The Ultimate Ophthalmic Marketing Guide

Chapter 10: Physician Marketing - Legal & Compliance Considerations

legal scales plus 7R

Chapter 10: Physician Marketing - Legal & Compliance Considerations

Allison Shuren & Nikki Leon, Arnold & Porter Kaye Scholer LLP

Legal Overview

[Ed. Note: Federal and state laws and regulations are dynamic. While most of the information in this chapter still holds true, it has not been updated since our first edition, so be sure to confer with your legal counsel if you are unsure prior to launching a new marketing campaign.]

If you are a creative person, the possibilities for marketing your practice can be very exciting. There are many ways to spread the word about your services—through radio, television, print advertisements, professional websites, and even social media. You may also be hoping to engage directly with your community, promoting your practice not only through ads, but also via public events, face-to-face interaction with other medical providers and suppliers, charitable activities, online promotion (through patient surveys, reviews, or public tweets), and other means of engaging patients or community partners.

As a physician, or as a physician practice, you have more to consider than the average service provider. The legal standards that apply to your marketing activities are multiplied: your advertising or marketing is subject to consumer protection laws (as would be the case for anyone engaged in advertising or marketing) and your activity is also governed by state and federal laws that relate to patient privacy, fraud and abuse, and the professional practice of medicine. We have seen firsthand, through our experience representing physician practices, just how severe the risks can be. Violations of these laws can result in criminal charges, hefty civil penalties, heightened risk of private litigation, and permanent exclusion from participation in federal healthcare programs.

Not to worry. While we can’t give you specific legal advice about your current approach to marketing, this chapter will equip you with important tools: in reading this, you will learn what laws apply to marketing a physician practice and how to recognize some common pitfalls. If this overview feels overwhelming, focus on these key principles:

Be honest and complete.

  • Don’t make any communication that’s false or misleading. This includes messages, writings, pictures, audio, video, online content or any other form of advertising or marketing.
  • Don’t omit information about risks or alternatives when talking about treatments and procedures.

Don’t manipulate.

  • Consider whether what you are saying or showing will have a significant influence on whether a patient will decide to undergo a procedure and whether it is supported by objective fact.
  • Don’t exploit patient emotion or anxiety.
  • Don’t promote unjustified expectations for the outcomes of treatments and procedures.

Avoid sticky situations.

  • If you are thinking about marketing that involves “incentives” for patients, or for a potential referral source, think again and seek legal advice.

Be professional.

  • Particularly with social media use, basic tenets of good conduct apply, as do the essential principles of candor, patient privacy, and physician integrity.

This chapter can’t possibly cover every question, but the best rule of thumb is to seek advice from an attorney who has significant experience with the legal issues we discuss in this chapter. At the very least, reading our overview will make you a better consumer when you go looking for legal counsel.

I. The FTC Act and State Consumer Protection Laws

Let’s start with the basics. As a person engaged in marketing or advertising, you are subject to consumer protection laws. The major federal consumer protection law you should know about is the Federal Trade Commission Act (“FTC Act”). States also have their own consumer protection laws that may apply to you depending on where you practice. As you will see, these laws deal with what you can say about your services and how you can say it:

A. FTC Act

The FTC Act is a federal law that prohibits “unfair” or “deceptive” advertising in any medium.[1] The law can be applied to any form of physician advertising. It is enforced by the Federal Trade Commission (FTC), a federal government agency. Although the FTC Act is not a criminal law (i.e. it doesn’t provide for criminal conviction, jail time, or criminal penalties), the FTC can still pursue an injunction (an order preventing the illegal advertising or marketing), and monetary penalties.[2]

Under the FTC act, an advertisement is “deceptive” if it is likely to mislead a consumer under the circumstances and if it is “material,” that is, important to the person’s decision to buy or use the product or service. An advertisement is “unfair” if it causes or is likely to cause substantial consumer injury that a consumer could not reasonably avoid, and is not outweighed by the benefit to the consumer. The law also requires that claims be “substantiated.” This means there must be a “reasonable basis” for the claim. What a “reasonable basis” means depends on the nature of the claim.[3]

Advertising by physicians is allowed so long as it is not false, deceptive, or misleading. You are responsible under the FTC Act for any claims that are reasonably implied from your statements. Thus, even if your advertisement doesn’t contain an outright falsity, it may still violate the FTC act if it creates unjustified expectations about you or your services. Unlike the laws in some states, Federal law does not prohibit patient testimonials, but testimonials are subject to the same standard (cannot be unfair or deceptive) as any other advertising.

B. State Consumer Protection Laws

States have consumer protection laws that are very similar to the federal FTC Act. That is, they are designed to protect consumers against unfair and deceptive (or “false and misleading”) advertising. In Florida, for example, the state law is modeled directly on the FTC Act and directs state courts to give great weight to FTC and federal court decisions under the FTC Act when applying state law.[4] Most states allow private citizens to bring a lawsuit directly against people or businesses who commit deceptive or unfair trade practices within the state.[5] Although these laws are not always worded in a way that directly references physicians, a number of courts have held that state consumer protection laws apply to physician practices.

Some examples of marketing strategies that could be subject to state consumer protection laws might include:

  • A surgeon represents he will perform a certain procedure but then substitutes a different, more expensive procedure without the patient’s informed consent. [6]
  • A physician group falsely represents they are specialists in a procedure and are competent to administer the procedure.[7]
  • A physician unjustifiably represents a specific result to a patient.[8]

II. AMA Ethics Opinions, AAO, FSMB and State Boards

Major medical societies, including the American Medical Association (AMA) and the American Academy of Ophthalmology (AAO), have provided guidance about physician marketing and advertising. These publications are not binding (in fact, the AMA once tried to regulate physician marketing more actively, but the FTC sued it for violating antitrust laws[9]). That said, following AMA, AAO and other guidelines is well-advised. Their publications give in-depth analysis that applies specifically to physicians (and in the case of AAO, to ophthalmologists). Following these recommendations may also help you stay compliant with respect to other laws, as the guidance touches on several important general principles (such as those against misleading advertising).

A. American Medical Association (AMA)

The AMA Code of Medical Ethics contains Section 9.6: “Physician Promotion & Marketing Practices.”[10] This section provides relevant guidance on advertising and publicity, patient incentives, and physician self-referral. Section 9.6 also provides guidance relating to gifts from industry, sale of products (health related or non-health related), issues related to prescribing and dispensing drugs and devices, direct-to-consumer advertising, and direct-to-consumer diagnostic imaging tests.

Here is a quick summary of the AMA guidance on the most relevant topics:

Advertising and Publicity:[11]

  • The “key issue” is whether advertising or publicity is “true and not materially misleading.”
  • Physicians can advertise in any medium, “provided that the communication shall not be misleading because of the omission of necessary material information, shall not contain any false or misleading statement, or shall not otherwise operate to deceive.”
  • AMA recommends using easy to understand materials because the public can “sometimes be deceived” by complex medical terms or illustrations.
  • Avoid “aggressive, high pressure” approaches “if they create unjustified medical expectations or are accompanied by deceptive claims.”
  • Communications may include: (1) your educational background, (2) the basis on which fees are determined (including charges for specific services), (3) available credit or other payment methods, and (4) any other non-deceptive information
  • Testimonials from patients may be “risky” if they do not reflect results that other patients with a comparable condition would generally receive.
  • Likewise, statements that a physician has a “truly exclusive or unique skill or remedy” are unlikely to be true (unless they are limited to a particular geographic area) and should be avoided.
  • Avoid statements that a physician has cured or treated a high number of patients if it “implies a certainty of result that creates unjustified and misleading expectations.”
  • Claims should be factually supportable (or representative of patients’ experience, for general statements) and should have a “reasonable basis” (based on facts you know, or that a reasonable, prudent advertiser should have discovered).
  • A best practice is to use your name in advertising.

Incentives to Patients for Referrals:[12]

This AMA guidance could be relevant if you are thinking of encouraging your patients to recommend you to their friends and families or to provide online reviews or your practice. You should also consider these points if you are considering any promotional activities that involve “freebies” or discounts:

  • “[T]o be ethically appropriate, word-of-mouth referrals must be voluntary on the part of current patients and should reflect honestly on the practice.”
  • “Physicians must not offer financial incentives to current patients in exchange for recruitment of other patients.”

Physician Self-Referral:[13]

  • “[P]hysicians should not refer patients to a health care facility that is outside their office practice and at which they do not directly provide care or services when they have a financial interest in that facility.”
  • Your duty to your patient could come before any ownership or investment interests and any other contractual relationships.

B. American Academy of Ophthalmology (AAO)

The AAO has issued Rule 13, on communications to the public. This is what the complete rule says (we have highlighted important parts):

Communications to the public must be accurate. They must not convey false, untrue, deceptive, or misleading information through statements, testimonials, photographs, graphics or other means. They must not omit material information without which the communications would be deceptive. Communications must not appeal to an individual's anxiety in an excessive or unfair way; and they must not create unjustified expectations of results. If communications refer to benefits or other attributes of ophthalmic procedures that involve significant risks, realistic assessments of their safety and efficacy must also be included, as well as the availability of alternatives and, where necessary to avoid deception, descriptions and/or assessments of the benefits or other attributes of those alternatives. Communications must not misrepresent an ophthalmologist's credentials, training, experience or ability, and must not contain material claims of superiority that cannot be substantiated. If a communication results from payment by an ophthalmologist, this must be disclosed unless the nature, format or medium makes it apparent.[14]

The AAO has issued an advisory opinion explaining the rule, which you should read on its website (check out the footnote below).[15] The issues addressed in the opinion include: (1) what modes of communication to the public are addressed by the Code of Ethics, (2) how is it determined whether communications are objectionable under the Code, and (3) to what degree must adverse information (e.g., risk) be disclosed in a communication to the public.

The basic ideas expressed under the opinion include:

  • Don’t be misleading. And don’t omit material or present it in a way that could prevent a patient’s truly informed choice.
  • The rule applies to statements as well as to “ancillary communications” like photos.
  • Consider whether the statement would be “material,” that is, likely to be of actual significance to the patient in deciding whether or not to obtain a service.
  • The ethics rule can apply even if your action wasn’t intentional.

The guidance also gives some examples of what is okay and not okay, including:

  • OKAY: a statement that invites the reader to consider “rationally” whether a service is needed, such as “If you are over 65 and haven’t been to an ophthalmologist in three years, maybe you should see Dr. T.”
  • NOT OKAY: unqualified or inflated predictions, or unsubstantiated claims that could be material. For example, “one of the nation’s best eye surgeons” is typically not something you could substantiate, “unless this accolade was granted by a verifiable, independent source that applies relevant and meaningful criteria that have been made public.”
  • NOT OKAY: A brochure suggesting an 82 year old woman’s life was transformed, juxtaposing a sad black and white picture of her staring off into space with a colorful photograph of her gardening. The brochure described impermissibly raises fear of blindness and attempts to manipulate patients’ anxieties.
  • NOT OKAY: an edited TV interview that omits important risks and alternatives. AAO recommends not granting such an interview if you cannot get assurance the program will not be edited in a misleading way.

C. The Federation of State Medical Boards (FSMB)

FSMB also provides guidance for state medical boards on the topics of physician advertising and social media use. The advertising guidance is similar to the AMA standard, cautioning against any advertising claims that are intentionally false or misleading. The social media guidance encourages professionalism on social media (including cautioning physicians against personal networking with current and former patients online), preservation of patient privacy. Remember that FSMB guidance, like the guidance published by AMA and AAO does not carry the force of law, but it outlines good rules to abide by when marketing your practice.[16]

Check the website of your state’s medical board to see if there are specific rules or guidelines that could apply to your practice. Unlike AMA and other professional associations, state medical boards DO have the authority to sanction physicians for advertising as well as social media use. This is because they are given authority under state law to regulate licensure and the practice of medicine. Thus, it is a good idea to see what rules and state board advisory opinions or comments may apply.

III. State Professional Codes

Please refer to your legal counsel regarding state professional codes, specifically as it relates to patient testimonials, claims about surgical results, and promotions and gifts which may be considered inducements for surgery.

IV. HIPAA, HITECH and Other State Laws on Privacy

HIPAA was passed in 2009 to implement health standards relating to privacy, security, national identifiers, and transaction and code set standards.[19] HIPAA’s provisions were further strengthened by the HITECH act, which expanded the scope of HIPAA and the businesses to which HIPAA applies.[20]

Who needs to comply with HIPAA? The law applies to both “Covered Entities” and “Business Associates.” Under HIPAA (45 C.F.R. § 160.103), covered entities are health plans, health care clearinghouses, and providers transmitting any electronic health information in connection with a HIPAA-covered transaction. Business Associates are those who provide services to Covered Entities and as a necessary part of providing that service or function, necessarily must have access to Protected Health Information (for example, your third party billing company is a Business Associate under HIPAA). Protected Health Information (“PHI”) means individually identifiable health information handled by a Covered Entity or Business Associate.

The Department of Health and Human Services (HHS) issues rules regarding the interpretation and enforcement of HIPAA. The HHS Office of Civil Rights (OCR) enforces the “Privacy Rule” -- a major set of regulations issued by HHS that implement HIPAA with regards to patient data and privacy -- while CMS has been designated to enforce other HIPAA administrative simplification provisions.[21] Since the HITECH Act updated HIPAA in 2009, State Attorneys General have been authorized to sue HIPAA violators on behalf of the residents of their state.[22] Penalties for violating HIPAA may include both civil and criminal penalties, and findings of a HIPAA violation may serve as the basis for state law tort, negligence, or other liability.[23]

While HIPAA applies to a wide range of activities, the Privacy Rule is most relevant for physician marketing. The Privacy Rule requires, among other administrative standards, appropriate and reasonable “administrative, technical, and physical safeguards” to protect the privacy of protected health information from any intentional or unintentional use or disclosure.”[24] The Privacy Rule could potentially be implicated in public communications with patients (if there is a risk these could involve PHI), use of patient testimonials, or targeted outreach to your practice’s patients.

The Privacy Rule dictates when Covered Entities are required to disclose, and when physicians may disclose, PHI. Physicians, as Covered Entities, must disclose PHI at the request of the individual (or their representative) or when requested by HHS for the purposes of investigation or enforcement. Physicians may disclose PHI without additional authorization: to the individual; to the parent of a minor, unless the minor (1) is the one who consents to care and parental consent is not legally required, (2) a court has directed that the minor obtain care, and (3) the parent agrees the minor may have a confidential relationship with the health care provider;[25] for treatment, payment, and health care operations purposes; in certain other situations where the individual is provided opportunity to object; when disclosure is incidental to otherwise permitted use and disclosure; for public interest and benefit activities (for example, to avert an imminent threat to public safety); and in limited data sets for research, public health, or health care operation purposes.[26]

The Privacy Rule defines “marketing” as making “a communication about a product or service that encourages recipients of the communication to purchase or use the product or service.”[27] In general, HIPAA requires that the Covered Entity obtain authorization from the individual for this kind of communication to occur. However, two types of interactions are explicitly defined as not marketing under HIPAA: a face-to-face communication made by a covered entity to an individual; or a promotional gift of nominal value provided by the covered entity.[28] Examples of “nominal value” gifts that would not require the provider to seek authorization include pens, note-pads, and cups embossed with a logo.[29] The face-to-face exception also allows physicians to leave general circulation materials for patient pick up during office visits.[30] Physicians may also give patients free pharmaceutical samples without needing to receive authorization under HIPAA.[31] It is important to remember that other state and federal laws still apply, however—for example, such gifts should not be provided for the purpose of generating referrals (see our discussion of Fraud and Abuse laws).

If the marketing involves “remuneration” from a third party, this must be disclosed to the individual.[32] Remuneration means direct or indirect payment, other than payment for treatment of an individual, that is made from or on behalf of a third party whose product or services is being described.[33] However, if there is no “remuneration” involved, the following activities are also not considered marketing: (1) refill reminders; (2) case management or care coordination communications; and (3) communications describing the product or service (or payments for the product or service) that a Covered Entity (i.e. you, as a physician or physician practice) provide.

What are some examples of how providers have gone wrong under HIPAA? One example comes from a recent settlement announcement by HHS. Under the settlement, the Covered Entity, Complete P.T., Pool & Land Physical Therapy, Inc. paid $25,000 and submitted to a corrective action plan in order to resolve allegations that it had impermissibly disclosed PHI of numerous individuals when it posted online patient testimonials, including full face images and full names, without obtaining authorizations under HIPAA from the patients. OCR found that Complete P.T.: “failed to reasonably safeguard PHI; impermissibly disclosed PHI without authorization; and failed to implement policies and procedures with respect to PHI that were designed to comply with HIPAA’s requirements with regard to authorization.”[34] In addition to the settlement payment, the Corrective Action Plan included implementation of new compliance protocols, mandatory training for the provider’s workforce, implementation of investigation protocols for noncompliance, overhaul of the provider’s website, and reporting and attestation requirements.[35] The Complete PT settlement involved a sum that would not be insignificant for a small practice. In fact, we know of many other HIPAA related settlements involving physicians or other providers that have been subject to settlements of much higher amounts, sometimes even in the hundreds of thousands.[36]

Beyond all of these HIPAA considerations, you should remember that many states have their own laws about patient privacy and protected information, and these could apply in addition to HIPAA requirements. It is a good idea to learn about the law in your state by consulting experienced local counsel.

There are several good practices you can employ in your marketing strategy with regard to HIPAA compliance, patient privacy, and state laws. For example, exercise caution in using testimonials (these can raise compliance issues under the FTC Act and state consumer protection laws as well). Make sure you are observing legal requirements to seek and receive authorization when using or disclosing patient information. Keep “marketing” activities within the HIPAA exceptions described above, if possible, or else do not target or communicate with patients in any way that might involve PHI. And, most importantly, seek advice from a specialist in HIPAA and other privacy laws.

V. Fraud and Abuse Laws

Federal healthcare fraud and abuse laws include the Stark Law and the Federal Anti-Kickback statute. States tend to have their own versions of these laws. Your advertising will be governed by the Federal laws as well as the state laws. And, if you are advertising across state lines, the fraud and abuse laws of another state could potentially apply, if you are advertising to government healthcare program beneficiaries living in another state (Medicare, VA, Medicaid).

In brief, the Stark law (Section 1877 of the Social Security Act, 42 U.S.C. 1395nn) pertains to ethics in patient referrals under Medicare. It is implicated when a physician makes a referral to another entity for certain designated health services where the physician or a family member has a financial relationship with the entity. Designated health services, which are listed in full under the law, include clinical laboratory services, outpatient prescription drugs, DME and supplies, and radiology services. Stark is a strict liability statute, which means that specific proof of intent is not required to show a violation of the law.

The Federal Anti-Kickback Statute (“AKS”) (42 U.S.C. 1320a-7b(b)) is a criminal law that prohibits the knowing and willful offer, receipt, payment, or solicitation of “remuneration” in exchange for patient referrals or the generation of business payable by a Federal healthcare program. There are certain exceptions to the statute, as well as regulatory “safe harbors” created by HHS; such arrangements are protected. However, the arrangement must meet all elements defined under the statute or regulatory safe harbor to be protected.

In addition to criminal penalties associated with the AKS, violations constitute a violation of the Civil False Claims Act (31 U.S.C. §§ 3729-3733), which is associated with civil monetary penalties and treble damages. The Department of Health and Human Services Office of the Inspector General can also enforce the Civil Monetary Penalties Law (42 U.S.C. 1320a-7a) against those who knowingly make, or cause to be presented, “false” claims for payment or approval to the federal government.

Practitioners who have violated the laws described can be excluded from federal healthcare programs--a serious consequence.

So, when do you need to worry about these laws? Be cautious if you are thinking about any promotional activities that involve financial incentives, “freebies,” gifts, or any exchange of value. Enforcement agencies will care about whether there is any possibility that these incentives could influence the generation of referrals, either among your patients (including incentives that could steer federal healthcare beneficiaries to “self-refer”) or among your community partners, including other providers or suppliers who might be a referral source.

Even something as innocuous as a holiday gift can be subject to regulators’ scrutiny if it looks like there was intent to induce a referral: in one notable 2016 settlement with the Department of Health and Human Services Office of Inspector General, for example, the Massachusetts-based ophthalmology group Boston University Eye Associates, Inc. (BUEA) agreed to pay $50,000 for allegedly violating the Civil Monetary Penalties Law provisions when it provided “improper remuneration” in the form of holiday gifts (candy and other small food items) to physicians and physician practices who were referral sources.[37]

VI. Social Media and Terms of Service

If you have a profile on any social media sites that may provide for patient reviews, consult the terms of use of those sites.

For example, Section 6(a) of Yelp’s terms of service state:

“You agree not to, and will not assist, encourage, or enable others to use the Site to: . . Violate our Content Guidelines, for example, by writing a fake or defamatory review, trading reviews with other businesses, or compensating someone or being compensated to write or remove a review; Violate any third party's rights, including any breach of confidence, copyright, trademark, patent, trade secret, moral right, privacy right, right of publicity, or any other intellectual property or proprietary right”

In another example, HealthGrades has a Physician User Agreement. In assenting to the agreement, physicians represent that any material submitted by them or their practice does not contain “material that is false, factually inaccurate or misleading” and “material that violates any person's privacy right, including any such rights a person might have under HIPAA” (among other categories of prohibited content).

While a website’s terms of service may seem like a small consideration compared to some of the strict laws we have described in this chapter, they are worth your notice nevertheless. Playing by the rules of these websites helps ensure that you can continue to use them -- and such websites are an effective and valuable means of promoting your practice

  1. 1
    FTC Act, 15 U.S.C. §§ 41-58, as amended.
  2. 2
    Federal Trade Commission, A Brief Overview of the Federal Trade Commission’s Investigative and Law Enforcement Authority,, (last visited April 4, 2017).
  3. 3
    Federal Trade Commission, Advertising FAQ’s: A Guide for Small Businesses, (last visited April 4, 2017).
  4. 4
    Fla. Stat. § 501.204; Michael Flynn, “Physician Deceptive and Unfair Business Practices,” 71 Fla. Bar J. No. 7 at 49 (1997),
  5. 5
    See, e.g., Flynn, supra note 4 at 49; 1-3 Anderson’s Ohio Consumer Law § 3.24.
  6. 6
    See Quimby v. Fine, 724 P.2d 403 (Wash. Ct. App. 1986) (holding that Washington state consumer protection law applied to physician practices when a physician substituted a different surgical procedure than previously represented, without obtaining the patient’s informed consent).
  7. 7
    See Chapman v. Wilson, 826 S.W.2d 214 (Tex. Ct. App. 1992) (holding Texas consumer protection law could apply in a case where a group of dentists allegedly misrepresented they were specialists in wisdom tooth extraction, were competent to administer general anesthesia, and that no further treatment would be necessary after the extraction).
  8. 8
    See Rhodes v. Soroklit, 846 S.W.2d 618 (1993) (holding Texas state consumer protection law could apply against a plastic surgeon who promised a patient’s implant would look like a picture selected from Playboy magazine, and that there would be no problem with scarring or capsulization of implants).
  9. 9
    American Medical Ass’n v. FTC, 638 F.2d 443 (2d Cir. 1980). AMA also tries to advocate for “Truth in Advertising” laws at the state level and makes model legislation available on its website. See American Medical Association, “Truth in Advertising,” (last visited April 5, 2017).
  10. 10
    American Medical Association, “Chapter 9: Opinions on Professional Self-Regulation” in AMA Code of Medical Ethics (2016),
  11. 11
    Id. at 9.6.1.
  12. 12
    Id. at 9.6.3.
  13. 13
    Id. at 9.6.9.
  14. 14
    American Academy of Ophthalmologists, Rule 13, in Code of Ethics,
  15. 15
    “Advisory Opinion - Communications to the Public,” American Academy of Ophthalmologists (Oct. 10, 2014),
  16. 16
  17. 17
    See and
  18. 18
    See:$ext.TacPage?sl=R&app=9&p_dir=&p_rloc=&p_tloc=&p_ploc=&pg=1&p_tac=&ti=22&pt=9&ch=164&rl=5 and (Texas medical association)
  19. 19
    Representing Physicians Handbook 2.5.1, page 82.
  20. 20
    American Recovery and Reinvestment Act of 2009, Pub. L. No. 111-5, § 13001, 123 Stat. 115 (2009).
  21. 21
    See 68 Fed. Reg. 60,694 (Oct. 23, 2003).
  22. 22
    American Recovery and Reinvestment Act of 2009, Sec. 13001, 123 Stat. at 274.
  23. 23
    See Representing Physicians Handbook page 104, section (citing Acosta v. Byrum, 638 S.E.2d 246 (N.C. App. 2006), a North Carolina case in which a doctor’s HIPAA violation could also be a violation of the basic standard of care, resulting in tort liability).
  24. 24
    45 C.F.R. § 164.530(c).
  25. 25
    45 C.F.R. § 164.506. Representing Physicians Handbook page 85.
  26. 26
    45 CF.R. § 164.502(a)(1). Representing Physicians Handbook page 84-85.
  27. 27
    45 C.F.R. 164.501. See also HHS Guidance on Marketing,
  28. 28
    45 C.F.R. 164.508(a)(3)(i).
  29. 29
    Dep’t of Health and Human Servs., “Are prior authorizations required when a doctor or health plan distributes promotional gifts of nominal value?” (Dec. 20, 2002), (last visited April 5, 2017).
  30. 30
    Dep’t of Health and Human Servs., “Are health care providers required to seeka prior authorization before discussing a product or service with a patient, or giving a product or service to a patient, in a face-to-face encounter?” (Dec. 20, 2002), (last visited April 5, 2017).
  31. 31
  32. 32
    45 C.F.R. 164.508(a)(3)(ii).
  33. 33
    45 C.F.R. 164.501.
  34. 34
    Dep’t of Health and Human Servs., Physical therapy provider settles violations that int impermissibly disclosed patient information,
  35. 35
    Corrective Action Plan:
  36. 36
    See, for example, a settlement with Seattle-based Providence Health & Services, which involved a $100,000 penalty and a detailed Corrective Action Plan relating to the loss of electronic backup media and laptop computers containing PHI. “Resolution Agreement,” Dept. of Health & Human Servs. (July 16, 2008),
  37. 37
    “Provider Self-Disclosure Settlements,” Dept. of Health & Human Servs. Office of Inspector General (June 24, 2016),

Share this guide on your social media account with the buttons below