Common marketing practices in other industries may be illegal in the healthcare sector. Healthcare providers should beware the following practices when marketing their services:

1. Offering gifts, rewards, or free or discounted items or services to patients. The federal Anti-Kickback Statute ("AKS") and Civil Monetary Penalties Law ("CMPL") generally prohibit offering anything of value to induce patients to order or receive services payable by federal healthcare programs unless the arrangement fits a regulatory safe harbor.1 Violations may result in criminal, civil and administrative penalties.2 Common marketing programs that may implicate the laws include but are not limited to:

  • "Patient appreciation" gifts or gift cards.
  • Free supplies (e.g., free diapers, free formula, etc.).
  • Free or discounted items or services as loss leaders to encourage other business.
  • Free screening programs.
  • Referral reward programs.
  • Drawings for prizes.
  • "Insurance only" billing or waiving copays and deductibles.
  • Free transportation programs.
  • Rebates.

The AKS contains exceptions for certain discounts and transportation programs if regulatory conditions are satisfied. 3 The CMPL also contains several potentially relevant exceptions, including:

  • Providing an item of or service of low value, which the Office of Inspector General ("OIG") interprets as each item or service is less than $15, and all such gifts total no more than $75 per patient per year.4
  • Providing free or discounted items or waiving copays and deductibles after a good faith determination of financial need or unsuccessful collection efforts so long as the discount or waiver is not part of any advertisement or solicitation and is not routine. 5
  • Incentives that promote certain types of preventative care, or that promote access to care and poses a low risk of harm to patients and government programs.6

Providers should also check their state laws for similar prohibitions. Even if allowed under federal or state law, waiving copays or deductibles or offering inducements for services may violate commercial payer contracts. For more information, see our article at

2. Offering gifts or other items or services to referring providers. The federal AKS also prohibits offering or paying remuneration to other providers to induce the referral of items or services covered by federal healthcare programs unless the transaction is structured to fit within a regulatory safe harbor.7 Similarly, offering items or services to referring physicians may trigger the federal Ethics in Patient Referrals Act ("Stark") and preclude referrals for certain designated health services payable by Medicare or Medicaid unless the arrangement fits within a regulatory exception.8 AKS and Stark violations may result in criminal, civil and administrative penalties, and require the voluntary self-report and repayment of amounts received for items or services rendered per improper referrals.9 Common practices that may give rise to AKS or Stark concerns include:

  • Gifts or tokens of appreciation to referring providers.
  • Free use of space, equipment, supplies, services or personnel.
  • Practice subsidies.
  • Professional courtesy programs for referring providers.
  • Paying for unnecessary services.
  • Overpaying for services that are provided.
  • Paying referring providers to serve as "consultants", "advisors" or "researchers".

The AKS and Stark contain safe harbors applicable to many relationships with referring providers, e.g., bona fide employment contracts, professional services arrangements, recruitment or retention benefits, medical staff incidental benefits, nonmonetary compensation below a specified amount, professional courtesies, and others, but each transaction must be structured to meet specified requirements.10 In addition to the federal laws, many states have their own versions of the AKS, Stark, or similar laws which may be broader than the AKS and Stark.11 The bottom line: any gift, inducement or reward to referring providers must be reviewed to ensure compliance with applicable law. For more information on such relationships and applicable safe harbors, see our article "Offering Gifts to Referral Sources" at

3. Paying third-parties commissions or rewards for referrals or generating leads. The federal AKS is not limited to payments to patients or healthcare providers; it also applies to payments to third parties to induce or reward referrals for referring federal program business. Suspect arrangements include:

  • Gift cards or other rewards for persons who refer business.
  • "Refer a friend" programs.
  • Paying "runners" or "cappers".
  • Splitting fees with third parties in exchange for referring business.
  • Success fees or compensation terms that are based on a percentage of revenue derived from referrals.

The OIG has warned that paying independent contractors (e.g., marketing agencies or other non-employees) a commission based on referrals generated may violate the AKS:

We are aware of many examples of abusive practices by sales personnel who are paid as independent contractors…. We believe that if individuals and entities desire to pay a salesperson on the basis of the amount of business they generate, then to be exempt from civil or criminal prosecution, they should make these sales persons employees where they can and should exert appropriate supervision for the individual's acts.12

The government sometimes distinguishes between entities that merely provide leads versus those that provide specific or qualified referrals. For example, the OIG approved an arrangement in which a website administrator sold leads to chiropractors where the arrangement did not target government program beneficiaries; the administrator did not actively steer patients to a particular provider; fees paid did not depend on whether the lead became a patient; no health information was collected by the website administrator; and the website administrator did not qualify the lead.13

4. White coat marketing. The OIG has expressed concern over advertising in which a trusted healthcare provider recommends a product or service, particularly if the provider has a financial interest in the product or service:

Marketing by physicians or other healthcare professionals—sometimes referred to as "white coat" marketing—is subject to closer scrutiny, since health care providers are in a position of trust and may exert undue influence when recommending health-care related items or services, particularly to their own patients. Patients typically believe that their health care providers furnish and recommend products or services that are in the patients' best medical interests. One of the purposes of the Anti-Kickback Statute is to help ensure that the exercise of independent medical judgment is not corrupted by financial considerations.14

The OIG suggested that the risk is lower where the marketing is accurate, passive, and provided through general broadcast media, i.e., not directed to a particular patient.15

5. Advertising a referring physician's private practice. Hospitals may often be asked to market an independent physician's private practice or enter joint marketing arrangements with referring physicians; however, doing so may confer a benefit on the physician and trigger Stark and AKS concerns.16 If the marketing focuses on hospital services without promoting the physician's independent practice, there is likely little risk. If, however, the advertising promotes the physician's independent practice, the physician should pay fair market value for the proportionate benefit conferred unless the arrangement fits within a regulatory safe harbor, e.g., Stark exceptions for nonmonetary compensation or medical staff incidental benefits.17 CMS has stated that simply listing medical staff members on the hospital's website is an "incidental benefit" excepted from Stark.18

6. Disclosing patient information without authorization. The HIPAA privacy rules generally prohibit disclosing a patient's protected health information ("PHI") without the patient's written, HIPAA-compliant authorization.19 PHI is defined broadly: it includes any information about a person's health, healthcare, or payment for care that may reasonably be used to identify the individual, including but not limited to name, addresses, images, etc. 20 Patient confidentiality is also protected by state statutes, regulations, and common law. Violations may result in civil, criminal and regulatory penalties as well as suits by patients whose information was improperly disclosed.21 Common marketing or public relations practices that implicate privacy laws include:

  • Using or disclosing the patient's name or other identifiable information without appropriate authorization.
  • Posting patient photos without appropriate authorization.
  • Publishing patient testimonials.
  • Photographs or video that captures patients or patient information in the background.
  • Social media disclosures.
  • Responding to social media posts by or about a patient.
  • Responding to negative internet comments or reviews.22
  • Responding to media requests about patients.
  • Allowing media to access patient care areas.

7. Sending patient information over unsecure network. The HIPAA security rule generally prohibits sending electronic PHI over an unsecure network, e.g., over the open internet or using unsecure texts.23 For example, if a provider seeks to send marketing information to its patients and such information includes any PHI (including facts confirming that the recipient is a patient), the provider should generally use a secure network unless it has advised the patient that the network may not be secure and the patient has agreed to communicate via unsecure channels.24

8. Using protected health information for marketing purposes. HIPAA not only applies to external disclosures of PHI; it also limits the internal use of patients' PHI for marketing purposes without the patient's or personal representative's written authorization.25 If a third party pays the provider to make the marketing communication, the patient's written authorization must state that such financial remuneration is involved. 26 HIPAA defines "marketing" as "a communication about a product or service that encourages recipients of the communication to purchase or use the product or service."27 So long as the provider is not paid by a third party to make the communication, "marketing" excludes communications for the provider's own treatment or healthcare operations, including but not limited to describing a health related product or service provided by the provider, case management, care coordination, or recommending treatment alternatives.28 Also, "marketing" does not include refill reminders or communications about a drug that is currently being prescribed to the individual so long as any remuneration paid to the provider is reasonably related to the cost of making the communication.29 HIPAA does not require an authorization for certain marketing communications even if financial remuneration is paid for making the communication, including face-to-face communications made by a provider to an individual, or offering a promotional gift of nominal value.30

9. Using protected health information for fundraising purposes. A provider may, without the patient's authorization, disclose limited demographic PHI to a business associate or institutionally-related foundation for purpose of raising funds for its own benefit so long as the provider complies with certain requirements, including that the provider include a statement in its HIPAA notice of privacy practices that it will use the PHI for fundraising purposes; the provider does not condition its treatment on participation in fundraising activities; with each fundraising communication the provider gives the recipient the opportunity to opt out of receiving fundraising communications; and the provider does not send fundraising communications to persons who have opted out.31

10. Selling protected health information. HIPAA prohibits providers and business associates from selling protected health information unless they first obtain the patient's written authorization and the authorization discloses that the provider will receive remuneration in exchange for the PHI.32 "Sale of PHI" is defined as "a disclosure of [PHI] by a covered entity or business associate … where the covered entity or business associate directly or indirectly receives remuneration from or on behalf of the recipient of the [PHI] in exchange for the [PHI]."33

11. Telemarketing. Federal and state laws limit the use of telemarketing under certain circumstances. For example, the Telephone Consumer Protection Act ("TCPA") generally prohibits prerecorded marketing calls to a residence or prerecorded or autodialed calls to a wireless number without the recipient's prior express consent.34 The TCPA does contain an exception for prerecorded healthcare-related calls to residential and likely wireless numbers such as appointment reminders; however, the exemption may not apply to pure marketing calls or calls about account balances. The Telemarketing Consumer Fraud and Abuse Prevention Act and FCC Telemarketing Sales Rules generally prohibit deceptive and abusive telemarketing practices, including the use of certain types of prerecorded calls without a recipient's prior written consent.35 Providers should review state and federal laws before engaging in telemarketing practices or using prerecorded or autodialed calls.

12. False, deceptive, or abusive advertising. State professional licensing statutes often prohibit providers from engaging in false or deceptive advertising, which may include, among other things:

  • Misrepresenting or omitting material facts.
  • Creating unjustified expectations of favorable results, including the use of photos, models or guaranteed results.
  • Promoting items that are not necessary or medically indicated.
  • Representing that an incurable condition may be cured.
  • Abusing or exploiting the trust of a patient.
  • Making a false or misleading statement concerning the person's skill or efficacy of the treatment.
  • Representing superior skill if not supported by reliable data.
  • Making a scientific claim that cannot be supported by reliable data.
  • Representing himself or herself as a specialist or certified if that is not the case.
  • Misrepresenting fees or charges.
  • Advertising in any other unethical or unprofessional manner.

Similarly, federal and state consumer protection acts prohibit conduct such as:

  • Representing goods or services have the approval, characteristics, uses, benefits or qualities that they do not have.
  • Representing that a person as the approval, status, or affiliation that he or she does not have.
  • Representing that goods or services are of a particular standard or quality if they are of another.
  • Engaging in any other unconscionable, false, misleading, or deceptive acts or practices.

Violations may result in adverse licensure action as well as civil or criminal penalties. They may also give rise to a lawsuit by patients for malpractice, fraud, or breach of contract.

13. Testimonials and Endorsements. The FTC has issued guidelines concerning the use of endorsements and testimonials in advertising. 36 In addition, AMA ethics guidelines state:

[T]estimonials of patients as to the physician's skills or the quality of the physician's professional services tend to be deceptive when they do not reflect the results that patients with conditions comparable to the testimoniant's condition generally receive. Objective claims regarding experience, competence, and the quality of physicians and the services they provide may be made only if they are factually supportable. Similarly, generalized statements of satisfaction with a physician's services may be made if they are representative of the experiences of that of physician's patients.37

14. Durable Medical Equipment and Supplies. Suppliers for durable medical equipment, prosthetics, suppliers, orthotics and supplies ("DMEPOS") may not directly market Medicare beneficiaries through the telephone unless the beneficiary gave written permission for the contact; the contact is for a covered item that the supplier has already furnished; or the supplier has furnished at least one covered item to the beneficiary in the prior fifteen months. Violations may result in denial of payment or repayment of any amounts received for items ordered per improper referrals, and exclusion from Medicare programs.38

Conclusion. Marketing professionals often do not understand the unique limits on the healthcare industry, especially where inducements are offered for referrals. Providers should ensure that their marketing practices comply with the guidance set forth above, as well as other state laws that may apply.