knew that if we wanted to go forth and HIPAA comply away, which is the law,

it’s gonna be up to us to do it. And so we just took those steps and I can lay out kind of the broad principles of what that requires, but that’s kind of the background. So just, it’s a blind spot. just is, nobody thinks about it. Nobody denies it when you say it to them. Nobody argues with me. They just never thought about it before.

Steven Schwartz (07:09)
for the broad strokes. think that’s going to be an eye opener for a whole lot of people listening to this podcast. So as you mentioned, there are a few main points and main items you just referred to. Can you go through those now, please? So that people see what is he really talking about when the rubber hits the road here?

Carl White (07:16)
Yeah.

Yeah. Yeah. So,

so I’d say there’s two broad principles. The first one is I’ll call like, I guess the legal principle. There’s a legal document that you, the covered entity have to have signed with any and all.

third party providers, third party subcontractors, whatever that you’re going to share protected health information with. It’s called a business associate agreement, BAA. You can take one from the third party provider and sign theirs. You can go to a healthcare attorney or an association if you have a good one and get your own. I’d recommend you get your own because there are some terms and things that you can sort of tailor to your own needs. Whereas if

if

you take whatever is being given to you.

you should sign theirs and the terms are going to be a bit biased in their favor. so terms like, you know, God forbid data is breached, lost or stolen or whatever. Now you’re in a crisis. So who pays for what? How fast do they have to respond? You know, who’s responsible for what? There’s a lot that’s kind of codified that you’re responsible for this and I’m responsible for that. But, you might want somebody to respond fast. But if you’re a BAA, you don’t have one and they say can respond.

in 10 days, that may not be… These are the types of things. So it’s just, if you’re going to go into a contractual relationship with somebody, just make sure the terms are what you like. And really the only way to do that is have your own BAA that you can give to everybody. It’s just the same one you give to everybody, but they have to sign it. That’s the first thing. The second thing is that anybody that you’re going to subcontract with…

By signing your BAA, they are saying, we do everything right. And you just kind of have to trust that unless you want to audit them. But this is a really big important step. So it’s all the more point to make sure that it’s your BAA.

The other thing is, so now you want to start to look at what are the different types of, know, different, I’ll call it pieces of marketing that you’re doing. Here’s a couple of examples where protective health information could be shared with somebody else that just kind of always, you know, fills in this blind spot.

One example is on your website. So just about every website’s got a contact form. And in the contact form, put, you know, please give us your name, your email, your phone number. And I can find enough healthcare attorneys right there who say, if you give me your name and your phone number or your name in your email, you’ve got a little crumb of protected health information. You’re already in, I call it Hippoland. So you already need this, but most contact forms have this open-ended form, you know, field that says what’s on your mind. And a lot of people pour their clinical hearts out and now you’re really in Hippoland.

And so who can see that? The forms company could see it. Your website host can see it. Your marketing agency can see it. People on staff can see it if they have access and login access. So there’s one example.

Another pretty common example is doing email. So we do email for our clients, a number of clients, and again, name plus email address. I play it safe. And so I say, all right, that’s, you know, now we’re in HIPAA land. We use a service called Constant Contact. Constant Contact has a business associate agreement that I sign. And then when I sign my clients or they sign mine, there’s the unbroken HIPAA chain of trust. There are competitors to Constant Contact that don’t. And so this is an example.

of if I signed your BAA, I’m signing up that everything I use is also HIPAA compliant, and that I should have done those checks. But again, there’s a way that you can share information. Who can see the contact list in constant contact? Anybody who works in constant contact. So if they say they’re HIPAA compliant, then that’s the assurance that you have. Getting patient reviews. If you’re going to send texts or emails, there’s another example.

Paid ads online can really get wacky and wonky with HIPAA. If you’re gonna retarget, it’s a lot to explain, but if you’re gonna retarget people, if they check out a very specific disease state page that you have and then you retarget them with more, if other people see it, I can find healthcare attorneys and say, mm, I think that’s a problem. The bottom line is, to keep it simple.

anybody that you’re going to do kind of marketing work with, where you think they might, that entity, that third party might have some exposure to our patient’s names and even a little bit of contact information, we got to make sure what’s the harm in getting a BAA signed up with them, either theirs or yours. And then, God forbid, you know,

something gets breached or lost or stolen, or you get randomly audited. I mean, our goal with our clients is if you get audited, if something bad happens or you get audited, they get to the marketing file and they go, yeah, this all looks good. What’s next? Not part of the problem or part of the answer. I wanted to say one last thing on this because I just saw this. I heard this term for the first time last week. I asked somebody who we were networking like you and I are and.

I said, you know, are these people that you referred to, are they HIPAA compliant agencies? He says, well, they’re HIPAA insured. What does that mean? I asked. They said, well, they say they’ve got enough insurance. I said, well, they’re not HIPAA compliant because they don’t have the business associate agreement. There are examples of the Department of the Office of Inspector General and they, well, it’s them, of.

levying a fine in HIPAA simply because a business associate agreement was not in place. No data was lost or stolen. Nothing bad actually happened. But simply because that was not in place and that’s part of HIPAA law, they were found to be not HIPAA compliant. So if anybody’s been told, we have enough insurance for a HIPAA problem, your problem’s worse if something happens because who just told you that? Just they’re not HIPAA compliant. And that’s going to be part of the fines that you get.

if something bad happens because of that. So, HIPAA ensured that was a new one to me. Yeah.

Steven Schwartz (13:29)
Right. Yeah, I’ve never heard that phrase before. Thanks for

bringing it up. definitely the BAA is an item. have to dot that particular I and cross that particular T when you’re dealing with medical business clients.

Carl White (13:39)
Yeah.

And

one thing on that, so if you go to the Department of Health and Human Services website, I think if you were to Google business associate agreement, HHS or something similar, they have a template where they say, look, you can use this template. And the way the template works is they’ll have a paragraph or two of actual legal language. And then they’ll insert a note to you, the reader. You might want to tweak or tailor this this way or that way.

And so that is an option. would still say have an attorney look at it. That’s just why not. You know, I don’t know what I’m looking at. You wouldn’t know what you’re looking at. I had one client hand that to me as their BAA, but they forgot to remove all those bracketed. And so they just, yeah. So just have a look at it. It’s HHS trying to be helpful. I’ll say it’s probably pretty good. That’s a totally uninformed opinion. But nevertheless, there are some resources out there. Your professional association might have one.

Steven Schwartz (14:22)
Whoops.

Carl White (14:37)
that might be worthwhile checking out. Ask your friends, ask your colleagues, or find a you know, a good reasonable healthcare attorney.

Steven Schwartz (14:46)
appreciate you sharing that one that some of my colleagues have used for legal documents as crazy as it sounds is using some of the AI tools. example, chat GPT. again, before we continue, I’m not a lawyer either. So don’t take anything I say as legal advice at all. Please don’t. But the idea is that you could absolutely work with chat GPT. Here’s who I am.

Carl White (15:00)
Yeah.

Yeah. Yeah.

Steven Schwartz (15:10)
Here’s what my business is. I need a BAA agreement drafted XYZ. Give it the details. And then it’s drafted. You can revise it as much as you want. And then you take that document and share it with your attorney. Say, hey, attorney, this is what I was able to come up on my own with ChatGBT. Please look it over. Let me just pay you for a half an hour review as opposed to a five hour writing a document. And if he or she, your attorney says, yeah, this is good.

Carl White (15:22)
Wow, okay.

Mm-hmm.

Steven Schwartz (15:38)
I have no problems with this, then you’ve used the tools, saved yourself money and time, and still have a document that helps protect your agency or your medical practice, depending what side you’re on.

Carl White (15:47)
I suppose, yeah.

I have no, yeah. I was going to say that’s a bad idea until you said that last step about having an attorney finish the thing.

Steven Schwartz (15:58)
Exactly.

Yeah. If all you’re going to do is draft it and then sign it, then you have a problem, Yeah.

Carl White (16:04)
Yeah, you might want to ask an attorney just because not in this context. There are some attorneys I imagine who will do that and some who will say, look, I got to write it. I mean, I just have to I have to know what’s in there from the beginning, the logic and some won’t. So I don’t know. Maybe you’d want to sniff that out before you go down that path. But yeah.

Steven Schwartz (16:20)
I would agree. I

would agree. And definitely as the AI content writing tools are becoming more used in not just marketing agencies, but in lots of different businesses, other industries are starting to catch up and say, hmm, wait a second, instead of fighting against this, maybe there’s a way I can also use it to my benefit.

Carl White (16:31)
you know.

Yeah. Yeah. mean, having said that when I had mine

drawn up, I spent a couple of thousand bucks and then every couple of years I have her look it over anything new and any change, is nominal. So personal choice, you know, but, that’s interesting. The chat GPT route. Interesting.

Steven Schwartz (16:58)
Absolutely. I know I’ve used it a few times with that are less important, like a non-disclosure agreement or whatnot. It’s such boil or plate, problem. But then I definitely recommend have your lawyer look it over. It’s worth paying them for an hour of their time. Are there some other areas where marketing and HIPAA overlap that you haven’t mentioned already?

Carl White (17:04)
sure.

Okay.

Mm-hmm.

Yeah.

SEO can get interesting if you, and it really depends on what you track. So in certain tracking tools, Google Analytics is the one that you and I and everybody who does what we do know. You can track to quite the granular level.

sometimes down to the IP address. And once you get to that level, you start to get into this gray area of is that protected health information? Because I could backtrack all the way. so plus Google Analytics is not HIPAA compliant. There’s no business associate agreement. There’s something to say is if you have, so let’s just take Google as an example. Google, I forget the particular business inside Google that will.

it does offer a BAA. So you could say, well, I’m HIPAA compliant. You might think, therefore, I’m HIPAA compliant with the entirety of Google. No, no, are not. It’s another easy blind spot. who wouldn’t? would bet you 9 out of 10 would agree, I must be compliant. You’re not. You’re not. And Google Analytics is a

we’ll say a business inside Google that does not offer any kind of business associated agreement. They’re not HIPAA compliant. They’re not shy about saying so. so some of the value of search engine optimization is the granularity with which you can track things, but you can cross a line. So that’s another one.

Steven Schwartz (18:40)
I know a while back we had contacted all of our clients and basically said, look, if you have a contact form on your website, if you use Google Analytics or some other visitor tracking software a few other cases, you need to have a privacy policy on your website. And this is just a general privacy policy, not even specifically for HIPAA. We had used a third party vendor called Termageddon, which

Carl White (19:03)
Yeah.

Yep, I know that.

Steven Schwartz (19:10)
Yeah, what a wonderful company.

Carl White (19:10)
They’re good. They’re good. They have their whole world is knowing this super duper well. All the all the privacy rules and regulations state by state. my God. It’s a sadly at least the last time I talked to them, they said, yeah, we’re not touching HIPAA at least for now. It’s too much for us.

Steven Schwartz (19:17)
Yes.

Right. My guess is at some point they’re going to have to bite that particular bullet and jump into that space. But for our audience who know about this, it comes to privacy policies for a website, the laws that govern policy are somewhat different for every state in our 50 states here in America. And so there could be laws

Carl White (19:31)
I think that’s right, yeah.

Thank you.

Steven Schwartz (19:52)
here in Florida, where I am, which are different from where you are in Chicago, Illinois, and most certainly different from what’s in California or New York, some of these other states. what Termigaden does is you can sign up for a very affordable privacy policy. I think it’s $100 a year or something for the license. And with that, you fill out a huge questionnaire about how

Carl White (19:59)
Okay.

Mm-hmm.

Steven Schwartz (20:18)
how you do business and what information is captured and what software do you use and blah, blah, blah. It’s all this stuff. And then you hit the go button at the bottom and it generates a privacy policy that based on their system covers you as best as possible. And again, you want to have your attorney look at it for, all the 50 States in our country. what’s furthermore awesome about this particular product that

Carl White (20:36)
It’s impressive. It’s impressive.

Steven Schwartz (20:47)
As the laws change, let’s say Idaho or I don’t know, Hawaii or whatever, as the laws change, Termigaden’s program changes. It might ask you a few additional questions. You answer those. You hit the go button. Your privacy policy is then automatically updated. And if you have your privacy policy embedded on your website, you don’t need to re-embed it. It simply changes based on the software and it’s literally updated.

I’m not making any money talking about Termigade and it’s a great a great system definitely worth looking into. Like anything, have your attorney look at the documents that it’s drafted, but definitely better than nothing.

Carl White (21:23)
Yeah.

Yeah. And you know, I mean,

with that and with HIPAA, nobody’s ever said what I’m about to say to me, but sometimes you feel it. the feeling is in so many words, I don’t need to do that, or do I really have to do that? Sounds expensive, you know? And the rest of that thought, which is unstated is, and is this really going to happen to me? And my reaction is this, what’s probably not?

Right? Probably not. The odds of anybody getting audited or whacked or losing data or getting questioned on their privacy policy or whatever is probably pretty small. However, at least with HIPAA, if you do get audited and you do have a problem or if you do lose data, it’s going to be painful. It’s just, you know, not only is it going to be painful because the penalties are painful, but the disruption is painful. You pretty much have to stop your practice and deal with them.

If you lose even a modest amount of patient data or a number of patients, you have to tell all of your patients, try recovering from this. And so the disruption, the reputation, the fines, why would you want to, I view it like insurance. I hope to God I never use any of the insurance policies that I buy, but I buy them.

And I’ll take disability insurance. I have a disability insurance policy. I’m not hoping that I fall off my roof and make a claim just so I can feel like I got my money’s worth on the premium. Of course not. But if something bad happens and it would be bad like this, a HIPAA violation, they do not give you a light little wrap on your knuckles. They are there to make an example, and they are there to take it seriously. And that means pain for you.

look out, so you should do these things. They don’t have to cost a lot. Termigaden, you’re right, I went through it once. And after you’re done answering that initial questionnaire, which takes some time, it is smooth sailing after that. It’s like the updates, it’s all behind the scenes, and it’s awesome. And yes, it costs a little bit. And yes, you probably will never be challenged in your privacy policy, but God forbid you are. You’re not going to know what to do. Nobody else is going to know what to do. And so just do it.

Steven Schwartz (23:45)
Agreed.

know, Carl, it’s funny how you explain situation with regards to privacy policy or HIPAA. In the last 25 plus years that I’ve run a web design and digital marketing agency, I said the exact same story, but along the lines of ADA compliant websites. So for our listeners, what are you talking about? The idea that is your business website

Carl White (24:07)
There’s another one. Yeah.

Steven Schwartz (24:15)
usable and accessible to people with disabilities. For example, if they’re blind or if they’re deaf or if they’re color blind or have some other issues with strobe or flashing light sensitivity, can your website be used by people who have these type of medical disabilities? unfortunately, are

people out there who will team up with an attorney and test websites to see if they are accessible by a blind user or a deaf user. And if they’re not, they’ll literally a rubber stamped letter demanding that the business pay a huge amount of money to settle out of court or they’re going to sue you.

Carl White (24:58)
and they’re right and it sucks, but it’s a hell of a business model. You know, and you can scream about it all you want, but you’re going to lose.

Steven Schwartz (25:02)
And it’s the whole thing.

Yeah, exactly. had done a website ages ago for a hotel in Miami, South Beach, and they were sued by somebody that their website was not ADA compliant. And the business owner fought it. They got a lawyer. They spent lots and lots of money and time and effort and stress and fought it in court. And guess what happened? They lost. They lost. And what happened is the judge basically said, OK,

Carl White (25:17)
Mm-hmm.

Steven Schwartz (25:35)
You need to have a website that’s ADA compliant for blind and deaf users. You’ve got until December 31st, which was a couple of months away at the time. And if you don’t do it, you’re going to be found in contempt of court. And so the started furiously trying to find design agencies that could help make a website ADA compliant. They found my company and…

For couple thousand dollars in three weeks of time, we created a brand new website that was ADA compliant, got it up and running, and that was that.

Carl White (26:06)
Do you

think that guy ever realized I could have done that six months ago without all the legal headaches and everything else and just.

Steven Schwartz (26:11)
Well, yeah, exactly. And that’s the point I was about to make is that

he ended up spending over $40,000 fighting it in court with legal bills. That’s not to mention the amount of time and personal stress and just that kind of stuff is just awful eating at your heart, mind and your thoughts. yeah, so instead of instead of being proactive and spending a couple thousand dollars for us to redo the website, instead

Carl White (26:30)
Yeah.

Steven Schwartz (26:38)
got busted for it, had to go through court, lost, and then $40,000. so this, making sure your website, your marketing and whatnot is all HIPAA compliant with effective covering of privacy policies and whatnot. And as long as I’m saying it, make sure it’s ADA compliant too while you’re at it. these things proactively. the reason I would say that is if

Somebody is a predatory attorney literally just looking for businesses to threaten as a way of getting a settlement, making some easy money. want to make it your business, your medical practice for them to fool with. In other words, they’ll see it and they’ll say, they’re ADA compliant. Yeah, they’ve got a privacy policy. Yeah, I see a statement on HIPAA privacy for this website.

Carl White (27:17)
Mm-hmm. Repelling. Repelling.

Steven Schwartz (27:28)
Let’s move on and go bug somebody else. And so that’s that’s my advice again as a digital marketing not as a lawyer, but I think Carl and you and I are both in agreement on this topic.

Carl White (27:29)
Move on, yep, not from the ground, yeah.

Yeah, know, places where you can start. I mentioned health care attorney a few times. There are also some standalone companies out there. Compliance Group is one of them where it’s sort of like, I’ll say subscription based. And that’s not the best way to say it. But you sign under their service. They do a full audit of everything. They can probably get you set up with BAAs as well. And then

You’re on a monthly subscription basis to stay up. As new people come in, they need to be trained. As an example, it’s not really a one and done thing. As you’re bringing new in, and you can stay with it as long as you want. That’s another way. If you do a

If you use outsourced IT management, they’re typically, and they’re really health care focused, or they have enough health care, they should be very versed in security. And they may have some places to get started. The reason I say this is, if you’re thinking, if we’ve caught your attention, you’re like, my god, I don’t even know where to begin. Ask around for a health care attorney. Get started there. And to say, we don’t think we’re HIPAA compliant. We want to get there. And they should be able to help you get started.

you’ll, it doesn’t have to be this beast of a thing that just seems like this impossible amount to climb. Because once you’ve got it done and you kind of get versed in it, it’s pretty intuitive, I think. It’s very repetitive. Who’s getting protected health information? Just being sort of, know, eyes wide open about it. Okay, they’ve got to sign our business associate agreement. And, you know, and then there’s the question of what if you’re doing business with somebody and they’re not, and they won’t sign it? What do you do?

I’ll advise you to switch. I really will because again, what are the odds something bad happens? Probably pretty small. How painful is it going to be if it does? A lot. And so you make that choice. personally don’t, I don’t like pain, however remote it might be. And so, and then I have to break the bank. So I would say, you know, get in front of it, be planful while things are good and things are quiet and you should be fine.

Steven Schwartz (29:47)
I love it. And I completely agree. know my wife me a hard time saying that we’re more insured than we really need to be, but I’m definitely pain averse as well. I think I have two or maybe three disability policies. I hear you on that topic. So awesome. As we’re wrapping up here, Carl, this has been great. Do you have any final nuggets that you’d like to share with our audience on the topic of protections?

Carl White (29:59)
You know?

Yeah. Yeah.

Steven Schwartz (30:15)
generally or marketing specific, anything you want to share finally.

Carl White (30:21)
I mean, I can make a, if I could just do a bit of a plug, if that’s okay. We’ve got some resources on our website, markadvisorygroup.com. I know it’s about full, but it’s just how it sounds. We’ve got a HIPAA marketing assessment. It’s a questionnaire. It’s maybe a dozen questions. It kind of follows what we’ve been talking about, but it’ll go through areas that we know through our own experience, HIPAA and marketing overlap. And so you can answer these questions and start to get a sense.

Steven Schwartz (30:24)
Yeah, totally. Of course.

Carl White (30:48)
Are we HIPAA compliant? Are we not? We’re not sure. And then you should do something about it if you’re not sure or if the answer is no, which we’ve kind of gone through about what to do. The other thing we’ve got close to that on our website is a series of modules about what does HIPAA compliant look like for email, for website, for this, for that, just so you can start to get a sense of what does it mean to be this way. So you could just be smarter about it as you go tackle the problem. They’re all free.

Yeah, I was just trying to be helpful out there because I can’t be the only one who went, my god, this is, you know, what a blind spot this is. So let’s see how we can help. Get rid of the blind.

Steven Schwartz (31:28)
I’m grateful that you

share these resources this podcast. We want to offer tons and tons of free, valuable information an effort to help and DPC physicians succeed, and in this case, be protected as much as possible against blind spots. thank you for sharing that information. I’m sure our listeners will go check that out and hopefully educate themselves better on the topic and certainly

Carl White (31:34)
Yeah.

Mm-hmm.

Yes, sir.

Yeah.

Steven Schwartz (31:54)
If they have questions specifically, they can reach out to you and have a consultation and see if you can help answer their questions or assist them in any way. In nature of offering valuable information, created a book called The Definitive Guide to Winning with Digital Marketing for Concierge Medical Practices. This is a book that’s over 100 pages with tons and tons of actionable

Carl White (32:02)
Yes.

Hmm.

Steven Schwartz (32:20)
and guidance and options for helping practices and DPC businesses get a full panel and how to nurture their existing panel and help their businesses grow. Even transitioning patients from a traditional insurance-based practice over to a concierge arrangement. So this book is absolutely free, no strings attached. If you’d like a copy, please just visit conciergemd.marketing.

Carl White (32:36)
Mm-hmm.

Steven Schwartz (32:47)
conciergeMD.marketing. Scroll down the page so you see a picture of the book and literally just put in your email address, click the submit button, it’s orange, system will send you a link where you can click and download the PDF to your computer, read it, enjoy it with my compliments. Obviously, if you have any questions, situations, things that you need to speak about, I’m happy to take those calls and chat with you. My direct phone number is 772.

Carl White (33:00)
Mm-hmm.

Steven Schwartz (33:13)
304-2420. Feel free to utilize that and we’ll help you get as much information as you need to succeed in your business. Carl White, thank you so much for taking the time to be my guest today on the Concierge Medical Marketing Podcast. And for all of our listeners, guys, we hope you grow and succeed and achieve your business goals and help a lot of people out there. Have a great day and thanks for being here along with us on this journey.

Carl White (33:38)
Thank you.