View All Blog Posts

Is LinkedIn Advertising HIPAA-Compliant?

As a healthcare marketing agency, we get a lot of questions about whether or not certain tools are HIPAA-compliant. That’s why we at Hedy & Hopp decided to create a blog series that specifically dives into common marketing tools and software in order to determine whether or not it poses a HIPAA concern.


This week, we’re taking a closer look at LinkedIn.

What Is LinkedIn Advertising?

A healthcare marketer can leverage LinkedIn advertising in several ways to effectively reach their target audience and promote their healthcare products, services, or brand. Here are some strategies and tips:

Targeting Healthcare Professionals: LinkedIn allows precise targeting based on job titles, industries, and functions. Healthcare marketers can target specific healthcare professionals, such as doctors, nurses, pharmacists, administrators, and executives, based on their job titles or industry affiliations. This ensures that the ads are reaching the right audience.

Thought Leadership and Content Promotion: Healthcare marketers can use Sponsored Content and Sponsored InMail to share valuable content, such as articles, research papers, case studies, or educational materials related to their field. This positions the marketer as a thought leader and helps build credibility and trust with the audience. Promoting webinars, conferences, or speaking engagements can also be effective in establishing expertise.

Job Postings and Recruitment: Healthcare organizations often have specific talent acquisition needs. LinkedIn provides targeted options for promoting job openings and reaching qualified healthcare professionals who are actively seeking employment opportunities. Healthcare marketers can use Sponsored Job Ads to attract top talent to their organization.

Brand Awareness and Reputation Management: LinkedIn advertising can help healthcare marketers increase brand visibility and manage their online reputation. Display Ads and Dynamic Ads can be used to create visually appealing brand messages and reach a broad audience. Marketers can also target specific industries, organizations, or regions to raise awareness of their brand and build positive associations.

Industry Events and Conferences: Healthcare marketers can utilize LinkedIn advertising to promote industry events, conferences, or webinars. Sponsored Content, Sponsored InMail, and Display Ads can be used to drive registrations, highlight keynote speakers, and generate buzz around the event. Targeting options ensure that the ads reach professionals interested in the healthcare industry.

What Data Does LinkedIn Collect?

LinkedIn collects a variety of personal and technical data from its users, including:

  • Profile Data: LinkedIn collects information from user profiles, including job titles, industries, company affiliations, educational background, skills, and interests. This data is used to target ads to specific professional audiences based on their profile information.
  • Demographic Data: LinkedIn may collect demographic information such as age, gender, location, and language preferences. This data helps advertisers target specific demographics for their campaigns.
  • Engagement Data: LinkedIn tracks user engagement with ads, including impressions, clicks, likes, comments, and shares. This information helps advertisers assess the effectiveness and impact of their campaigns.
  • Website and Conversion Data: If advertisers use LinkedIn’s conversion tracking or retargeting features, LinkedIn collects data related to website visits, conversions, and actions taken by users on their website. This data helps measure the success of advertising campaigns in driving desired outcomes.
  • Ad Interaction Data: LinkedIn collects data on how users interact with ads, such as ad views, interactions, video views, and form fills. This information helps advertisers understand user behavior and optimize their ad creative and messaging.
  • Pixel Data: LinkedIn provides a tracking pixel called the Insight Tag that can be placed on advertiser websites. This pixel collects data on website visits, page views, and conversions, enabling better ad targeting and measurement.
  • Third-Party Data: LinkedIn may also use third-party data sources to supplement its own data and provide additional targeting capabilities. These sources may include data providers that offer insights on professional attributes, interests, or intent.

Remember – just because a targeting option is available does mean that you should use it. In fact, taking advantage of features that could make your campaigns more effective could be what compromises your HIPAA compliance. 

Is LinkedIn Advertising HIPAA-Compliant?

After the updated guidance from the Department of Health and Human Services was released, things haven’t exactly been black and white as far as whether or not this crosses a line, but from our perspective, it really depends on how you use the platform – specifically the Insight Tag. Conversion pixels can compromise HIPAA compliance in a few ways. 

  • First, they can collect PHI without the user’s knowledge or consent. This is because conversion pixels can track users across multiple websites, even if they are not logged in. 
  • Additionally, conversion pixels are often used to retarget users with display ads. This can be a serious violation, as it can expose sensitive content that individuals have been viewing about specific diseases, illnesses, or conditions.

While LinkedIn only keeps personal data collected from the Insight Tag for 180 days, there is a lot that can be done with this data in that time period. The HHS is also very specific that the sharing of, or even the ability to access any personal health information is a violation.

Pro Tip:

LinkedIn is somewhat unique in that healthcare marketers may be using the platform to reach a different audience than prospective patients. For example, if a healthcare marketer is using LinkedIn to reach HCPs (healthcare professionals) HIPAA may not even apply to those efforts.

That being said, there are also some tactics available in LinkedIn Advertising that aren’t unique to that platform but are never HIPAA-compliant, such as remarketing, lookalike audiences and uploading target lists. It is also important to consider other tools that have access to your LinkedIn data, including optimization and data visualization software.

Risk Mitigation

As with most advertising platforms, there are steps that can be taken to mitigate risk and to protect your users’ data as much as possible. Some good rules of thumb are to limit conversion pixels as much as possible, consider a server-side tagging strategy, and to ensure that you are not using predatory tactics to reach people with a specific condition or disease.

As with anything HIPAA-related, compliance tends to lie on a spectrum of your risk tolerance as well as the steps you take to mitigate as much risk as possible.  


Pro Tip:

It’s important to connect with your legal team to determine how best to move forward. Listen to our HIPAA & FTC 101 podcast for more information about changes for healthcare companies.

Not sure how to get started?

Hedy & Hopp has already engaged multiple healthcare clients to perform an audit and risk assessment that both marketing and legal teams can use to make the best decisions for their business. Give us a call – we’d love to help!



About the Author

The Hedy & Hopp digital production team is the glue that keeps all activation work running. From auditing websites and tagging, to content strategy and CRM implementation, our digital production unicorns ensure the tiniest detail is reviewed and accurate before it gets to our clients. Their determination in finding solutions for any challenge makes this team marketing happy.

More from this author
Next Blog Post

Is YouTube Advertising HIPAA-Compliant?