top of page

HIPAA Privacy Rules Support Fund Development

As a foundation board member or hospital trustee, you’ve likely received education about HIPAA, otherwise known as the Health Insurance Portability and Accountability Act. HIPAA legislation was enacted to provide data privacy and security provisions to safeguard the protected health information (PHI) of patients.

Given that grateful patients and families are most likely to make significant philanthropic contributions to health care organizations, it is essential for the foundation or development organization to know who is being treated in the health care organization. However, it remains of vital importance to simultaneously ensure the organization has a clear understanding of what information may be appropriately accessed and utilized for fund development purposes.

While HIPAA laws have always allowed development organizations the ability to access demographic information—such as name, contact information and insurance status—for patients being treated in the hospital, provisions of the HITECH act in 2013 expanded the information accessible to include area/ department of clinical service, treating physician name and patient outcome. These provisions provide a host of new opportunities to engage prospective grateful patient donors that ensure strategic focus and optimization of time and resources.

The most significant opportunity presented is the potential to directly involve willing physicians and clinicians in the purposeful identification and engagement of grateful patients and families. Multiple studies show physicians play a critically important role in identifying and introducing potential grateful patient and family prospects to development organizations, and physician referrals are often the primary way development organizations identify prospective grateful patient donors. is essential for the foundation or development organization to know who is being treated in the health care organization.

Because development is allowed to access treating physician information, they can ask willing physicians to participate in the cultivation of grateful patient and family prospects. This can be done by asking physician champions to review lists of prospective patient prospects to identify patients who have had an exceptional care experience. Physicians may also appreciate the opportunity to be included in cultivation meetings with prospective patient donors. The input of the organization’s physicians and other clinicians, who arguably have the most influential relationships with the health care organization’s patients and families, can have a profound effect on the development team’s ability to identify and cultivate viable, worthwhile prospects.

The 2013 legislation update also greatly improves the development organization’s ability to segment prospective donor lists to target specific audiences for specific funding requests using the patient’s treatment location. For example,if the organization is raising money for a new cardiovascular strategy, a former patient list can now be pulled comprised only of cardiovascular patients. This capability ensures the development organization’s efforts are strategic by reducing prospective donor lists to a manageable number of higher affinity prospects.

As a trustee or foundation board member, you can champion best practices by helping to ensure your organization is utilizing HIPAA-approved patient information to the fullest extent for fund development purposes, while also ensuring the information is being used within both the spirit and letter of existing provisions.

It must be noted that organizations must also provide a clear and conspicuous opt-out mechanism in all development communications for patients to notify the organization if they wish to be excluded from fund development efforts. Organizations must keep an up-to-date opt-out list to ensure outreach is suspended from any individual who has previously opted-out from receiving development communications.

Regardless of whether your organization cares for hundreds, thousands or millions of patients on an annual basis, utilizing HIPAA-approved patient information is an indispensable way to segment donor lists and to identify prospective grateful patient donors to ensure development optimizes the opportunity to engage the organization’s best prospective partners.

Using patient information to facilitate fund development efforts is appropriate under HIPAA health care privacy rules. Information the fund development staff may utilize includes:

  • Name

  • Address

  • Other contact information

  • Age/ Birthdate

  • Insurance status

  • Department of service (such as cardiology, oncology, pediatrics)

  • Treating physician information

  • Dates of service

  • Outcome information (ex:”death...or any sub-optimal result of treatment or services”)

For Board Discussion:
  • Does your organization utilize HIPAA-approved patient information for targeted fund development purposes?

  • How can utilizing HIPAA-approved patient information aid your organization’s grateful patient philanthropy strategy?

Accordant White Paper_HIPAA Privacy Rules
Download PDF • 363KB

About the Author: Erin Stitzel, CFRE, FAHP is a Principal Consultant with Accordant. You can reach her at Erin@


Our Blog


The Accordant Team has published a number of books to advance the efforts of health care philanthropy and help development leaders everywhere. 

trustee logo_1.png

Accordant is honored to collaborate with American Hospital Association Trustee Services to provide issue papers, templates and webinars to support the involvement of healthcare trustees and foundation board members in advancing philanthropy. These resources can also be found on the AHA Trustee website.

bottom of page