top of page

HIPAA Privacy Rules Support Fund Development

Foundation board members and trustees have likely received education about HIPAA, otherwise known as the Health Insurance Portability and Accountability Act. HIPAA legislation was enacted to provide data privacy and security provisions to safeguard the protected health information (PHI) of patients.

Given that grateful patients and families are most likely to make significant philanthropic contributions to health care organizations, it is essential for the foundation or development organization to know who is being treated in the health care organization. However, it remains of vital importance to simultaneously ensure the organization has a clear understanding of what information may be appropriately accessed and utilized for fund development purposes.

While HIPAA laws have always allowed development organizations the ability to access demographic information—such as name, contact information and insurance status—for patients being treated in the hospital, provisions of the HITECH act in 2013 expanded the information accessible to include area/ department of clinical service, treating physician name and patient outcome. These provisions provide a host of new opportunities to engage prospective grateful patient donors that ensure strategic focus and optimization of time and resources.

The most significant opportunity presented is the potential to integrate clinical team input. Physicians, nurses and other clinicians—nurse practitioners, physician assistants, therapists, nurse navigators and more— can be great allies and play a critical role in helping to identify, connect and engage grateful patients and families to the foundation. The introduction of potential grateful patients and families to development organizations allows for further exploration of how these families may wish to express their gratitude. These clinician and physician referrals are often the primary source for grateful patient donors and should be included in grateful patient initiatives.

Because development is allowed to access treating physician information, they can ask willing physicians to participate in the cultivation of grateful patient and family prospects. This can be done by asking physician champions to review lists of prospective patient prospects to identify patients who have had an exceptional care experience. Physicians may also appreciate the opportunity to be included in cultivation meetings with prospective patient donors. The input of the organization’s physicians and other clinicians, who arguably have the most influential relationships with the health care organization’s patients and families, can have a profound effect on the development team’s ability to identify and cultivate viable, worthwhile prospects.

The 2013 legislation update also greatly improved the development organization’s ability to segment prospective donor lists to target specific audiences for specific funding requests. For example,if the organization is raising money for a new cardiovascular strategy, a former patient list can now be pulled comprised only of cardiovascular patients. This capability ensures the development organization’s efforts are strategic by reducing prospective donor lists to a manageable number of higher affinity prospects with a likely passion for the service line.

Trustees and foundation board members can champion best practices by helping to ensure your organization is utilizing HIPAA-approved patient information to the fullest extent for fund development purposes.

It’s important to note organizations must also provide a clear and conspicuous opt-out mechanism in all development communications for patients to notify the organization if they wish to be excluded from fund development efforts. Organizations must keep an up- to-date opt-out list to ensure outreach is suspended with any individual who has previously opted-out from receiving development communications.

Regardless of whether your organization cares for hundreds, thousands or millions of patients on an annual basis, utilizing HIPAA-approved patient information is an indispensable way to segment donor lists. It also ensures development can fully optimize the opportunity to engage the organization’s best prospective partners.

Using patient information to facilitate fund development efforts is appropriate under HIPAA health care privacy rules. Information the fund development staff may utilize includes:

• Name • Address • Other contact information • Age/ Birthdate • Insurance status • Department of service (such as cardiology, oncology, pediatrics)

• Treating physician information • Dates of service • Outcome information (ex:”death...or any sub-optimal result of treatment or services”)


• Does your organization utilize HIPAA- approved patient information for targeted fund development purposes? • How can utilizing HIPAA-approved patient information aid your organization’s grateful patient philanthropy strategy?

Download PDF • 353KB

bottom of page