Grateful Patient Fundraising Programs, Success and Compliance go Hand in Hand

A grateful patient program, sometimes called “Grateful Giving,” is a fundraising initiative that healthcare institutions use to cultivate relationships with patients whose lives have been positively affected by their providers and services. These fundraising programs allow patients to express their gratitude while simultaneously helping institutions.

Like all fundraising, a grateful patient fundraising program requires the following:

  • building relationships;
  • understanding donor affinity;
  • engaging donors; 
  • understanding the donor’s philanthropic vision; and
  • presenting opportunities to support your organization that align with the donor’s vision.

Meeting all the demands of these fundraising programs requires data. With a grateful patient fundraising program, data is regulated by the Health Insurance Portability and Accountability Act (HIPAA) and must be handled carefully. Compliance and success go hand in hand when it comes to a grateful patient fundraising program. Here’s what to consider.

Understand How Patient Can Be Used

Because there are so many rules and regulations regarding patient data, you must have a secure system in place for managing donor data for your grateful patient fundraising program.


You’ll want to use that data to create robust profiles and identify your top prospects for stewardship. Above all, patient information must remain private, and there are limitations to the data that you can obtain and share.


Federal, state, and local laws govern patient privacy, and institution policies regarding handling patient information may vary. Once you’re abreast of all privacy policies, create a plan to protect the data of both patients and their families. Here are some guidelines to remember.


Able to use without patient authorization:

  • Name, address, phone number, age, gender
  • Dates of health care provided, department of service, and treating physician can also be utilized.

Able to use, but requires a patient’s explicit authorization:

  • Specific health information like diagnoses, test results, and medications.
  • Sharing a patient story is especially important to your grateful patient fundraising program. All identifiable information must be removed unless the patient explicitly gives permission when using patient stories for fundraising.

All tools and processes to support your grateful patient fundraising program must comply with HIPAA requirements and best practices. Make sure you use HIPAA-compliant software and invite your compliance team to weigh in right from the start. Don’t forget these guidelines for opt-outs and data security. 



  • Fundraising materials should allow patients to opt out of future communication at any time.
  • If a patient has opted out of fundraising communications, no information can be used to contact them. Their opt-out status must be honored.

Data Security

  • Reasonable safeguards must be in place to protect unauthorized use or disclosure of protected health information.
  • Limit access to patient-specific data; only allow access for those who need it for job duties.

Partner with Your Compliance Officer

Too often, those in Advancement skip partnering with their Compliance Officer because it feels like an uphill battle. Those in Advancement might feel like compliance will never understand fundraising. We highly recommend avoiding this mindset. 


Instead, educate your Compliance Officer about fundraising and how it furthers the institution’s mission. Simultaneously illustrate that your goal is patient privacy and the safeguards you have implemented. 


Here are some essential ways to partner with your Compliance Officer:

  • Develop policies and procedures for safeguarding patient information.
  • Training
  • Establish periodic check-ins to share the team’s success in using patient data.
  • Review how everyone has collaborated to respect the patient’s privacy and secure the information.

If there has been a misstep or misuse of patient data, come clean, review the facts, and discuss what adjustments will be made to prevent it in the future.

Beyond HIPAA Training

Ensuring a successful, grateful patient fundraising program goes beyond standard HIPAA training—partner with your Compliance Officer to develop training specifically for your fundraisers and support staff.


This gives your fundraisers the tools they need for their best work and equips them with the knowledge to remain compliant.


Topics for training that go beyond HIPAA may include:

  • Do’s and Don’ts: WHAT IS and WHAT IS NOT appropriate use of patient data for fundraising?
  • How to properly obtain patient consent: Fundraisers need to know when and how to obtain a patient’s consent before using their information for fundraising purposes. This includes getting written authorization to use Protected Health Information (PHI) when required.
  • Opt-outs: How to make sure you adhere to and respect the patient’s wishes.
  • Tips for using data securely and appropriately.
  • How and when to encrypt emails.
  • Guidance for storing and controlling access to documents with patient information.


Now that you’ve learned some compliance how-tos for your grateful patient fundraising program, it’s time to get out there and kickstart your work. Your institution and community will be better for it!