Hospitals Use EMR Data To Target Marketing Campaigns

When we talk about the benefits we can derive from compiling and analyzing EMR data, most of us focus on care and efficiency improvements, and to some extent population health.  But what if hospitals used EMRs to find appropriate targets for marketing efforts?  Is that kosher?

I don’t know, but it’s clear some hospitals have decided that it is. For example, a recent article in the Columbus Dispatch tells the tale of two health systems which have been data-mining their EMRs to target mailings on health issues to patients in the community.

According to the piece, regional health system OhioHealth has been using this approach for six years, and Mount Carmel Health System has for two years. Both are non-profit systems with large presences in the areas they serve.

It seems that these health systems are largely using these mailings to address patients’ specific health concerns. For example, OhioHealth has sent messages to diabetic patients and others with heart disease. Mount Carmel, for its part, has sent out mammograms and colorectal screenings, as well as to invite patients to seminars on joint replacement and health fairs.

But OhioHealth goes a step further and targets households with higher incomes.

Of course, both parties swear on a stack that none of this violates HIPAA, because marketers never see an individual’s health information.  And maybe they’re right.

As for me, I could go either way as to whether this is an ethical use of medical data. While it may indeed be legal, it’s discomfiting to know that hospitals might be using my clinical data for non-clinical purposes.

That being said, if health education and marketing efforts are done in a tasteful way which doesn’t invade my privacy — or expose my medical situation to the mailman — I can see the benefits.  Sometimes the right reminder or piece of  education can change a patient’s behavior in a timely manner.

And the truth is, if hospitals are going to spend millions and millions on EMRs, maybe this is a way to squeeze those extra bucks out of the system that will help pay for the investment.

I don’t know. I guess it’s something of a tossup. Readers, how do you feel about this issue? Is your hospital mining EMRs for marketing purposes?

About the author

Anne Zieger

Anne Zieger

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.


  • Our supermarket tracks our spending via their “bonus” card. If hospitals are going to engage in similar practices, they should follow suit and give discounts for, say, your next appendectomy.

  • I like what Carl says. Of course, having already had a surprise appendectomy, I don’t really need a discount on my ‘next’ one! 🙂

    In general, if they don’t violate HIPAA, the next question is what type of marketing. For instance, if they target cardiac patients for programs to help them get in better physical condition, that could be a good thing. But if they target them with coupons to a local steak house or for burgers, fries and shakes at McD, not so good.

  • Personally, I think it’s tacky and exploitive. The only way I would be willing to tolerate this type of marketing is if it included an effective opt-out option.

  • There’s a difference between what’s legal and what’s ethical. In this case, using patient data for even well-intentioned marketing purposes may be legal, but it’s clearly not ethical. We begrudgingly allow Google to mine customer data in exchange for free gmail service; but our private electronic health should only be mined for statistical information that would help medical researchers — customer marketing should be strictly verboten, though I suppose an opt-in provision for such might be acceptable.

    And btw, R Troy, the medical establishment remains clueless about what foods and activities are “good for us” — hence the obesity “epidemic” after saturated fats were proclaimed “bad for us”.

  • I think this is like most marketing. If the marketing provides a service to you that helps you find or learn about something you wanted/needed to learn about, then it’s a good thing. The problem is that it’s easy to abuse any sort of marketing.

  • And now for a slightly different take…

    I have no issues with my hospital using its knowledge of my health situation to provide me with targeted opportunities that might be beneficial. I see it as potentially a positive and proactive outreach. They will need to be sensitive in doing this, however, but in my region, the hospital system is pretty tightly woven into the community, anyhow, and would be rather affected by any backlash. And honestly, sometimes I feel like we make an overblown fuss about health data privacy just because everybody else is making a fuss about it, without stepping back and examining the actual impacts. For example, my mailman, with only slight observation, could easily deduce the health issues my wife, children and I have been treated for. The folks behind me in line at the drug store could do the same. Even most doctor’s offices I visit do a poor job of protecting privacy within the office itself. Just last week, I had to forcibly ignore the conversation taking place in an adjacent examination room. It was easily audible. Anyone who signs in at their PCP can see who has checked in earlier, for what doctor, for what time. Anyone who signs the pharmacist waiver form at the CVS can see who has signed in front of them. The prevalence of OTC meds makes it easier to tell what your fellow shoppers’ ailments are just by looking at their shopping cart. And somehow, we still co-exist. I’m not saying we shouldn’t protect ourselves against a massive data breach that could have dire consequences in the form of identity theft and other fallout. I’m just asking everyone to be honest about how serious they really are about privacy. It’s easy to pick on a hospital system without recognizing other areas where we turn a blind eye.

  • Mark,
    Great addition to the conversation. I’ve long thought about the myth that we put on privacy and how much we really care about it. I think you described it much better than I would have done. Thanks for sharing. The challenge is that it’s a really hot button issue when it happens and something bad occurs. Although, most people don’t care and most the time nothing bad happens. So we sweep those under the rug.

  • They say there are not viewing the medical data of the patients, they have the name, address and know the clinic or doctor’s office they came from as well as the condition of the visit. Isn’t it pretty much complete? Many pieces of information make up sensitive data and PHI. I agree with David that there should be an “oped-out” clause at the office knowing they are going to use the information. If they have been doing this for years now, have they checked the HIPAA Rules that have taken affect this year? They just might be violating HIPAA rules without fully knowing it. I do HIPAA self-assessment Audits and I find many practices do not fully understand and practice the rules. Yes, most people would rather keep their medical conditions private and yes the person behind you may know what you are buying, but the rest of the world doesn’t need to know.

Click here to post a comment