HIPAA Compliant Patient CRM

You need a HIPAA Compliant Patient CRM to be serious about medical marketing. There are no two ways about this. You cannot depend on your EMR for managing patient relationships – our call center, revenue cycle management center, marketing teams have tried in the past and failed. EMRs were created to move patient data away from paper copies to software – they were never built to be used for patient engagement, acquisition, retention, relationship management etc.

CRM with EMR connection or without?

We believe that something is better than nothing at all. Here are the options to choose from, in descending order of preference / productivity gains

  1. HIPAA compliant patient CRM that is connected to your EMR via HL7 integration.
  2. Patient CRM that is connected to your EMR via APIs integration.
  3. HIPAA CRM that has data synchronized (manually) with your EMR via CSV files.

What you need from a patient CRM

Most other industries operate using CRMs because they have a business to business (B2B) sales dynamic. Typically, in other industries, a CRM operates on terminologies like account, contact, deal, service ticket etc.

Most B2B CRMs are used primarily by marketing and sales team. Sometimes, the services desk/support personal also end up using the CRM, but they live in an entirely different silo.

In healthcare, those terminologies don’t really fit easily. What healthcare needs, is usually available in business to consumer focused CRMs. 

And as is the case, most CRMs are not HIPAA compliant.

B2C CRMs can be customized to meet your medical CRM needs but too much customization needs to go into it, for those CRMs to work.

In healthcare, you need a few things

  • Practice locations
  • Practice providers
  • Practice services
  • Practice visit types 
  • Patients demographics
  • Patient insurances 
  • Patient clinicals 
  • Patient documents
  • Appointments
  • Encounters
  • Diagnosis codes
  • Referring practices
  • Referring providers

When do you need a HIPAA compliant patient CRM

Simply put – if you are investing time and money into marketing, you need a patient CRM (and possibly a provider CRM as well). 

If you are investing time and money via paid campaigns / PPC, or SEO (search engine optimization), physician referrals via physician liaisons, physician referrals via faxes or phone calls, community marketing via cold calls or postcards, print and media advertising (newspapers, radio, TV).

Healthcare is a high volume business. As long as the current reimbursement model of fee for service exists, it will remain a high volume business.

Even when the transition to value based care and value based payments happens, episodic care volumes will need to transition to preventative care transactional volumes.

We’ve written about the need for a centralized call center and how to use a healthcare call center software before. 

A healthcare call center cannot operate at maximum productivity without being tied directly and deeply into a HIPAA compliant patient CRM. 

We’ve also written about using your EMR to generate more patient appointments. That’s also VERY difficult to do without a patient CRM.

Healthcare marketing involves phone calls, SMS, faxes – we have written about using proper tools for that because, again, this is a high volume business. It will be really difficult for you to proceed with using a SMS Texting tool or a FAXING tool or a call center software. It becomes a nightmare without these tools.


You need to be able to define various campaigns that your team would be running. You could start with basic campaigns like no-shows, reactivations, no-encounters etc. We have written about these campaigns here.


You should have the ability to create as many campaigns as you want – however, we recommend you start slow, learn how to report and analyze the data, then you can scale up your marketing.


You can create as many campaigns as you want, but your patient CRM should stop you from adding the same patient in multiple campaigns (to avoid unnecessary embarrassing calls to patients).


You should also be able to enabled and disable a campaign at any point.


Patients list

Scrolling through patients in an EMR is not easy to do and it is not conducive to heavy volume calling. Your CRM should give you all the information you have in the EMR on patients. Each piece of patient information is needed for various campaigns that could be run.

Here are a few examples of how patient demographics data helps you with marketing campaigns.

Patients demographics – this allows you to run campaigns based on patient gender, age, location

Patient insurances – this allows you to run marketing campaigns based on patient insurance payers.

Patient clinicals – this allows you to run many patient marketing campaigns based on their vitals, history of present illness, allergies etc.

Patient documents – based on patient consent documents signed (or missing), you can run several ad-hoc of planned campaigns on patients.

Patient referring physician and PCP information – based on this, you can run really tight referring partner campaigns.


When an agent is connected with a patient, it is VERY important to be able to see complete patient details as this is CRUCIAL during a conversation with the patient.

Appointments and encounters list

You are going to run quite a few campaigns based on appointments and also on encounters, so this is a must have feature. You need to be able to slice and dice appointments information and save the filters you used to slice your data.

Examples of appointment related campaigns you can run

  1. No show campaigns – wherein your agents can call patients that were a no-show
  2. Appointment reminder campaigns – where your agents can call and SMS patients that have upcoming appointments.
  3. Recall campaigns – wherein your agents can call patients that have fallen out of care for more than (e.g.) 6 months.
  4. Cancellation campaigns – if timed correctly, your agents can succeed in re-appointing patients with cancellations
  5. Appointment waitlist – this is not a regular campaign but as appointments get cancelled at the last minute, you can run these campaigns to fill open appointment slots
  6. Satisfaction survey campaigns – typically, you would create and run a campaign that sends out appointment reminders just after a patient checks out of their visit. This is even more important when you want to run CAHPS style surveys.
  7. Patient reviews campaigns – sometimes we run patient satisfaction survey campaigns, but we always have an ongoing campaign for requesting patient reviews.

These are just examples of some marketing campaigns you can run based on patients’ appointments. 

Patient clinical and diagnosis information

Patient clinical data, if used properly while keeping HIPAA and PHI in mind can lead you a very profitable way to attracting, retaining and nurturing new patients.

A healthcare CRM (patient CRM, not a provider CRM) can help you achieve that.

Your patient CRM should allow you to connect your patients’ clinical data into the CRM itself. This will then allow you to slice and dice patients with certain diagnosis codes (DX codes). Based on the HCPCS or the CPT codes that are part of your patient’s encounters, you should consult with your providers with regards to their propensity towards next steps.

As examples, you want to market to patients that are surgical candidates. Are you looking for any underlying or historical conditions that make the patient more vulnerable to eye complications or can a combination of chronic conditions be considered? Using your patient CRM, you can figure out all the patients with diabetes, metabolic syndrome, glaucoma, uveitis.. (in general, the more the DX codes, the higher the chances are of them being a surgical candidate)

Or, you might be looking at a patient that comes in for an appointment with an eye problem, what would be the diagnosis which could make him/her a good surgical candidate without any established history of eye illness? Using the patient CRM enriched with clinical data, you can dissect all patients with Cataract, glaucoma, pterygium, diabetes. 99% of surgery cases in ophthalmology comes from these DX codes.

You could also look at the ethnicity of the patients and dissect based on the age groups of patients. E.g. patients older than 65, patients that fit into a certain social determinant of health segment based on their employment, place of stay / neighborhood, food habits etc – these patients are more likely to have cataracts and therefore need surgery.

Patients with proliferative diabetic retinopathy and diabetic macular edema, exudative age related macular degeneration, branch or central retinal vein occlusion, choroidal neovascularization are definitely candidates for surgery as well.

If you are looking at social habits – smoking is definitely an indicator of various health risks. Body Mass Index / BMI is another indicator that will allow you to run various health related campaigns.If you are a primary care practice group, you need to run well visit campaigns and HEDIS related campaigns on patients that meet certain criteria. Those are very well documented on almost every payer site (e.g. here).

Data in healthcare marketing

You simply cannot compete nor market effectively unless you have the right amount of patient data in your patient CRM. It is crucial for your marketing team to understand patient data and be able to slice and dice patient data to execute various marketing campaigns.