Cliniko and HubSpot Data Governance: Share Marketing Data, Keep PHI Protected

There is a version of this conversation that happens in every mental health practice that has ever considered adding a marketing tool. Marketing wants to send a quarterly check-in email and a birthday note. The clinical director, correctly, points out that the moment session notes, diagnoses, or treatment plans leave the clinical system, the practice has a far bigger problem than a quiet email list. The conversation usually ends with marketing being told “no” and the email list staying quiet.

Take an illustrative example: Wellspring Counseling Associates, a hypothetical telehealth-first practice with 12 licensed therapists and around 5,500 active clients. Marketing wants HubSpot. The clinical director is right to be cautious. The right answer is not “no.” It is “yes, and here is exactly what does and does not leave Cliniko.”

Why “share everything” is the wrong default

The convenience of a one-click “share all my data” setup is exactly what makes it dangerous for a counseling practice. Once session notes, diagnoses, treatment plans, or clinical narrative land in a marketing tool, three bad things happen at once. Your marketing team is now inside the scope of whatever clinical compliance posture the practice maintains, even if they never open a single record. A marketing tool’s user permissions, never designed to protect sensitive health information, quietly become your clinical access control. And any add-on the marketing team installs into HubSpot inherits reach into that data.

The right approach picks data item by item. Marketing sees what marketing needs. Clinicians keep everything else, in Cliniko, where it belongs.

The three buckets

Every piece of information in Cliniko falls into one of three buckets. Naming them out loud, before you turn anything on, is the work that prevents future problems:

• Marketing safe. Name, email, phone, address, marketing preferences, appointment date and time (not the detail of what kind of session), invoice totals (not line items). This is what flows to HubSpot.
• Operations safe. Appointment status (booked, arrived, no-show, cancelled), which clinic the client attends, the practitioner, care milestones, session limits. This can flow to HubSpot only where the practice has a clear operational reason for each item.
• Clinician only. Session notes, treatment goals, diagnoses, assessment scores, any clinical narrative, any free-text clinical field. This never leaves Cliniko.

The integration owner and the clinical director should agree which Cliniko detail sits in which bucket, in writing, before anything is switched on. The list belongs in a shared document the compliance officer can review each year.

How a careful setup works

CRMConnect Cliniko to HubSpot is built to share data item by item, not all or nothing. Client contact details, appointment status, invoice totals, and communication preferences can each be shared independently. Care-plan structure (milestones, session limits, status) can be shared without ever exposing the notes behind it. Nothing from Cliniko’s clinical notes is ever part of what is shared. Marketing preferences and consent flow one direction only, from Cliniko into HubSpot, so the clinical system always remains the single source of truth.

Here is how to set it up:

Write the data map first. List every Cliniko detail you plan to share, tag each with its bucket, and have the clinical director and compliance officer sign off. Clinician-only items are simply never part of the setup.

Share marketing-safe contact details only. Confirm no clinical detail appears anywhere in the map.

Share appointment status, not appointment content. If the appointment type itself reveals something clinical (for example, “trauma intake assessment”), either keep it out or replace it with a plain operational label before it reaches HubSpot.

Share invoice totals, not line items. Invoice number, date, total, and status are fine. Line items that reveal the type of service are not.

Keep consent flowing one way. If a client withdraws marketing consent in Cliniko, that must reach HubSpot. A preference changed in HubSpot must never flow back into Cliniko.

Set HubSpot access to match. Marketing staff should not see operational details they do not need, and operational staff should not see marketing campaign content they have no reason to access.

A working example

A safe automation in this setup: a quarterly “we are here when you need us” email to clients who consented to marketing and have no appointment booked in the next 30 days. The automation can see that there is no appointment booked. It cannot see the clinical reason there is no appointment. It does not need to.

An unsafe automation, by contrast: a “we noticed you missed your last appointment” email triggered by a no-show. In a counseling context that may be inappropriate to send through marketing infrastructure at all. The clinical team should own that touchpoint directly in Cliniko, using clinical judgment about whether and how to follow up. The integration can surface the signal, but your practice policy should decide what becomes an automated email and what stays a clinician-led conversation.

What you get from this

A counseling practice following this pattern typically gets the marketing benefit they wanted, a modest but real 5 to 8 percent lift in clients re-engaging when they lapse, without the compliance exposure they were rightly worried about. The clinical director can describe in one paragraph exactly what crosses the line and what does not. The compliance officer has a data map they can review in 20 minutes a quarter rather than an opaque setup they have to pick apart detail by detail.

The quarterly governance review

Put the calendar invite in now. Once a quarter, the integration owner, the clinical director, and the compliance officer review:

• The current data map and any additions since last time.
• HubSpot access changes, any new roles or permission changes.
• Any new HubSpot add-ons the marketing team installed, since these inherit reach into the shared data.
• A sample of shared records to confirm no clinical content has accidentally crossed the line.

Twenty minutes once a quarter. The alternative is a much longer conversation with a regulator.

Why this matters for your practice

The fear behind “no marketing tool” is real, and it is correct when the only option is sharing everything. It stops being a fear when you can choose, in writing and reviewed every quarter, exactly which client details marketing sees and which clinical records never move. Your therapists keep what is theirs. Your marketing team gets a list they can responsibly use. Your compliance officer gets something short and clear to sign off on.

Want to see CRMConnect Cliniko to HubSpot in action? View the API App page.