Understanding Digital Marketing Regulations For Healthcare Providers In Canada & The USA

Healthcare marketing, when done right, leads to successful patient engagement, which in turn leads to a booming practice. However, the healthcare industry has extremely strict legal advertising regulations and guidelines that individual physicians, large hospitals, dentists, medical clinics, medical spas, physiotherapists, and marketing professionals need to understand and follow religiously when marketing their services.

Violating these regulations can lead to ads not being acceptable on specific platforms to legal action or even cancellation of a doctor’s license. For example, a doctor’s website stated he was board certified and the patient chose the physician based on this claim. The patient’s procedure was completed without complications; however, the patient was not satisfied with the outcome. The patient then underwent a revision with a different physician, who said that the first doctor had been negligent. The patient filed a complaint with the medical board and discovered the doctor was not board-certified during the process. A lawsuit was filed against the doctor alleging malpractice, negligence, and fraud for the false claims of board certification.

Many months and hundreds of thousands of dollars in litigation fees later, the doctor was found guilty. The medical board ordered him to remove the false claims from his website and pay a hefty fine. This is what you would never want.

At Wisevu Inc., we have experience in steering the ever-changing healthcare marketing landscape and offer marketing services for the healthcare industry in Canada and the US. We abide by all the laws and regulations when marketing for our healthcare clients/partners. We follow all the legal guidelines while advertising and marketing your healthcare practice. You are in safe hands with us.

In this article, we have outlined some of the most important legal advertising regulations that businesses in the healthcare industry should be aware of and abide by in order to protect themselves and their patients.


Healthcare marketing laws in the US

Healthcare Marketing Laws In The US

There are a variety of laws, rules, and government agencies that regulate healthcare marketing in the US. Here is the list of the most important laws which relate to medical practices engaged in in online marketing:

  • Health Insurance Portability and Accountability Act (HIPAA) – It regulates how physicians and hospitals can advertise and use patients’ information for marketing purposes.
  • The Food and Drug Administration (FDA) – It sets rules for prescription drugs and medical services.
  • The Federal Trade Commission (FTC) – It reviews ads for over-the-counter drugs and other products and makes health claims.
  • The Health Information Technology for economic and Clinical Health Act (HITECH) – It addresses the privacy and security concerns of patent data, Electronic Health Records (EHR) files, and how they are shared.
  • Apart from this, the US Department of Agriculture has rules about what food products can claim to be light, fat-free, low sodium, as well as other health claims.


Healthcare marketing laws in Canada

Healthcare Marketing Laws In Canada

Canada too has many government agencies and laws that regulate healthcare marketing.

  • Personal Health Information Protection Act (PHIPA) – It regulates personal health information (PHI). The individual has the right to ask how their personal health information is collected, used, and disclosed. They also have the right to gain access to their personal health information and to correct any errors if needed.
  •  Personal Information Protection and Electronic Documents Act (PIPEDA) – It is the law that protects the rights and privacy of consumers in Canada. This law is for private-sector organizations that focus on how these organizations collect, use, and reveal information. PIPEDA also oversees consumer privacy for all medical and healthcare billing information.
  • Royal College of Dental Surgeons of Ontario (RCDSO) – It is a regulatory body to protect the public interest and ensure that advertisements by dentists or by someone on a practice’s behalf do not demean the integrity and dignity of the profession.  The regulation ensures that you:
    • Do not include unclear, untrue, and misleading statements in the advertisement material.
    • Do not engage in advertising promotion that results in sharing or splitting fees or payments to a third party that relate to the amount of business you obtain through advertising or marketing campaigns.
    • Ensure that you control any or all printed/electronic material like flyers, business cards, logos, signage, websites, social media postings, blogs, newsletters, advertorials, etc. about the practice that is made available to the public.
    • If your advertisement makes any reference to an area of the dental practice, like a treatment or procedure, then clearly disclose whether you are registered with the College as a general practitioner or specialist.
    • The fee must be clearly stated in the advertisement so that patients know what you are offering.
    • Regulations regarding your business name and how it is represented online.
  • Health Canada – It is a national regulatory authority for health product advertisements and is responsible for administering and directing compliance with government Acts and Regulations. It is the responsibility of all advertisers and physicians to ensure that health product advertisements comply with the requirements and regulations of the Food and Drug Act (FDA), and the Controlled Drugs and Substances Act (CDSA).
  • Pharmaceutical Advertising Advisory Board (PAAB) – The advertising material for all health products, excluding exempted natural health products, is reviewed by the board.

Wisevu understands all the healthcare marketing laws and regulations and implements medical marketing services strategies that are executed ethically and legally.


Importance of HIPPA and PHIPA in Medical Business Regulations

Importance of HIPPA in Medical Business Regulations

What is HIPAA

In the United States, safeguarding personal medical information to ensure confidentiality and security by healthcare providers and organizations is regulated by the Health Insurance Portability and Accountability Act (HIPAA). HIPAA regulations require the development of, and adherence to, procedures that protect Personal Health Information (PHI) and are mandated by the government.

Importance of PHIPA in Medical Business Regulations

What is PHIPA

PHIPA differs from HIPPA in various aspects. Under HIPAA, medical practices, dentists, pharmaceuticals, med spas, and other medical bodies are required to report breaches of unsecured protected health information. However, the breach notification obligations vary based on whether the breach affects 500 or more individuals or fewer than 500 individuals.

Key Differences between HIPAA and PHIPA

PHIPA differs from HIPPA in various aspects. Under HIPAA, medical practices, dentists, pharmaceuticals, med spas, and other medical bodies are required to report breaches of unsecured protected health information. However, the breach notification obligations vary based on whether the breach affects 500 or more individuals or fewer than 500 individuals.

In case a breach of unsecured protected health information affects 500 or more individuals the breach is considered meaningful and should be informed within 60 days of its discovery. The breach can be reported to:

  • The Secretary of Health and Human Services.
  • Individuals affected by the breach.
  • Prominent media outlets in the states and jurisdictions where the breach victims live.

If an unsecured protected health information breach affects less than 500 individuals, it is considered non-meaningful. In an event of a non-meaningful breach, the covered entity may inform the Secretary about it within 60 days at the end of the year in which the breach was discovered. On the other hand, under PHIPA, the requirements for reporting a breach are more rigorous. A Health Information Custodian (HIC) must notify the Information and Privacy Commissioner if any of the following have occurred:

  • If HIC believes that personal health information (PHI) was used or revealed to someone without authority.
  • If after an initial loss or unauthorized use or disclosure of PHI, the PHI is further used or revealed without authority.
  • The loss or unauthorized use or disclosure of PHI is part of a pattern of similar losses or unauthorized uses of data.
  • HIC is required to give notice to a regulated health professional governing body or College, as it relates to the loss or unauthorized use or disclosure of PHI.

These are the key differences between HIPAA and PHIPA.


Advertising and Marketing Basics as per the Federal Trade Commission (FTC)

Advertising And Marketing Basics As Per The Federal Trade Commission (FTC)

Keeping patients informed is a vital American healthcare policy, and advertising and marketing play a crucial role in getting important information out to the public. The list of warnings included in pharmaceutical ads, which typically account for two-thirds of healthcare marketing expenses, is the result of the FDA’s regulatory authority over the pharmaceutical industry.

Advertising activities by other healthcare investors such as health systems, hospitals, and clinics, often are out of FDA’s jurisdiction and are subject to the general advertising rules and regulations enforced by the Federal Trade Commission (FTC).

Advertising activities by other healthcare investors such as health systems, hospitals, and clinics, often are out of FDA’s jurisdiction and are subject to the general advertising rules and regulations enforced by the Federal Trade Commission (FTC). Under the FTC law, claims in healthcare advertisements must be true and non-misleading as well as evidence-based.


Importance of Data Protection in Healthcare

Importance Of Data Protection In Healthcare

The healthcare industry is adopting new technologies rapidly, the prominent one is information technology that assists both doctors and patients as well as improves the delivery of healthcare services. Another one is digital marketing; which enables doctors /practitioners to market their services to a wider audience than ever before. These technologies have improved healthcare services considerably making them fast and efficient. However, information security risks are also higher than ever before. Information security breaches have serious consequences for both healthcare providers and their patients.

The patient’s information includes all the personal identifying information (PII) that cybercriminals can use such as name, address, date of birth, social security number, insurance, financial account information, patient’s physical condition, medical ailments, disabilities, sexual behavior, drug/alcohol use, mental health, and more.

The breaches of personal information have financial implications as well as damage the reputation of both the provider and the patient. Here is an example of a highly publicized data breach by Aetna, an insurance giant in 2017. The improper disclosure revealed the HIV status of over 11,000 individuals. Aetna agreed to pay $17 million, but for the patients whose HIV status had been exposed, the damage had already been done.

HIPAA and PHIPA violations are expensive and the penalties for non-compliance can range from $100 to $50,000 per violation, with the maximum penalty of $1.5 million per year depending on the level of negligence. In some extreme cases, violations can lead to criminal charges and cancellation of licenses.

As a healthcare digital marketing agency, we deal with personal and sensitive healthcare data as per the security requirements stipulated by HIPPA, PHIPA, General Data Protection Regulation (GDPR), and California Consumer Privacy Act (CCPA). Also, the new data privacy regulations allow healthcare consumers in the US and Canada to opt-out of data reselling and the right to be forgotten. Due to these new rights, the value of marketing campaigns, targeted advertising, and other programmatic channels are hurt by reduced access to third-party data. So, to combat this, we have developed more reliable first-party data acquisition channels and we keep information in-house, thus ending the reliance on data that becomes obsolete and unreliable and help us devise smarter marketing campaigns for your healthcare practice.


Healthcare Marketing Services We offer Comply With Regulations

Patients want easier and more seamless access to their personal health records, and they are willing to do so digitally. They are comfortable communicating with healthcare providers through texting, mobile apps, online chats, or live video. So, as a healthcare marketer, we deliver compelling digital experiences while staying HIPAA and PHIPA compliant.

Here are some services we offer:

1. Medical Content Writing

Medical Content Writing

Content is a vital part of Search Engine Optimization (SEO) and as a healthcare provider, people or potential patients learn about you and your practice through the content published on your website or the blogs and articles. At Wisevu, we have a team of medical content writers with extensive experience in the medical niche to keep your content converting optimally while remaining legally compliant. Our professional medical writers write compelling content that meets all the healthcare marketinging laws and guidelines such as HIPAA, PHIPA, PIPEDA, RCDSO, FTC, HITECH, FDA, CDSA, GDPR, and CCPA. The content we create is on general health advice, health how-to guides, wellness tips, general medical explanations of injuries, conditions, treatment, screening, and more. Storytelling is one of the most engaging and compelling ways of interacting with patients and our team of experienced medical writers evokes strong emotions through it. We also have a team of MD writers who are no longer practitioners who write medical content at an affordable rate for your practice.

2. Medical Search Engine Optimization (SEO)

Medical Search Engine Optimization (SEO)

Search Engine Optimization (SEO) is essential to the success of your medical/healthcare practice as Google and other search engines are where patients go to look up symptoms for their health problems, research treatments, and to find doctors. If your practice is not on page 1, you won’t be found and will miss out on the potential leads. This is where our Medical SEO comes in. We have a large network of Canadian and US-based medical web properties which allows us to rank healthcare clients on top of Google faster and more efficiently. We offer a smart medical SEO strategy tailored to your specific practice to rank higher on Google. Our systems and procedures allow us to reach out to leading medical webmasters, authorities, and influencers in a variety of medical niches, which enables us to effectively execute our search engine optimization services more effectively than other SEO agencies.

Related Article: Online review Do’s And Don’ts for dentists

3. Pay-Per-Click Advertising (PPC)

Pay Per Click Advertising (PPC)

According to Google, 89% of consumers turn to the search engine to find a solution to their healthcare problems. Out of those, nearly a quarter of consumer needs are resolved by medical advertisements, resulting in 1 billion clicks on search ads. So, healthcare facilities and individual physicians have a huge opportunity to connect with potential patients. Medical PPC advertising is a highly controllable and cost-effective way to earn a spot at the top of search engine results. However, there is tough competition in healthcare marketing and advertising is a bit tricky. For this, you need a smart healthcare advertising strategy that only experts can help you in. Wisevu has extensive experience helping businesses in the medical industry cost-effectively market their companies on the web while complying with the healthcare rules and regulations. Our PPC experts create a successful and result-oriented medical PPC campaign employing numerous tactics to help your facility attract, convert, and retain patients.

4. Social Media Marketing

Social Media Marketing

Social media allows healthcare providers and organizations to better engage with patients and get them involved in their own healthcare. Healthcare organizations can also easily communicate about new services. When we post on social media on healthcare organizations’ behalf, we do not use any patient information or PHI without consent. When using images, we stick with relevant stock photography or the ones provided by the healthcare organization without any PHI. We also hold training sessions to make sure our team is aware of the best practices and have control measures in place for keywords or phrases that might indicate HIPAA/PHIPA non-compliance.

Related Article: Top wordpress plugins to display social media feeds

5. Website Design

Website Design

The website is the digital business card and the cornerstone of digital marketing strategy. We design HIPAA/PHIPA and other regulations compliant websites for each healthcare provider. We encrypt any data gathered on your website, using industry leading security systems, which includes web forms, appointment requests, and contact forms. We also ensure that your website has a HIPAA/PHIPA privacy policy so that the patients are aware of your efforts to keep any collected data safe. We also make sure your website is SSL protected. This networking protocol helps ensure that data passed between client and server is always encrypted.

6. Email Marketing

Email Marketing

Email marketing is an effective way to drive real business outcomes and achieve a measurable return on investment. We do not create any emails or email campaigns using the patient’s personal health information without obtaining permission first. We encrypt every email sent to patients with any type of PHI, which means only the sender and recipient have access to email contents. The servers we use that store emails with PHI are encrypted with off-site backup.

Related Article: Stop hackers from spoofing your email

7. Retargeting


Retargeting is an advertising strategy that helps keep you on the radar of website visitors once they leave your site. On average, 3-4% of users convert into customers on their initial visit, the remaining 97% don’t and so this large chunk of potential patients can be converted with our retargeting services. (Reference )

How Retargeting Works

How retargeting works?

Retargeting or remarketing is a cookie-based technology that uses simple code to follow users around the web once they have left your website. When this code is placed on your website, it serves ads to users who left the site without converting, encouraging them to convert later. Remarketing reduces advertising spend by ensuring the ads are aimed directly at users who, in the past, have shown interest in your medical services.

Challenges Of Healthcare Retargeting

Challenges of healthcare retargeting

The world of healthcare retargeting is a bit difficult to navigate and it is essential that you operate within the regulations and guidelines stated by the Federal government which are continually updated and change regularly.

The ads must not include any content that could imply any prior knowledge of personal medical information. For instance, someone is experiencing some worrying symptoms, they search online and decide they may be suffering from men’s health issues. They then decide to get a test done and start searching for a relevant clinic in their vicinity.

The last thing they would want in this situation is that their family computer is bombarded with ads about the condition. Therefore, it is important that any messaging in your ads are generic, referencing only a brand, healthcare facility, or particular department rather than a specific condition or treatment.

How To Utilize Retargeting Without Violating The Regulations For Facebook

How to utilize retargeting without violating the regulations for Facebook, Instagram, Google

Facebook, Instagram, and Google are extremely sensitive about healthcare-related retargeting, so our team gets creative with your ads and ad copy. The ads we run pay attention to your business’ expertise in a certain department, without specifically referencing any health condition. For example, if a user visits your healthcare site looking for information on dermatology and leaves without converting, any subsequent ads they are shown will highlight the main Unique Selling Points (USP’s) of the dermatology department, rather than mention disease symptoms, even if they specifically visited a skin disease page.


Facebook has over 2 billion monthly active users and is a lucrative avenue for your organization’s ad campaigns. Our team smartly utilizes retargeting whilst avoiding running into problems with regulators. We segment your users into specific lists depending on which pages they initially visited and create a custom audience to show the ads. The ads displayed to these users are generic and avoid treatment or condition-specific language. We also use video testimonials of patients’ who received treatment from you and are happy to share their experience. However, ensure to have the patient’s permission to allow you to share their personal journey, and you should not be at risk of violating any rules or regulations.

Facebook guidelines prohibit advertisers from referring to “personal traits about the audience” which includes words like “Neck Pain” or any other negative condition. So it is our job as medical marketing professionals to come up with effective advertising copy without breaking the rules. Take these examples:

  • Not Allowed: “Top 5 Ways to Fix your Neck Pain”
  • Allowed: “Top 5 Tips to a Healthy Neck”
  • Not Allowed: “Permanently Reduce Your Shoulder Pain”
  • Allowed: “How I Reduced My Shoulder Pain For Good”

Real patient stories are usually allowed and in the rare case where a testimonial ad gets disapproved, we will request a manual review.

Related Article: Understanding the difference between Facebook Boosted Posts and Facebook Ads


The same rule as for Facebook applies to Instagram as well as Instagram is owned by Facebook. Our experienced team knows how to make social presence feel more personal, for example, show behind-the-scenes content, show patients’ success stories, provide health tips, etc., without ever violating rules or regulations.


There are various channels within Google that can be used for your remarketing campaigns. If you make use of videos on your website or have a YouTube channel, Google remarketing can target any users who interact with them. Including clear call-to-actions in video content helps point users in the right direction. Also, we share a list of your customer’s email addresses with Google’s Customer Match tool to target adverts towards them. This can be particularly useful for targeting specific segments of your customer base, such as high-value clients.

We optimize the performance of these customers and match ad campaigns by integrating email analytics to target audiences with specific ads based on how they interacted with emails.

Despite the many hurdles, we carefully navigate the retargeting to be hugely effective, and therefore remarketing should be an essential element of your healthcare organization’s marketing strategy.


So, these are the healthcare marketing regulations and laws in the USA and Canada that all healthcare practices need to follow when advertising their services. However, following all these rules can be daunting and this is where Wisevu comes into the picture.

We are a  talented team of web designers, content writers, SEO’s, SMM’s, and PPC experts with extensive knowledge and experience in online marketing. We have worked with  various healthcare industries offering them services as per the healthcare marketing standards. We can design a comprehensive digital marketing campaign that stands out without breaking regulations.


Get in touch with one of our digital healthcare marketing experts today.

GET A QUOTE 905 267 3217

Disclaimer – The information provided here does not and is not intended to constitute legal advice. All the information and content available here are for general information purpose. Readers should contact their lawyer to obtain advice with respect to any particular legal matter.

Give Us a Heart
Internet Marketing

Leave a Comment