The Health Insurance Portability and Accountability Act (HIPAA) is a crucial piece of legislation that regulates the use and protection of patient healthcare information (PHI). In the digital age, HIPAA compliance is an ongoing challenge for digital marketers in the healthcare industry. Last fall, the U.S. Department of Health and Human Services released new guidance that significantly changed how digital analytics and products are defined in relation to PHI.

The new guidance states that capturing an IP address and viewing healthcare-related information online are now considered personally identifiable information (PII) and PHI, respectively. This means that digital marketers must treat these data points with the same level of security as a patient’s medical records.

This has created difficulties for healthcare digital marketers who rely on popular analytics tools like Google Analytics. Google explicitly states that customers must not expose any data that may be considered PHI through their analytics platform. As a result, many tracking and analytics platforms have had to shut down or limit their activities while they look for solutions that can meet their digital operational needs and comply with HIPAA regulations.

One potential solution offered by Google is their SaaS-hosted sGTM application, which anonymizes IP addresses and signs a Business Associate Agreement (BAA). However, this solution does not store an audit of the changes, which may not meet the needs of most marketers. Other options, such as “Data Clean Room” applications and Customer Data Platforms (CDPs), have also emerged.

CDPs offer the necessary functionalities to comply with HIPAA’s updated definitions of PHI, including IP address removal, audit and storage of changes, transfer to Google, and BAA signature. Additionally, CDPs provide identity resolution, auto-segmentation, and personalization features, making them an attractive choice for healthcare digital marketers.

Despite the resource-intensive implementation process and the associated costs, CDPs have become increasingly popular among healthcare digital marketers who need to achieve compliance with the new HIPAA guidance. These platforms offer a comprehensive solution that enables analytics and personalization programs within a legally secure framework.

The new HIPAA guidance may have initially disrupted the healthcare digital marketing landscape, but it has also pushed for positive change, prompting the adoption of more advanced and secure analytics solutions that benefit both patients and marketers alike.

Sources: HIPAA Journal, Health IT Security