View All Blog Posts

Are Microsoft Ads (Bing Ads) HIPAA-Compliant?

As a healthcare marketing agency, we get a lot of questions about whether or not certain tools are HIPAA-compliant. That’s why we at Hedy & Hopp decided to create a blog series that specifically dives into common marketing tools and software in order to determine whether or not it poses a HIPAA concern.

Are Microsoft Ads Compliant?

What Are Microsoft Ads?

Similar to Google Ads, Microsoft Ads is a pay-per-click (PPC) advertising platform that allows businesses to reach their target audience on the web, on mobile devices, and in apps. Microsoft Ads offers a variety of ad formats, including text ads, display ads, and video ads.

Healthcare marketers can use Microsoft Ads to reach a variety of audiences, including:

  • Patients who are searching for information about specific health conditions
  • Doctors and other healthcare professionals who are looking for new products or services
  • Patients who are considering making a purchase or making an appointment

What Data Does Microsoft Ads Collect?

Microsoft Ads collects a variety of data about its users, including:

  • Device information: This includes your device’s IP address, operating system, and browser type.
  • Search history: This includes the keywords you’ve searched for and the websites you’ve visited.
  • Ad interactions: This includes whether you’ve clicked on an ad, how long you’ve viewed an ad, and whether you’ve taken any other action after seeing an ad.
  • Location data: This includes your approximate location based on your IP address.

Microsoft uses this data to serve ads that are relevant to your users, track the performance of ad campaigns, and improve its own ad platform’s performance.

You can see a full list of the data collected and accessed through the UET tag in their privacy section (“What data does UET collect once I install it on my website?), but that list will get longer with the new UET update set for June 29.


Additional Considerations

There are some tactics available in Microsoft Ads that aren’t unique to that platform but are never HIPAA-compliant. These include remarketing and lookalike audiences. Conversion pixels also may render your ads non-compliant, depending on their usage. It is also important to consider other tools that have access to your Microsoft Ads data, including optimization and data visualization software.

Is Microsoft Ads HIPAA-Compliant?

The updated guidance from the department of Health and Human Services, there isn’t a clear yes/no answer. However, knowing that Microsoft Ads will not sign a Business Associate Agreement (BAA) and doesn’t have the same kind of privacy configurations you can leverage in Google Ads platform, we think using Microsoft Ads, specifically placing their UET pixel on your website, does pose a risk.

As with anything HIPAA related, compliance tends to lie on a spectrum of your risk tolerance as well as the steps you take to mitigate as much risk as possible. It’s important to connect with your legal team to determine how best to move forward. Listen to our HIPAA & FTC 101 podcast for more information about changes for healthcare companies.

Not sure how to get started?

Hedy & Hopp has already engaged multiple healthcare clients to perform an audit and risk assessment that both marketing and legal teams can use to make the best decisions for their business. Give us a call – we’d love to help!



About the Author

The Hedy & Hopp digital production team is the glue that keeps all activation work running. From auditing websites and tagging, to content strategy and CRM implementation, our digital production unicorns ensure the tiniest detail is reviewed and accurate before it gets to our clients. Their determination in finding solutions for any challenge makes this team marketing happy.

More from this author
Next Blog Post

Healthcare Marketing From a CPG Veteran

Today Jenny welcomes her longtime friend and VP of Marketing at TCARE, Julia Pitlyk. They…