Become a Social Media Influencer
How You Can Use Video Testimonials to Create Social Proof Online
Testimonials, Reviews and Privacy Law: What You Should Know
Table of Contents
- Common Questions About Testimonials and Reviews
- Federal Trade Commission Guide Concerning the Use of Endorsements and Testimonials in Advertising
- Google Terms of Service
- The HIPAA Privacy & Security Law
- Where Did HIPAA Come From?
- Can I Take Testimonial Videos on My Cell Phone?
- Do I Need to Comply with HIPAA Privacy and Security Data Standards?
- What are all the Identifiers that are Considered PHI under HIPAA
- Who Owns the Video?
- Who is the Best Person to Collect a Client Video Testimonial?
- The WOW Promoter hosts ALL Videos on the AWS S3 HIPAA-compliant Servers
Common Questions About Testimonials and Reviews
- A happy customer gives a Google Review to her doctor. The doctor copies the review from Google Reviews and posts it to his Facebook page. Is this legal? Is this a violation of the Google Terms of Service?
- A customer posts an image of herself with her pet dog to Instagram and tags a local veterinarian. The veterinarian ‘Likes’ the image and downloads it for use on their website or other social media sites as a testimonial. Is this legal? Do you need a Media Release to use the image?
- A patient gives a video testimonial to a chiropractor that is uploaded to YouTube. The patient signs the Media Release that gives the chiropractor the ability (through HIPAA’s Marketing Safe Harbor) the ability to use the patient’s image, likeness and name for marketing purposes. Can the chiropractor re-purpose the video to another social media site?
What are the relevant laws governing use and reuse of testimonials, reviews and customer images for your businesses’ marketing purposes?
We are going to discuss three relevant policies/laws/statutes that every social media marketer should be familiar with:
- Federal Trade Commission Guide Concerning the Use of Endorsements and Testimonials in Advertising – (16 CFR Part 255)
- Google Terms of Service – Map data governs the Google Review feature
- Health Insurance Portability and Accountability Act of 1996 (HIPAA) – marketing safe harbor
Federal Trade Commission Guide Concerning the Use of Endorsements and Testimonials in Advertising
The FTC statute, as implied in the name, regulates advertisements. Google Reviews are not advertisements.
If the words, image, photo or video of a customer making an endorsement of a product or service is re-purposed into an advertisement then this statute does come into play.
To answer Question #1 from above, as soon as the physician places the test from the Google Review anywhere other than it’s original format, it becomes an advertisement and would be bound by the FTC statute.
A further inquiry into question #1 reveals that the Google TOS prohibits copying and pasting its Reviews which are, technically, Google property.
So, in general, copying customer testimonials and reviews is legal and would not activate the FTC statute in this specific instance would seem to expose the physician to a violation of the Google Terms of Service. This could lead to having his Google Account de-activated – including his Google My Business listing.
The HIPAA Privacy & Security Law
The Health Insurance Portability and Accountability Act, or HIPAA, is the medical industry’s patient privacy and security law. The Act is designed to prtect consumers and patients from unauthorized use or disclosure of their health data; called Personal Health information (PHI).
Here is how HIPAA defines ‘Marketing’: “The HIPAA Privacy Rule gives individuals important controls over whether and how their protected health information is used and disclosed for marketing purposes.
With limited exceptions, the Rule requires an individual’s written authorization before a use or disclosure of his or her protected health information can be made for marketing.
So as not to interfere with core health care functions, the Rule distinguishes marketing communications from those communications about goods and services that are essential for quality health care.”
For most online and social media purposes, the signed Media Release is sufficient to protect the healthcare business from HIPAA breaches and associated liability.
Intentional violations of HIPAA, that is, those violations a health care provider could have or should have prevented, start at $50,000, per incident.
Question: What if you have 100 unencrypted patient videos on the doctor’s cell phone? HIPAA penalties could accumulate by the penalty amount ($50,000) multiplied by the number of incidents (100).
To protect yourself against HIPAA violations, you have probably asked your patient to sign a Media Release before you took their video. The written Media Release typically gives you the ability to use the patient’s words, likeness, image and video for marketing purposes.
HIPAA provide hospitals and doctors a ‘ Marketing Safe Harbor’ that allows them to use patient testimonials for marketing purposes when the video/media release is signed. HIPAA specifically states that the patient gets to control how their video is used. In other words, they may want to know if you will use their video on TV, Facebook, YouTube, etc.
The patient expects, of course, that their video will remain in your safe possession and control. What you DON’T get to do is hold your patients’ video on an unencrypted or unprotected device, such as a doctor’s personal cell phone. The risk that the unencrypted cell phone could be lost or stolen is what exposes most medical practices to a HIPAA violation.
Note: The WOW video app automatically prompts the patient to sign an individualized photo/video/media release with patient signature, stored as a PDF within the app and hosted in the cloud.
Where Did HIPAA Come From?
With the growth of the web and increasing online data transfer, The Congress of the United States acted in 1996 to protect the privacy and security of American citizens:
“The Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information…”
To comply with HIPAA, online data (video) storage can be encrypted in HIPAA-secure databases. Fortunately, you have several choices when selecting your HIPAA-compliant database:
“If you are collecting, storing or transmitting PHI to a covered entity then you definitely should be HIPAA compliant.”
“According to security guidelines established by HIPAA, anyone who develops mHealth, eHealth, or wearable applications that deal with Protected Health Information (PHI) — are required to meet national standards for Physical, Administrative, and Technical security of health information.”Source: Attorney’s web page
If you are not doing business in America, with Americans, or if you do not deal with Personal Health Information (PHI) then you may not need to worry about HIPAA compliance. For instance, a plastic surgeon or a physical therapy clinic who charges all-cash for services, even medical services, may not be bound by HIPAA. Check with your attorney to be 100% certain.
Be aware however, most states also have privacy laws protecting consumers and regulating personal health data and how it should be handled.
Can I Take Testimonial Videos on My Cell Phone?
Nevertheless, many of our customers still ask us “Can I shoot my client testimonial videos on my cell phone?”
To help answer our customers, we’ve tried to pose several questions you should ask yourself and answer so you can make your own decision.
- Do I need to comply with HIPAA Privacy and Security data standards if my customers are in the United States?
- Who owns the video of the the client testimonial?
- Who is the best person on my team to collect a client video testimonial?
Below are some factors to consider as you answer the following question: “Can I use my own cell phone to collect client video testimonials for my small business?”
Do I Need to Comply with HIPAA Privacy and Security Data Standards?
HIPAA applies to medical information, called Personal Health Information (PHI) that is transmitted electronically. In most cases, this means medical data for services that are billed to patient insurance companies, including Medicare.
What are all the Identifiers that are Considered PHI under HIPAA
- Address (including subdivisions smaller than state such as street address, city, county, or zip code)
- Any dates (except years) that are directly related to an individual, including birthday, date of admission or discharge, date of death, or the exact age of individuals older than 89
- Telephone number
- Fax number
- Email address
- Social Security number
- Medical record number
- Health plan beneficiary number
- Account number
- Certificate/license number
- Vehicle identifiers, serial numbers, or license plate numbers
- Device identifiers or serial numbers
- Web URLs
- IP address
- Biometric identifiers such as fingerprints or voice prints
- Full-face photos
- Any other unique identifying numbers, characteristics, or codes
HIPAA applies to almost all hospitals, physicians, physical therapists, dentists, chiropractors, medical laboratories and imaging facilities in the United States. If a facility bills some patients cash but bills insurance to other patients, only the insurance-billed health data is considered PHI but, interestingly, HIPAA would apply to ALL of the facility’s data.
Who Owns the Video?
Obviously, the business entity should own ALL the business assets, including valuable patient video testimonials. Placing video on a personal tablet or cell phone makes the provenance of the video difficult.
It’s slightly creepy to think client testimonial video will reside on a business owners’ personal cell phone because your kids may also use your phone, etc.
Proper accounting of business assets would demand that ALL the assets – phone AND videos, be owned and maintained by the business entity, not by an individual. Even the owner of the business is typically ’employed’, as W2 wage employees, by the corporate entity they own.
Most states’ Articles of Incorporation require that business assets be properly managed, maintained and seperated from personal assets in order to maintain the legal ‘corporate veil’ that shields business owners from the actions of the corporation.
The business entity should also own and control the cloud storage account. Many cloud service providers offer upgraded hosting accounts that comply with various data privacy standards used in different industries (HIPAA is not the only one!).
Often, the cost of these upgrades, on a monthly basis, is just a fraction of the value of acquiring a new customer through your video testimonials on social media.
Who is the Best Person to Collect a Client Video Testimonial?
70% of small businesses are run by the Owner/Operator. The ‘secret’ to successfully growing your business is delegating those tasks which some other member of your team can do at least 80% as well as you can do. This is the young lady making $15 per hour from the beginning of this blogpost.
Collecting client testimonial videos via a kiosk at the point-of-sale is a task that should be delegated. The logical next step is to help this young lady become as efficient as possible by using technology.
This was the example where her cost of labor to collect a video testimonial was about $4.20 while the app is free. The cost of labor is insignificant compared to the cost of a HIPAA breach at $50,000 per incident.
Invest in technology and train your office manager to ask happy clients for their testimonial. Even one testimonial for every ten ‘asks’ could result in a powerful new video every day – 20 per month on your business Facebook page or YouTube channel! THAT level of content creation is sure to dominate the local internet in your business category!
The WOW Promoter hosts ALL Videos on the AWS S3 HIPAA-compliant Servers
With the app-based video testimonial solution, all the videos are safely hosted in the Amazon S3 cloud. There is no risk of a lost cell phone or a lost tablet creating HIPAA liability with fines and penalties for Dr. Lopez’ office. Everybody can sleep better at night.
Even if your business is not a medical clinic, hosting your video in the cloud just makes sense. Why would you keep business assets on personal mobile devices? Why would you keep customer videos on employees’ mobile devices?
Of course you can can take a client testimonial video on your personal cell phone.
The proper question, for a small business owner, is…“Should you take a customer testimonial video on your personal cell phone?”
Full Disclosure: Our company creates and sells business software that runs on mobile tablets and phones. We promote certain BEST PRACTICES small businesses should use in collecting client testimonial videos.
The latest app upgrades of the WOW App uses the Amazon Web Services (AWS) S3 hosting protocol to ensure the cloud industry’s highest standard of patient data privacy and security for HIPAA compliance.
Hopefully, these questions and answers give you the full flavor of the potential and the challenges of client video testimonials for social media advertising.
Here is a summary of what we just covered:
- Do I need to comply with HIPAA Privacy and Security data standards?
- It depends on who you are. Whoever you are, you can be assured that no video is stored locally on WOW Promoter tablets – all video is hosted on HIPAA-compliant Amazon Web Services (AWS) upgraded cloud storage accounts.
2. Who owns the video testimonial on the app?
- You own the videos and you control them.
3. Who is the best person to collect a client video testimonial? This is the value of the free WOW Promoter app – you don’t need to pay an employee to do ANY of the following to collect a video:
- Don’t need to take the video
- Don’t need to upload the video
- Don’t need to post the video – all of this happens in the app automatically (once you set it up).
Also, the WOW app is HIPAA-compliant so ALL your information is safe in the cloud on AWS S3 servers, ALL the time.
The WOW app is FREE for you to use so download the app today!
Check out the Getting Started with the WOW Promoter app if you have an account and you need to know how to get started.
Get your 2-month FREE trial today by calling/WhatsApp or texting 1.941.623.6109 or emailing Info@WOWPromoter.com.