Connect with Us

On this episode, Jenny is again joined by Shelby Auer, Account Manager at Hedy & Hopp as they bring even more insights from their time at SHSMD 2023.  Today she and Shelby discuss the evolving landscape of healthcare marketing regulations, pointing out changes in marketing practices driven by HIPAA, FTC, and state laws. Jenny highlights the importance of understanding GDPR, even for U.S.-based businesses, as opt-in policies and the “right to be forgotten” become more relevant. They also break down the growing complexity of state laws and emphasizes the need for collaboration between marketing, legal, and compliance teams to navigate these challenges.

Connect with Jenny:

Connect with Shelby:

Interested in working with Hedy & Hopp on a privacy compliance program?

Book time with Jenny today:

Jenny: [00:00:00] Hi, friends. Welcome to today’s episode of We Are Marketing Happy, a Healthcare Marketing Podcast. My name is Jenny Bristow. I’m the CEO and founder at Hedy and Hopp, a healthcare marketing agency. I am so excited to be here today. We just got back from SHSMD. I’m joined with Shelby Auer on my team, and we presented on, um, HIPAA, FTC, and state laws.

So, as most of y’all know, or you should know, the rug was basically pulled out from all of us. Um, a year ago today at SHSMD, there were many events talking about best practices for marketing technologies and your tech stack. All of those recommendations are now wrong. So I have a whole other episode that we’ll link to in the show notes that’s a 101 on HIPAA and FTC, but a lot of the questions I received were specifically related to GDPR and state laws.

So we wanted to talk a little bit about that first, and then [00:01:00] Shelby and I are going to dig into some of the feedback we received, because one of the cool things is we, as a result of being the first session on the one of the first sessions on the first day, is we ended up having dozens of folks coming and chatting with us about their individual team’s response, their legal team’s perspective, etc.

So we’re excited to share some of that. So first of all, I want to talk a little bit about GDPR and state laws. So first GDPR, most folks that are within the United States are probably thinking, Oh, I don’t need to worry about GDPR. We don’t sell to or do business with anyone in Europe. Well, maybe not. But here’s 2 key things about GDPR you need to know exist.

GDPR has 2 things that are very different from the way we operate within the United States. The first one is they are opt in versus opt out, which means, you know, how on your website, the cookie preferences loads, um, and you hit accept, um, you actually, if you hit do not accept, um, [00:02:00] or no, well, you have to hit, yes, give it to me, give the cookie me in Europe.

Whereas in the United States, you have to say, no, please do not put cookies on my computer and track me. And so it’s just a completely different perspective. And they’re tracking, um, percentages that are way, way smaller in Europe because most folks do not choose to opt in, whereas in the United States, most folks stay opted in and they don’t choose to opt out.

So that’s the first one. The second one is right to be forgotten. So pause for a minute and think about your marketing tech stack and think about if Jenny from St. Louis called you and said, Hey, I would like for you to delete me from all of your databases. Do you have any idea how you would actually do that?

That thought alone probably scares you, as it should, but again, that exists in GDPR and the United States, we mostly don’t have that. But there are four state laws that are currently online, California, Virginia, Colorado, and Connecticut, and California [00:03:00] is likely soon going to require data brokers to allow consumers to submit a right to be forgotten request.

So this is creeping into the United States. So it’s important to know how GDPR functions because we’re starting to see it show up in many other states. Um, we’re not going to go through all of the different state regulations because they are really intense. We actually have a couple of summary slides that I do in actual presentations just to give you a high level like cliff notes version, but your attorneys absolutely need to look at each state law and figure out how you need to comply.

Um, the other one that is really crazy is in Florida. Um, there are regulations around, um, having data stored outside of the country. So for example, if you use an offshoring company, uh, finding out where your servers are actually physically located, there are some repercussions related to anything [00:04:00] actually physically, um, or digitally outside of the United States.

Utah, Iowa, Indiana, Montana, and Tennessee are two that are scheduled to come online in the next about 12 to 18 months. And there are many, many more states that are scheduled to come online shortly after or are currently in legislative conversations and review.

So even if you’re a covered entity and you are, uh, complying with all things HIPAA, there’s still likely maybe some things that you need to think about at the state law level. And if you are not a covered entity, and you’re really just thinking about FTC, you also need to be thinking about state laws.

Washington, for example, has a regulation that says if you are a covered entity and you’re treating data like PHI, then that law does not apply to you, the regulations do not apply. But if you are not a covered entity and you are or are not treating data like PHI, it does apply to you. So for example, there are a [00:05:00] lot of what we call healthcare adjacent organizations that think they don’t have to really be thinking about this, or if they treat their data like PHI, they don’t have to worry about state law.

And again, that just isn’t true. These things are changing rapidly. Shelby, what are your thoughts on state laws? You’re working with a few different client projects right now from an audit and recommendations perspective and state laws get pretty hairy, right? 

Shelby: Yes. Oh my goodness. All and figuring out how to approach the state laws because there’s a lot of conversation of, oh, is California the most strict?

Well, if we’re okay in California, are we okay in all of these other states? And it’s so, so important. I heard multiple people when we were at SHSMD say this, but to become BFFs with legal and privacy, legal and compliance. That is so true. So, so true. As much as it can be a little bit of a battle, making sure that there’s open lines of communication, that your [00:06:00] digital team is comfortable helping legal and privacy, understand the technicalities behind the changes in these laws and vice versa. Because that’s, that’s a lot of what I’ve, I’ve been working with clients is making sure that all of these different groups are talking to each other and help each other speak the same language because all of these state laws coming on are so hairy.

There is not a stop in sight. It’s just continuing to come down the pipeline with more and more states or additions to current state laws that are out there. So that’s, that’s really the biggest thing that that I’ve been working through lately and just making sure that everyone’s talking to each other and on the same page.

Jenny: Absolutely. Uh, the audit process that we talk about, not only in that first episode that again, we’ll link to in the show notes, but also that I presented at SHSMD is really doing that due diligence to show your legal and compliance teams that, Hey, I’m taking this seriously too. I am not putting my head, you know, down and trying to [00:07:00] ignore that all of this is happening.

We’re doing the work right now. I want to do the work alongside you, um, on the same side of the table, not opposite sides of the table. We both want the same thing for the benefit of our customers and patients 100%. 

Shelby: And I think one of the things Jenny said, you said in your presentation that I think was really important for a lot of people to hear is right, this isn’t just your marketing, advertising and analytics platforms, but there are so many other things on your tech stack that are in the code of your site that are collecting things like IP address that so many people, you just don’t, you don’t even think about it. Right. And we didn’t have to up until late last year.

And so I think, yeah, that audit process is so incredibly important to have one place where, you know, exactly everything that is touching your site and what information it has access to. 

Jenny: And not just your site, your entire digital footprint, right? Like there were some audible gasps in the room when I walked through some [00:08:00] examples of things our team has found during audits.

For example, I’ll just name a couple of them just to kind of help you help our listeners think about the broadness of this audit and the level of patient care that we need to have from a data angle. So one, for example is we have found on one site we audited that when forms were filled out on the website, that then field variables were then put up into the URL parameters.

So that means then things like Google or any other tool or software on the website are then indexing those URLs and all of that information, the person’s name, email address, whatever information they put in about the, um, you know, state of health, their health or any questions they entered is all now available free on the internet for all these tools to scrape.

Um, another thing is a lot of video players that are embedded on websites are actually behind the scenes pulling in IP and device ID information, which as [00:09:00] we all know now is no longer allowed. And then other examples are things like your call tracking tools or your advertising platforms.

Oftentimes we already know pixels can’t be on the site, right? We talked about that a lot. But what about the data that’s being in those platforms as far as, for example, call tracking tools has the phone number and then they have the recording of the call of them calling to make an appointment.

Advertising platforms, maybe, um, you’re maybe somebody in the past uploaded a patient, uh, list and they have lookalike audiences that they have built based off of that. There are all these different ways that you may inadvertently have been sharing this patient information. Audits need to be way more comprehensive than simply looking at your analytics setup.

So let’s dig in and talk a little bit about things that we heard folks doing. So we literally had a line at our booth almost the entire time, which was awesome to see, right? Like we love those conversations. And it [00:10:00] also is kind of disheartening sometimes because the number of people that came up to me and said, Oh, we thought we had it figured out, but everything you talked about just made me realize all of these other things that I need to look at now.

Um, and I, I hate that I started their conference in that way, but what are some of the things that you heard? How are folks approaching this? 

Shelby: Oh, yes it’s, it’s interesting because there are definitely some folks that said, Oh, we took off everything. We went cold turkey and we are in this, you know, sixty to eighty day range of not really having much to be able to look at in regards to what we’re tracking until we get something else in place.

Uh, but again, this, I, I talked to individuals who, who were super on the defensive, right? Took everything off their site and yet there’s still issues popping up. They thought they had gotten everything and then they’re, oh, oh, yep, we got a video embedded on the site. [00:11:00] And I didn’t realize that that’s an issue, right?

So it’s, it’s, it’s been interesting to hear from the folks who, who were taking that stance that, yes, there are these things that are hidden that are hard to find, it’s not as easy as just, Oh, here are the 10, uh, platforms that we utilize in our week to week and, oh, we’re taking those off and we’re good.

So a lot, heard a lot of that out there. 

Jenny: Totally agree. Some of the things that I heard is there were a variety of, um, orgs that came up to us that were in the middle of an implementation of either a CDP or a completely new analytics platform. And a large percentage of them actually had paused the work before coming to the conference in order to learn more about best practices and what other systems are doing before fully implementing them.

So those were some good conversations. We were able to share some insights about the tools they were looking to partner with some watchouts, um, and just some best practices about, which I think was really helpful. Um, other [00:12:00] things is, um, some folks did not realize that sometimes forms are actually implemented by third parties.

They just assumed it was part of the website database. So a lot of folks are going home, checking on that. Um, we have a lot of folks that are, um, going and checking on their advertising platforms. What else Shelby?

Shelby: There was, I will remember that, like, this was such a vivid memory, uh, in one of the sessions, someone asked such a great question about the video tools, right?

And they had said, you know, say we have a video on a page talking about West Nile Virus and tips and tricks when you’re dealing with somewhere where there’s going to be a lot of mosquitoes. What should you keep in mind? Right? So it’s, it’s more of a news story. It’s more of a tool. It’s not exactly a specific health condition.

And they’re like, [00:13:00] what do we, you know, is that worrisome? Should we not be, you know, utilizing those web posting services or having that type of video or any sort of tracking? And again, it was a panel discussion and everyone’s like, okay, you know, this is a gray area, right? You need to be talking to your legal and compliance, but at the end of the day, they could be researching, maybe they think they have West Nile.

Maybe they’re going to go talk to their PCP about some symptoms that they’re having. And so that’s how they got there. That really, the safest route is to make sure that you’re not utilizing any tools that’s going to be pulling in that patient information about what the content of the video is, even if it’s something that might even seem like, well, this is just educating the community.

This isn’t a specific health condition, which I thought was really important to think about. 

Jenny: I agree. Um, a couple of examples we gave are, um, you know, if you’re a cancer center or if you’re [00:14:00] a, uh, breast health center or, um, whatever, if, if you’re not a large system where from your homepage, you’re listing out 12 different service lines our POV, again this is gray. Your own attorney needs to make this call. That our POV is you need to treat the entire website with care. You need to make sure that you’re not collecting IP addresses anywhere. Um, so some organizations had been thinking about only removing pixels from symptom specific or a super care specific pages kind of taking that bulletin verbatim.

But our POV is if you’re doing that, why not just fully protect that patient’s data throughout the entire journey, right? If anything, I think it’s easier from a tech stack perspective to treat all of it with the care and consideration that it needs. So, again, that’s something that they have to chat about with their internal legal and compliance teams, but definitely good food for thought. 

So awesome. Well, thank you, Shelby, for tuning [00:15:00] in and for all of our listeners. I really hope that the GDPR and state law level information is helpful and guiding you and helping you understand the different questions you should be bringing to your legal and compliance teams again.

Cause if you’re on the same side of the table as them and you’re working together to make sure that patient information is safe and secure, it is such an easier conversation than if you dig your heels in and try to protect what you’re comfortable with. So thanks for tuning in. As always, Hedy and Hopp is here to answer any burning questions you may have.

Reach out to us. Otherwise, we’ll see you on a future episode of We Are Marketing Happy.

Fresh off the road from this year’s SHSMD Conference, Jenny and Shelby Auer, Account Manager at Hedy and Hopp, share their highlights from the conference in Chicago. They discuss various sessions and speakers, including insights on rural healthcare, brand management, internal communications, data-driven decision-making, and improving the patient experience. They also speak about the importance of learning and sharing experiences within the healthcare marketing industry to make a positive impact. (Check out the show notes on YouTube for links to our favorite speakers.)

Connect with Jenny:

Connect with Shelby:

Interested in working with Hedy & Hopp on a healthcare marketing program?

Book time with Jenny today.

Jenny: [00:00:00] Hi, friends. Welcome to today’s episode of We Are Marketing Happy, A Healthcare Marketing Podcast. My name is Jenny Bristow. I am the CEO and founder at Hedy and Hopp, a healthcare marketing agency. And I am joined today with an account manager from Hedy and Hopp, Shelby. Auer. So, Shelby and I just got back from SHSMD ‘23 in Chicago.

We had an amazing time and we wanted to do just a quick little recap for any folks that weren’t able to attend or even those who did attend but weren’t able to attend all of the different speaks, uh, talks, speakers. So, what we’re going to be doing is we’re just going to highlight a couple of things that really stood out to us as far as events.

We’re going to link to all of the speakers in the show notes, to their LinkedIn. And we’re going to tag them on LinkedIn. If you have any questions about the presentations, I’m sure they would love to talk to you about it. Everybody was so amazing at the event. So, Shelby, first of all, high [00:01:00] level, tell me about SHSMD.

This was your first ever SHSMD. So tell me a little bit about your, just some big key takeaways. 

Shelby: Yes. Oh my goodness. It was so wonderful getting to meet and connect with such wonderful people. Everyone. I mean, Brad, or Bread, as I should call him, who kicked us all off with such a great, uh, keynote, really nailed, nailed it on the head in regard to how wonderful and weird in the best way possible the group at SHSMD is.

And so, it was so wonderful getting to connect with everyone and knowing that a lot of the HIPAA conversations that we’ve been having as an agency is really top of mind across the industry, so it was so wonderful getting to connect with so many people who really just want to protect their patients and figure out what the heck they need to do with everything that’s going on.

And so, it was wonderful getting to brainstorm and talk to such wonderful people.

Jenny: That’s awesome. I completely agree with you, just, healthcare people are the best people. So, let’s jump in and talk a little bit about some of our favorite sessions. So, I will jump in and go first. So, there was a, um, a topic specifically about rural health that I absolutely loved.

So, I grew up in a super rural town, um, there were 11 kids in my class from grades K through 8. So, super, super small. So, I was really interested in attending this one to be able to hear more from different POVs about how folks are actually approaching those communications, understanding what research methodology they’re using to understand their access to, um, internet, um, likelihood to schedule annual exams, those kinds of things.

The speaker was Pauline Hoffman. She was absolutely phenomenal, great speaker. Um, but there was a couple of things that she mentioned. One thing she mentioned, the phrase social listening, but she used it in a different [00:03:00] terminology, which I actually really, really appreciated. She used social listening by actually like using your ears, right?

Not using tools and software, but actually like when you’re sitting in like a PTO event or you’re sitting in a restaurant in your small town, actually listening to hear what people are saying about the physicians and the facilities because in small towns, a lot of folks are going to be talking just through word of mouth versus using digital platforms like you may see in more urban areas.

And then some of the other things that she actually talked about is, um, getting information, um, about your services to first responders, because they’re some of the people that are most trusted in your community and have the ability to share information about access to care.

And then the third thing is, she talked a lot about fighting disinformation. Um, and not only about, um, you know, your physician. and facilities, but also just about the world and care that we want to and [00:04:00] need to offer to help make our communities a healthier and safer place. Um, and she had some really interesting perspectives talking about how PR is generally not as understood and they think it’s more of a spin position versus trying to share her phrase was truth and trust, um, which I thought was really great.

So that one for me really hit home.

Shelby: Love that. Well, and speaking of PR, one of the last sessions that I got to sit on was with Karen Brodbeck who works with OSF Healthcare. So, based out of Peoria, Illinois, so a lovely Midwest sister over there. And, she talked a lot about their brand management and how they’ve really built a national brand, though they are pretty small and focused in the Midwest space, and it was really, really interesting. She told a wonderful story about how she was at Girl Scouts as a kid and was always told, if you don’t [00:05:00] ask, the answer is no. And so how she’s kind of taken that as a mantra in the work that she’s doing, and she’s constantly reaching out and applying for different awards or speaking opportunities for individuals in the system.

And, specifically, I loved some examples of the great stories that they’ve gotten out about their health care system and I think we saw it all over this conference about not only just consumer focused work, but also stories and how important that is, how stories and data need to co-mingle and work together.

Um, but they had a story that ended up in People Magazine, got picked up in People Magazine about a nurse that cared for a sweet, sweet little baby and ended up adopting, um, this little boy. And how one of their workers on their [00:06:00] government team ended up talking to his daughter about everything that was going on in Ukraine, and they ended up sending over an ambulance filled with a bunch of stuff to Ukraine.

He ended up going and just such, such amazing stories that they have such a good. system of collecting those stories. And that was a lot of what she talked about is how they’ve really built up a space where across all their health systems, they’re sharing those stories because it can be hard to do that when you’re spread across different areas.

And so that one was a really, really great one to get some practical information, but also to get to really celebrate her and her team and how far they’ve come. 

Jenny: I love that. Lehigh Valley out of Pennsylvania, they were actually the last session on the last day, but Pamela and Kirsten came in with such amazing high energy.

It was so fun to watch them. They did something really similar, but it was specifically focused on internal comms. So, how do you better communicate,  [00:07:00] um, especially, you know, to those frontline people, thinking like nurses, they’re so busy. They’re not going to have time to go log into an intranet. So they, in 2019, they actually launched, um, something, um, they use Sprout, uh, and it’s an employee advocacy tool within Sprout.

So that’s the backend of the system. But it basically is a social media platform for within their internal organization. So they can do everything from talk about new services, they can, uh, feature and highlight employees or amazing cases and outcomes. But the cool thing is they came up with a colleague ambassador program where they actually recruited about 30 highly influential folks across the organization and gave them access to the platform ahead of everyone else, gave them branded swag, all of this fun stuff.

Um, and then that helped really spread usage of this platform. And they said at this point, 88 percent [00:08:00] of their team downloads the app and uses it on a regular basis. One of their biggest spikes in usage is at 3 a. m. in the morning, which you know, is nurses, right? Working shifts. And that was the most difficult group to access before.

And the cool thing is they actually have it, it’s so well loved within their organization that they actually have people submitting and, um, putting content out and engaging with other people’s content all of the time. And they, they shared so many metrics about the number of posts and engagement that they receive on those posts.

It blows away anything else that I’ve seen as far as internal comms and the, the pride that they’ve built up within their internal organization. I mean, they had this tool, you know, during COVID, they used it to be able to make sure that all the communication was clear, it was just, they had the hashtag LVHN proud, and I was so proud for them just sitting there listening to all of their wins, because that’s a huge accomplishment.

Shelby: Love that. And it reminds me of, uh, one of the sessions that I sat in on again, kind of [00:09:00] talking about internal comms, but focused a little bit on when that’s not so easy and when it is really, really hard. And shout out to Jeff Stewart, uh, on the CHRISTUS Health team, because he did such a wonderful job being incredibly vulnerable, sharing very, very, uh, in depth and specific quotes that he received from executive leadership that were really, really difficult to receive when you’re going through a complete website architecture redo.

And some of the biggest takeaways from that discussion were, what do you do when you get that negative feedback, right? So he was really, really struggling with the physicians in their group because they basically had a website where there was so much competing information, the same information on multiple pages across so many different of their specific [00:10:00] health clinics.

And, the session I loved, it was called, Can We Just Put The Old One Back? Because four months after the launch of the new site, after they had data to show how consumers were able to more easily find and set schedule appointments, that was an exact quote that he got via email from someone that was, “You just got the old site and you just put it back up.”

Jenny: And I get that, right? Like these people are so busy. They don’t have time to learn a new site architecture. So that probably was really difficult for him to hear, even though he knew it was doing better.

Shelby: A hundred percent. And I love the way he gave some really practical experience on how do you deal with getting that kind of feedback and showing up with empathy first and understanding where they’re coming from and not going to defensive mode, you know, trying to protect your team has been working so hard on this, [00:11:00] but really trying to understand where they’re coming from and help them really take the data showing, Hey, consumers are utilizing this, but sometimes the data is not everything.

And so one of the biggest takeaways was also pulling in those stories. Here are individuals that haven’t received care in years and now they have a primary care physician. Like, those are the things to celebrate. 

Jenny: Yeah. It’s absolutely amazing.

Shelby: Yeah. When those physicians voices, and that this was a big takeaway, when those voices are sometimes the largest voice in the room, everyone can agree that the patient’s voice is louder. And so, just figuring out ways to communicate that across your organization and to really help everyone move toward the same goal. It was really inspiring.

Jenny: I love that. So, um, Arkansas Children’s, they did an amazing presentation talking also about the power of using data for internal buy-in. And, um, you know, all organizations, many organizations, have this intrinsic belief that like, [00:12:00] we’re the best, especially if they’re in a space where there aren’t many competitors and they’re really one of the only large providers within your state or your region.

Um, and so what this group did, um, is they actually began using some, um, third party data to pull in to understand not only where the gaps in care are, so where, where are we within the state where there are large groups of pediatric populations where we perhaps don’t have an outpatient center location, or people have to drive more than three hours to be able to access care. And then they also use that data to be able to look at things like birth defects within certain counties of the state to understand what may be coming up as far as specialized services that they perhaps don’t offer right now, or they aren’t offering statewide in a way that can really service their growing population. 

And it was really powerful because so many times we talk about data and dashboards and so many times it’s just focused on your own data and the power they had at pulling, um, mostly [00:13:00] free third party data that’s available through your state and county and some meaningful story that then can allow you to be much more comprehensive with your strategic planning was super just impressive for me.

It’s something that so many groups we work with want to get to, and it’s like part of the continuum, and it’s certainly a worthy goal. So kudos, Arkansas Children’s. So I love it.

And then I think, um, one of the other ones that I really loved was, um, Advocate Health. Kelly, Joe and Jamie. Their energy, it was so much fun watching them. So they were talking about, um, being consumer first, which all of us want our organizations to be. Um, but they were talking a little bit about, um, things like, how do you actually measure that?

Right, like, how do you, how do you talk about progress of becoming a consumer first [00:14:00] organization or improving patients access to care? Like what metrics are the metrics that matter? And one of the things that stuck out to me is they actually have developed this internal metric called ease of use. And that’s something that they use to be able to understand how things are progressing within their own org.

And so again, it’s like, um, it’s a made up metric, but it’s one they’ve all agreed upon as something that’s important and valuable to measuring progress. And I think that was a really good reminder that, um, you don’t necessarily have to use these industry standard, um, you know, statistical analysis or processes or formulas within your own organization.

You can decide, what is the metric we want to use to understand if we won or not? And that’s enough, right? Like that’s enough, that aligns all of your team as far as where that, um, you know, finish mark is. So it was really cool to watch them. One other, I want to call out Mary Cronin from St. Luke’s did such a phenomenal job.

She was on a panel of two other people, there are three people total within St. Luke’s. Um, and [00:15:00] they were, um, talking about strategic and design thinking within an organization, but one phrase that she said, um, that really stuck with me and I wrote it down verbatim is, “A way to be able to get organizational buy in is really thinking about that influence on the front end and the empowerment on the back end.”

So, as a strategist, it isn’t really our job to execute the concepts, but really is our job to be able to influence and then empower. So it was a really great takeaway. 

Shelby: Oh, love that. And one of the, one of the sessions that I sat in on with Joel and Beth from Columbus Regional Health in Indiana, again, another Midwest friend, but, they talked a lot about this WellConnect system that they developed over the past 10 years.

And I love one of the things that they talked about as kind of a key takeaway was to be a gap filler. That [00:16:00] every system, like, there’s going to be gaps. They have a very diverse population and who’s going to do it if not you to help? And they really, really showed this sense of accountability for the community that they serve, which was incredibly inspiring, reminded me of what Brad said in the keynote about why do you love what you do and how powerful that question is, and it’s really, really neat to see that they have this free offering to their community where you can call a connection specialist and they’re going to help connect you to a PCP.

They’ll help talk you through your insurance if you’ve got questions or concerns and even connect you with other community organizations that can help support you. So if your insurance isn’t covered, oh well we know of this non for profit that will be able to help you. And it was just really really neat to see how they really took this idea that started with, okay, we [00:17:00] need a building downtown that can serve the community and how that just has spiraled over 10 years.

And now, they have all of these connection specialists and they’re looking to grow the team super soon. So kudos to them and all the wonderful work that they’re doing in their community. 

Jenny: That is awesome. Um, a session that really reminds me of that is KC Children’s Mercy. They were talking about, um, how to be able to positively impact the patient experience.

So first, how do you decide what patient experience you want to improve? So they made this beautiful, super simple chart with four quadrants and, um, the variables about the quadrants is urgency versus frequency. So, they then mapped all of their different service lines within that chart to be able to figure out, you know, how to make the biggest impact.

And they decided they were going to focus first on, um, patients, pediatric patients that had multiple visits within one day. So it can be super overwhelming for the parent and for the child when they go and they have like five appointments stacked. [00:18:00] And so they began working with client services and a bunch of other groups within the organization.

And they manually executed their ideas to see if it made a difference before actually rolling it out. So my favorite example, and this is near and dear to my heart because so many of the children in my family have had long-term care issues in pediatric hospitals. Um, they began mailing these welcome packets or, um, um, anticipation packets like a week before the day where everything was stacked.

And it not only had a nice letter to the parent saying, here’s the name of your, um, care, what word did they use, it was like a care manager or your friend at the facility that will be waiting for you when you arrive and they’re there to answer questions all day. They would try to pull food vouchers if they were there all day and they met certain income requirements.

They had that information in their database. But then they actually would print out a schedule of the day with all of the appointments. And then they would provide [00:19:00] stickers for the kids to be able to put on the different events to be able to mark the completion of it. And they literally printed these out and mailed them for a period of time manually before they rolled it out formally to see if it works.

So I really like that scrappy initiative of saying like, hey y’all, we think this is going to make a big difference, but before we put tons of resources into it, let’s test and iterate and then we can roll it out. So it was a really great way to think about a physical experience improvement, um, in a, you know, test and iterate formula, because often we just think about doing that in the digital world, but it can still be done in the physical world as well.

So, I love it. So, uh, this was Hedy and Hopp’s second year, um, being at SHSMD. Uh, this year I did a presentation on HIPAA, FTC, and state laws. Super well received, standing room only, had so many good conversations afterwards. Um, but we will definitely be there next year. Next year is going to be in [00:20:00] Denver.

So if you have any questions about any of the sessions that we talked about, please reach out to the folks that we’re linking to in the show notes and tagging on LinkedIn, because the presentations were all just phenomenal this year. And I really look forward to next year to continue learning and meeting more peers.

So, thanks for tuning in. We’ll talk to you soon.

Shelby: Thanks so much.

On today’s episode, Jenny welcomes Ben Camp, CEO, and co-founder of RehabPath, a platform focused on improving the patient, caregiver, and family member experience in addiction treatment. Ben discusses the origins of RehabPath, which began in 2017, stemming from his prior work in marketing for addiction treatment centers and tech startups.

Ben emphasizes the importance of the user and patient experience and the challenges people face when seeking addiction treatment information online.

Learn More About RehabPath:

Connect with Ben:

Interested in working with Hedy & Hopp on a healthcare marketing program?

Book time with Jenny today.

Connect with Jenny:

Explore what Hedy and Hopp can do for your healthcare marketing program.

Jenny: [00:00:00] Hi, friends. Welcome to today’s episode of We Are, Marketing Happy – A Healthcare Marketing Podcast. My name is Jenny Bristow. I am the CEO of Hedy & Hopp, a healthcare marketing agency. And I am so excited today to be chatting with Ben Camp. He is the CEO and one of the co-founders at RehabPath. Welcome, Ben. 

Ben: Thanks, Jenny. Great to be here. 

Jenny: So, we met a while ago, but I went up to your office and chatted with your organization about a month or so ago when you were having your organizational all-hands and we’re doing some in person training for your team. And, I was really blown away by your focus on patient, caregiver, and family member experience.

So I would love for us just to back up a little bit and have you share with our audience your concept for RehabPath. Why you decided to create it and kind [00:01:00] of how you’re always thinking about that experience throughout the process. 

Ben: Sure. Okay. Thanks. I appreciate the kind words. We really enjoyed your talk.

I think people were inspired by your take on marketing as well. So, we started the company RehabPath in 2017. But before then, my co-founder, Jeremiah and I, and some of the other founding team members, have worked at a marketing agency that specialized in a few different segments.

So, I’ll kind of talk about two. One big segment was addiction treatment. So, we worked with treatment centers and helped them do their marketing and really learned a lot about that patient journey, how complicated it was, how difficult it was for these providers to both run a successful program and also keep the beds full.

And so, we were able to work on some really good strategies for that with them. And then on the other hand, we worked with a lot of startups just in the, just like tech startups. So it’s not, we weren’t [00:02:00] as focused as you on completely healthcare. But I think that there were some benefits to that.

So we were working on the, kind of on the healthcare side, but also, yeah, on the tech startup side, and one of our big clients was a company called and they did, they had a product. They still do. They’re now publicly traded, but they were super small back then. And they developed this concept for remote usability testing where you could at any moment, as a, marketing, a lot of marketing people use it. All sorts of people would use it. But at any moment, you could just order a test from their panel. And their panel was just regular people that would get paid. I think at the time it was, like, ten a test and it would go to, they would get an order for a test to be run and you would just have them walk through something that you are building or a website that you had and get feedback from them.

And we just learned how important it was to, yeah, get that user feedback as we’re building things, whether it was for our clients, or as we started [00:03:00] developing these, this concept of RehabPath before we officially launched it. So anyways, we just from the outset have had a real focus on putting user and patient experience first. And as we looked at the addiction treatment space, we saw that most people, when they have an addiction or mental health problem, they turn to the Internet first over family, friends, medical professionals and the websites that they were finding either were very hard and clunky to navigate and find help.

Kind of on even the sites that had really good intentions. And then there are a lot of websites out there that had really bad intentions and were using dark UX patterns to trick people into calling a hotline and trying to redirect them to a treatment center that is basically paying for those calls or paying for the website.

So, we build websites that truly are an independent resource. And put that patient experience first for when people are looking for treatment. We have websites that help them [00:04:00] navigate this really complicated process of finding a treatment center. And, that’s been something that we’ve been working on now for since 2017.

Like I said, we’ve got a pretty large team now and have made a lot of progress and have thousands of treatment providers on our website that people are able to find each day. 

Jenny: I love it. I am just proud of you for the work that you’ve done. It’s really great to think about how many lives you’re positively impacting.

But, I’d love for you to talk a little bit about when you think about this space in particular, how are you and your team understanding what information should be highlighted within all of these facility profiles? And then how are you understanding how to best serve the patient or the family member that’s searching?

Ben: Yeah. Great questions. And I think, I mean, the lives being impacted is, like, why we, I think, both really enjoy doing marketing in this space is we know that. We’re not just selling. I mean, I love marketing any [00:05:00] type of product that I believe in, but it’s really great to do it for something that is literally saving people’s lives.

And, that’s the outcome of good marketing that you’re doing. So, we have a research team from the outset, our one person, that was Olivia. She’s now our VP of Research with a lot of people on our team. She has her Master’s in Addiction Studies. And so she heads up the effort that our team takes to work through all the information that’s out there about treatment centers and try to highlight what’s most important.

One thing that, we’ll, I’ll acknowledge is important for people when they’re looking and it sounds kind of, it’s definitely not the most important thing, but we found that photos and good, just information about what because we’re mostly working with residential treatment centers.

So someone’s looking at: “I’m going to spend 30 plus days at this place.” It’s really important for people to know what that’s going to look and feel like. So, I mean, we found that [00:06:00] the better photos and video that treatment centers have can really help people make a decision and feel comfortable actually call, picking up the phone and calling.

So that’s, like, pretty surface level and we obviously see some treatment centers that that’s really all they have to offer is a nice facility, unfortunately, but when there’s the combination of, we start with, okay, they have a really nice facility. And so we try to highlight that in the, you know, and if we are working with treatment, we often sometimes work with treatment providers that have really high quality treatment, but then their marketing assets are really bad. And so, trying to point them to agencies that can help with that, or we’ll even just go on site and do photography to help make their listings on our site look better.

Because we don’t want people to overlook a great treatment provider just because the photos are bad. If they have, yeah, so, that’s definitely one piece of it. But then we really work to try to highlight the treatment program itself and try to suss out what a [00:07:00] treatment center actually specializes in.

So it’s, typically, if you just give a treatment center a form and ask them, like, what they treat, they’ll check pretty much every box and kind of just, it’s very, and they, it’s very hard to get them to differentiate themselves from others because they believe in what they’re doing and just say that they’re the best at everything pretty much and have the best staff and all that. So, we do really try to take a, so it’s very helpful for us to take a bit of an independent look and see what they actually specialize in, what their staff, what their staff is credentialed in, and things like that.

And then we’re able to, we have a few different ways that we are able to highlight the, those specializations. We’ll certainly, like, make sure that everything that they treat is shown on the profile, but we’re able to, in the way that we kind of rank our centers, when you’re looking at a feed, if you’re looking for a certain type of treatment, we try to push up centers that specialize in that type of treatment.[00:08:00] 

Jenny: That’s wonderful. I’ll say when we’re doing content marketing strategies for healthcare organizations, and then we go back and look at the data of what content is working the most, TikTok is so popular right now. Short form videos are the videos that get the longest watch time, most engagement are the “What to Expect” videos.

So for example, what to expect at my ENT pediatric appointment, or what to expect for an MRI, whatever it is. It’s boring content, right, whenever you think about all of the sexy, fun influencer content people are creating now? But at the end of the day, that’s what patients and their families need in order to help make a good decision.

So I totally understand positioning. 

Ben: Yeah, well, back in the marketing agency days, like, one thing that we would do with a lot of our clients is recommend that they do, like, a day, what an average day looks like in treatment and doing a video around that is, like, it’s a really simple concept, but just kind of walking them through, like, what the daily schedule looks like.

And if it’s not a video, just making sure [00:09:00] that’s just even published on the website so people can really get a sense of, a day or a weekly schedule, what that’s going to look like. Because, most people are, that are looking haven’t ever experienced treatment before. So they need like, really want to know what it, what they’re getting themselves into.

Jenny: Yep, absolutely. And one thing I’ll say that I’d like to chat about a little bit more is what these local clinics are experiencing and facilities as far as actually trying to do marketing on their own. I mean, we work with a rehabilitation center and the Head of Marketing is also the Director of Admission.

So, we often see, like, multiple hats being worn. And so, I would love to hear your thoughts about not only what you’re seeing as far as that structure within the facilities today, but what changes you’ve seen since you’ve started this platform? And if there’s been any movement, 

Ben: Yeah, I think the multiple hats thing is real, for sure. And, as we’re really passionate about the [00:10:00] patient journey, like I’ve talked about, but many of us that interact with our customers and have had a lot of experience doing that are also super passionate about helping these treatment centers run successful businesses and find people that can really use the treatment that they’re providing, so, I’m super empathetic to them.

And often just some of the most, like, passionate people that you’re working with. So I think, I mean, one thing that you’re saying the Director of Admissions and the and she’s also running marketing.

I mean, a lot of times the marketing that look that treatment centers are doing is a mix of kind of referral network building, so, I mean, they have, like, kind of on the ground marketing people that are making connections with local providers like hospitals, et cetera. And like, kind of doing that.

Like, I guess you would call it, like, old school, like, person-to-person marketing and that’s very effective [00:11:00] and, like, is a big way that treatment centers kind of build their beds and also, building that, like, alumni network. So, if someone’s gone to a treatment center and hopefully been successful just continuing to build that relationship with them over time is really helpful for getting those referrals in the future when they, because often these people end up mentoring someone that needs treatment and they’re able to point them to that center.

So, I mean, that’s really important, especially as a center, like, grows over time in terms of just, like, longevity, they can rely on more and more on that. But regardless, we see that digital strategy is really important on top of that. So, I was just talking to one of our customers yesterday and they were just saying how there’s so much overlap between that kind of on the ground referral marketing and the digital marketing.

And, sometimes people want to, like, in the CRM or something, put/decide which one gets credit and there’s a lot of kind of fighting over who, who actually filled that bed. [00:12:00] But often it’s a bit of a combined effort. So, I don’t know that I’m answering your question, but I’m just like, that’s just on my mind is that kind of, the pairing of the two is there’s a lot going on there as far as I’m trying to remember what your original question was now, maybe redirect me. 

Jenny: Yeah, no worries. It just shifts, like, where you think it’s going to be going in the future from an industry perspective. 

Ben: Yeah, I mean, we’ve seen, like, some shifts that we’ve seen is people kind of learning how to do their own SEO over time, which is good, I think, and not an over reliance on Google Ads, which had been a big way that people have historically filled their beds and are still doing that. But, I think that there’s one of the trends, even on the side has been, I mean, Google has gotten a lot better at surfacing, high quality content and user [00:13:00] first kind of content.

So, both our SEO strategy and then a lot of our clients is to just answer people’s questions, help them, like you were saying, like that whole, like, what is it like to go to treatment? Like, those types of queries are, have I mean, there’s not nearly as much kind of shenanigans on the outside as there used to be thankfully, and so it’s, we’ve seen some of the, some of the players in the space that were pretty low quality as far as websites out there to help people find treatment have, like, kind of fallen off over time because they didn’t ever really have that high quality of content. And so, just as we continue to invest in what we’re doing, we’re seeing kind of the rewards of that in terms of how our rankings continue.

And, like, when people are searching for treatment, they’re finding our websites because Google is getting data every day back that., “Oh, people come to this website and find what they’re looking for.” So that’s been really good. We, [00:14:00] a big trend is, over the last 5 or 6 years since we started RehabPath has been just the whole insurance thing, kind of post Obamacare where much more people are able to get treatment.

But then it gets complicated because people want to know, like, what their insurance covers and there’s a lot of restrictions on, but, insurance companies are always pushing back on what they will cover and things like that. So, that’s something that on our kind of road map is to help people navigate that treatment, like, looking for treatment with that information about their insurance.

So, if we had, I mean, a lot of times treatment centers have, like, a verification of benefits form on their website. We would love to centralize that so people can put in a verification benefits and then we only show them treatment centers that would work with their insurance so that it would just like, it’s just there’s a lot of as, it’s like, if someone picks up the phone, calls the treatment center, and then they find out, oh, like, they don’t take my insurance or they can’t, I can’t afford this, the chances of them [00:15:00] going and picking up the phone and calling another center just become less and less because it can be very demoralizing.

And there’s only that, like, there’s only those small moments where someone is, especially if you’re talking about the patient themselves, is willing to put in when looking for mental health treatment. It can be a very small window, so a lot of what we’re doing is just trying to make it so that when someone does want to make that decision, we’re taking all the barriers away.

Jenny: I will tell you, just from, I had a family friend that wanted to seek care about 10 years ago, and they ended up eventually just giving up. They, like you said, had a day where they said, okay, if somebody can find me care that I can go and check into now, I will do it. And there was no tool to search.

There was no way to be able to understand what resources even were available in the state of Missouri, let alone those that are nearby and those that accepted insurance. So huge [00:16:00] paradigm shift. So, I would love to end. Oh, go ahead. 

Ben: That just reminds me of some stats that we’ve been looking at. And, I think this is from Sam.

So, I’m not sure it’s some government study. So in any, in a, in the year that they did this study they found that there were 659,000 people that didn’t get treatment, but wanted to get treatment for substance use disorder. And then they, here’s some of the reasons for no treatment. There was 221,000 people that didn’t know where to go.

There were 195,000 people that couldn’t find a program with the type of treatment desired. There were 75,000 people who couldn’t find a program close enough and then 37,000 with no openings where they looked. So, like, those are really interesting for us to see, obviously, and where we think that we can help more and more people, like, find a place to go find a program that has a type of [00:17:00] treatment.

If they can’t find a program close enough, help match them with one that they could go to and it gets covered by their insurance. So those are like, really interesting stats that we’re seeing around this. So, yeah, I mean.

Jenny: That’s an entire city’s population.That’s staggering when you think about it through that lens. 

Ben: Yeah. 

Jenny: So, I would love to end by you helping to help explain if there are rehab and behavioral health centers that are interested in being on your platform, what are the options? Like, if there’s a marketing person listening that wants to make sure their facility is adequately listed, how should they move forward?

Ben: Yeah. So, From the outset, our strategy is to, has been to be comprehensive. So we list treatment centers for free. And like, our research team is always looking for treatment centers that are on our platform that should be and so if a center’s, very likely a center that’s listening to us, if they’re in the US, they probably are on our platform already as a free listing.

But [00:18:00] if not, that would be the first step is to get them set up with a free listing. And then we kind of have this process where we, very similar to Google My Business, where you claim the listing and can make edits and things like that. So, we are able to provide value to centers just on the free listing side.

And then if people, if treatment centers are looking for larger reach, that’s where our advertising program comes in. So, that’s a really simple program. That is it’s cost per click. So similar to most digital advertising programs. So you pay for the volume that you get. So, basically, by turning on that campaign you’ll get a much larger reach off.

And it’s like, if you’re in one city, you’re getting access to neighboring cities, different targeting that you’re looking for. So, yeah, so the easiest way is just to fill out our contact form. And we’ve got a sales team that will, works up a discovery call and just make sure that you’d be a good fit, but yeah, I love it.

Jenny: Well, Ben, thank you so much for being on today. Thank you for the work that you’re doing. I’m going to share a [00:19:00] link to your LinkedIn profile as well as to RehabPath in the show notes, so if anyone’s interested in learning more, they know where to go. 

Ben: Yeah. Thanks, Jenny. It’s been lovely getting to know you this year and just really excited for the opportunity to be on your podcast.

Jenny: Oh, thank you. And for all of our listeners, thanks for tuning in. We will see you on a following episode of We Are, Marketing Happy. Have a great day. 

As a healthcare marketing agency, we are often asked about the HIPAA compliance of certain marketing tools. To address this need, we have created a blog series that examines common marketing tools and software to determine whether or not they pose a HIPAA concern.

This week, we’re taking a closer look at Piwik PRO.

What Is Piwik PRO?

Piwik PRO is an advanced, privacy-focused web analytics platform. Designed as an alternative to platforms like Google Analytics, it offers in-depth insights into website traffic while ensuring user data privacy. Prioritizing data ownership and GDPR compliance, Piwik PRO provides both on-premises and cloud hosting options. It caters to businesses wanting granular data without compromising user trust or regulatory requirements.

Significant features:

  • User Privacy: One of Piwik PRO’s major selling points is its focus on data privacy. Their customers have the option to anonymize or redact IP addresses, respect Do Not Track headers, and provide transparent opt-out options for visitors.
  • Heatmaps: These features provide visual insights into where users are clicking, moving, and scrolling on a webpage.
  • Tag Manager: An integrated tag manager helps users easily add and manage various marketing and analytics tags on their website without the need to modify the site’s code directly.
  • Audience Segmentation: Piwik PRO allows for detailed audience segmentation, enabling marketers to analyze specific subsets of their traffic, such as users from a particular location or users who arrived through a specific marketing campaign.
  • Data Ownership: Unlike many other platforms, Piwik PRO ensures that the data collected remains under the website owner’s control. This is a particularly privacy-forward feature of Piwik PRO
  • Multi-site Analytics: Users can manage the analytics for multiple websites within a single Piwik PRO instance.
  • CDP (Customer Data Platform): Piwik’s CDP is available for premium customers. Piwik’s robust CDP allows users to create robust customer profiles and segmented audiences.
  • Consent Management Platform: Piwik PRO boasts an easy-to-use consent management platform that ensures that website visitors can appropriately select their privacy preferences.

Third party integrations: Piwik PRO supports many integrations with other CMS, data visualization and data storage tools, and marketing platforms like Google Ads.

What Data Does Piwik PRO Collect?

Piwik PRO is a first-party data platform that uses a similar framework to Universal Analytics. The biggest difference between Piwik PRO & other analytics platforms is the data ownership. This means that the owner of the website always retains ownership of the data, which is fairly uncommon in similar products. What the platform collects is entirely dependent on the tool’s setup, but the following are almost always collected:

  • Site actions: The primary points of data collection, the events that users take on your site. This could be a button click, a form submission, a video view, or nearly any action you’ve defined on your site.
  • Event properties: The additional information attached to events, such as transaction prices, categories, & other information, which can be defined during setup.
  • Device information: This can include the model of the device the user is using, the operating system, browser.
  • Location data: This includes your approximate location based on your IP address.

Is Piwik PRO HIPAA-Compliant?

Every organization’s definition of HIPAA-compliance is dependent on their legal team’s interpretation of the guidelines set by the U.S. Department of Health and Human Services. That being said, Piwik PRO falls pretty low on the risk scale because they offer self-storage and are willing to enter into a Business Associate Agreement (BAAs).

Risk Mitigation

Piwik PRO is a data-forward, privacy-focused product, whose risk mitigation options go beyond entering into a BAA. That being said, it is a good idea to ensure you have the following in place in order to catch some common missteps:

  • Ensure that you have a current, valid BAA in place. Schedule regular check-ins to verify that your BAA is still current.
  • Consider any other tools that may be integrated with Piwik PRO – is your configuration sending data to another third party tool? If so, do you have a BAA in place with that vendor? Stay aware of all steps of your data processing, storage, & transmissions and be judicious about integrations that are unnecessary, redundant, or obsolete.
  • Remember that as the website owner, it is your responsibility to own the data process & determine where this data goes. Are you storing it on a third party server? If so, is this server HIPAA-compliant? Each endpoint introduces another possibility for liability and risk.

It’s always important to connect with your legal team to determine how best to move forward. Listen to our HIPAA & FTC 101 podcast for more information about changes for healthcare companies.

Not sure how to get started?

Hedy & Hopp has already engaged multiple healthcare clients to perform an audit and risk assessment that both marketing and legal teams can use to make the best decisions for their business. If you’re looking to make sure your marketing practices are compliant, let’s talk – we’d love to help!

As a healthcare marketing agency, we are often asked about the HIPAA compliance of certain marketing tools. To address this need, we have created a blog series that examines common marketing tools and software to determine whether or not they pose a HIPAA concern.

This week, we’re taking a closer look at Mixpanel.

What Is Mixpanel?

Mixpanel is a popular analytics platform, similar to Google Analytics. It’s widely used by marketers who want an alternative to Google Analytics, an upgrade to GA’s free version without taking the steep price hike to Analytics 360, as well as product teams wanting to improve their users’ experience. Mixpanel can also offer a more customized analytics or reporting system without going “around the system” in the way you sometimes need to in Google Analytics (Google Analytics was to provide very basic insights out of the box for just about any user who was willing to complete a simple setup guide). 

Mixpanel, however, is not intended for beginners, and instead focuses on marketers & product team members who are looking for a highly customizable product that exists outside of the Google ecosystem. Mixpanel’s popularity has grown further since the release of Mixpanel Marketing Analytics.

Healthcare marketers use Mixpanel to do the following:

  • Analyze patient journeys: Mixpanel can be used to understand the journeys that patients take when seeking care, from initial research to booking appointments. 
  • Segmentation: Marketers can divide audiences into specific segments based on behavior, demographics, pages viewed, or any other number of trackable metrics.
  • A/B testing: Mixpanel allows for robust testing features, allowing marketers to test campaigns, webpages, and more in order to boost conversion rates.
  • Retention: Mixpanel can be used to measure user retention, which can help teams determine how sticky their content is.
  • Flexible and complex attribution: Mixpanel allows for highly customized attribution models, which can be tailored to specific user journeys.

What Data Does Mixpanel Collect?

Mixpanel is a first-party data platform that, much like GA4, operates on an event-based framework. What the platform collects is entirely dependent on the tool’s setup, but the following are almost always collected:

  • Site actions: The primary points of data collection, site actions are the events that users take on your website. This could be a button click, a form submission, a video view, or nearly any action you’ve defined on your site.
  • Event properties: The additional information attached to events, such as transaction prices, categories, & other information, which can be defined during setup.
  • Device information: This can include the model of the device the user is using, the operating system, browser.
  • Location data: This includes your approximate location based on your IP address.

Is Mixpanel HIPAA-Compliant?

Every organization’s definition of HIPAA-compliance is dependent on their legal team’s interpretation of the guidelines set by the U.S. Department of Health and Human Services. That being said, Mixpanel falls fairly low on the risk scale, largely because Mixpanel is willing to enter into Business Associate Agreements (BAAs) with its customers.

Risk Mitigation

Mixpanel is a data-forward, privacy-focused product, whose risk mitigation options go beyond entering into a BAA. Mixpanel is built on Google Cloud Platform, which is subjected to regular, independent verification of security, privacy, & compliance controls against HIPAA. That being said, it is a good idea to ensure you have the following in place in order to catch some common missteps:

  • Ensure that you have a current, valid BAA in place. Schedule regular check-ins to verify that your BAA is still current.
  • Consider any other tools that may be integrated with Mixpanel – is your configuration sending data to another third party tool? If so, do you have a BAA in place with that vendor? Stay aware of all steps of your data processing, storage, and transmissions, and be judicious about integrations that are unnecessary, redundant, or obsolete.

It’s always important to connect with your legal team to determine how best to move forward. Listen to our HIPAA & FTC 101 podcast for more information about changes for healthcare companies.

Not sure how to get started?

Hedy & Hopp has already engaged multiple healthcare clients to perform an audit and risk assessment that both marketing and legal teams can use to make the best decisions for their business. If you’re looking to make sure your marketing practices are compliant, let’s talk – we’d love to help!

Today Jenny welcomes Sunny Yarrish, Director of Marketing, Digital, and Omnichannel at Myriad Genetics. On this episode, Sunny’s journey into personal branding on LinkedIn takes center stage. Although Sunny humbly claims not to be an expert, she gets results and emphasizes the power of consistency over perfection.

Her content’s positive impact is evident through messages from old friends, demonstrating the significance of meaningful one-on-one conversations. Sunny’s experience highlights that a life worth sharing yields valuable content, prompting listeners to rethink their LinkedIn presence and approach.

Connect with Sunny Yarrish:

Interested in working with Hedy & Hopp on a healthcare marketing program?

Book time with Jenny today.

Connect with Jenny on LinkedIn

Explore what Hedy and Hopp can do for you

Jenny: [00:00:00] Hi, friends. Welcome to today’s episode of We Are, Marketing Happy – a Healthcare Marketing Podcast. I’m Jenny Bristow, I’m your host. I’m the CEO at Hedy & Hopp, a Healthcare Marketing Agency. And today I am so excited to have Sunny Yarrish. She’s the Director of Marketing, Digital and Omnichannel at Myriad Genetics.

Welcome, Sunny.

Sunny: Hi, Jenny. Good morning. Thank you for having me. 

Jenny: So, I have become a huge follower and fan of the content that you post on LinkedIn. And that’s our topic today. So, I’m excited to have you on to talk a little bit about personal branding, because one of the topics that we hear about a lot is figuring out how to develop a personal brand on LinkedIn and the benefits of it.

So, you started a challenge in February this year. Tell our listeners a little bit about it. 

Sunny: Oh, Jenny, thank you. I’m actually humbled to be here to [00:01:00] discuss this topic, because by no means I figured out everything. So I will treat this as a conversation, Jenny, kind of to reflect this journey since February, maybe at the end of this conversation, my answer will be more clear through this conversation.

So, yes. I guess before February this year, I was a very passive consumer on LinkedIn. So, I consume information. I treat LinkedIn as a platform when you announce bigger milestones, like you change your job, you got a promotion. So, you do that once a year or once a few years, you go there to say, hey, this is big news. That’s it.

So I think more and more when I spent time on LinkedIn, I saw people publish very interesting or educational or inspiring content. So, I would tend to like their content. So, even commented. So, I guess, February this [00:02:00] year, I started thinking is, I want to switch the role.

I don’t want to just sit there and just kind of consume information. I want to be a contributor to that platform. So, I guess, that’s how I put a switch on. So, why do I do it? Why do I set a challenge to do that every day? So, my challenge is every weekday, Monday through Friday. But, why switch a challenge on is, I think, before I get good at this, first stop is I want to be very consistent.

So, how consistent? Let’s make it simple. Monday to Friday. Every morning at eight o’clock. 

Jenny: I love it, Sunny. And I love that you’re focused on consistency over perfection. Because I think that’s one thing that prevents people from doing things in their professional or personal lives is the fear of not being perfect.

But, I will tell you that one commonality with all of your posts is optimism and positivity. That’s one of the reasons I love following your content is, I know on my feed, it’s always going to be something uplifting. [00:03:00] It’s always going to make me just pause for a moment and reflect. So how do you decide what you’re going to post every day?

Sunny: Yeah, so how do I decide what I’m going to post every day? Right? So, I kind of sit down. So, I put a list of topics, what I’m interested in. So, of course, I’m a marketer, so I’m always interested in publishing lessons learned in the marketing field, especially in the healthcare space. So, sometime I’ll touch on a medical advancement, especially in my field.

So, that will be one of the topics. And, also I’m a huge advocate of personal health and growth. So, you will see, I will touch on the health topic in terms of running, fitness, forming good, long-lasting habits. How do we do that? And, personal growth is, I’m also an advocate of lifelong learning.

I always believe that the moment we stop learning is the moment we, [00:04:00] just being content with what we do, then we stop living the best of us. So, growth is another topic. So, if you’re putting this kind of health, growth, and marketing. So, I’m trying to get a good balance among the five days.

So touch on a couple of days on this topic, couple of days on that topic. That’s how I do it. 

Jenny: I love it. That is wonderful. And, I’ve definitely noticed those pillars in your content. And, I will say the one about running definitely makes me feel like I need to go be more active. Your 5am runs to catch the sunrise.

I’m so impressed with you. So, talk to me about benefits you’ve seen so far, because I know one of the things that maybe prevents people from doing it is not really understanding the end goal or what benefits may come from it. So, I know you say, you’re not an expert, you’re just learning, but you’ve been doing this since February.

So, talk to us a little bit about the benefits you’ve seen. 

Sunny: Yeah, when you say end goal, so since I start posting regularly, [00:05:00] believe or not, I got a text message or phone calls or LinkedIn message from my old friends. So, they were all asking, saying, hey, we notice you post very consistently. So, Sunny, what’s your end goal here?

Truly, I have to sit back, reflect, what is my end goal? So, I think, sometimes without a clear end goal is when I post something, I feel I spend a lot of time on posting, I got very few likes. I’m telling you, everyone has the vanity metric. So, in the marketing, we all have a metric.

So I feel like it’s disheartening. Why am I doing this? Why I’m kind of show up every day to do this then? But whenever I feel that way, Jenny, then I will tend to get, again, a comment or text message from people I haven’t, I guess, haven’t been touched for a long time. They just text me and email me saying, Sunny, we become your followers.

Then, your message is so [00:06:00] uplifting, actually touched me. I just want to let you know. So, I think from that moment is another thing is telling me is, when you show up on LinkedIn, just again, stop thinking about those vanity metrics. Really treating it as the one on one conversation with people.

And Jenny, you can tell I’m a pretty optimistic person. You see that. So, I want to be a source of positivity. So, I want to be able to relate the lessons I learned from the mistake I make or from the life journey I made. I want to be able to share that. So, if I just touch on one person, that’s good. So, treat that as a one on one conversation and also for the personal benefits.

Here’s I feel the most benefit to me is, when I just started posting back to February, March, I have so many content topics in my pipeline. I can sit there thinking, oh, I got everything figured out for next week. You know why? Because I lived a pretty interesting life. So [00:07:00] far, I moved to, I lived in three different countries.

I switched three different industries from IT, healthcare, medical device, and even the movie industry. I went to film school. So, I have a lot of interesting, and I run a marathon. So, from a person who hates running. So, because I feel I have these interesting stories, so, I can write them, share them. But, now, we are talking about six, seven months in, I kind of deplete my inventory.

So, what I tell me is if you want to show up on LinkedIn, you better have a life worth of sharing, worth of documenting. So, now I think writing on LinkedIn is a challenge for me. Every day is, Sunny, have you start a new challenge? Have you doing something worthy of documenting? Or, have you spent time reflecting?

So, I guess to write on every day, something worth of sharing is a constant reminder of living a life [00:08:00] worth of sharing. I hope that makes sense. 

Jenny: Sunny, that is so beautiful. It absolutely makes sense and is very similar to the beautiful content you share on LinkedIn. So, I love it so much. And, I will comment and I will agree that many people on LinkedIn are passive consumers of content.

So, I, just like you, often people inbox me or text me or call me about a content piece that I published and never will have liked any of my content for years, but they were consuming it the entire time. So, I totally agree with you. LinkedIn is a little different from that perspective. So, well, Sunny, thank you so much for being on today.

This was a really fun conversation. Listeners. I’m going to put the link to Sunny’s LinkedIn profile in the show notes. Please go follow her if you want a daily dose of positivity each morning, and we look forward to seeing you back on here in the future for another episode of We Are, Marketing Happy.

Have a [00:09:00] great day.

Sunny: Thanks, Jenny.

As a healthcare marketing agency, we get a lot of questions about whether or not certain tools are HIPAA-compliant. That’s why we at Hedy & Hopp decided to create a blog series that specifically dives into common marketing tools and software in order to determine whether or not it poses a HIPAA concern.


This week, we’re taking a closer look at Google Analytics (GA4).

What Is Google Analytics?

GA4 is the latest version of Google Analytics, the most popular analytics tool in the world. It is also the biggest change to the tool since its original release in 2005. For the first time ever, Google Analytics will not be backwards compatible with previous versions of the platform’s tags. GA4 requires a complete reinstallation of tracking tags, which has many users reevaluating their tracking platforms. Paired with OCR’s recent bulletin which identified IP addresses as PHI, this shift in the ecosystem has made the question of how Google Analytics fits in HIPAA-compliance a hot topic for healthcare marketers

What Data Does Google Analytics Collect?

Google Analytics, unsurprisingly, collects a lot of data about your user:

  • User ID: This is a unique identifier that is assigned to each user. GA4 uses this ID to track users across multiple sessions and devices.
  • User properties: These are additional pieces of information about users, such as their age, gender, location, and interests.
  • Events: These are actions that users take on your website or app. For example, an event could be a pageview, a download, or a purchase. These events need to be setup by the owner .
  • Sessions: A session is a group of interactions that a user takes on your website or app within a certain period of time.
  • Dimensions: These are the different attributes of your data, such as the date, time, and page URL.
  • Metrics: These are the measurements of your data, such as the number of users, sessions, and events.

Is Google Analytics HIPAA-Compliant?

Google Analytics 4 has made a lot of improvements that make it easier for companies to utilize stronger data privacy standards and move further into the age of cookieless tracking. These changes allow the tool to be used more in line with GDPR, CCPA, & other privacy policies. Despite these changes, however, Google Analytics is not HIPAA-compliant, as it still receives and stores PII/PHI, including device IDs, browser information, and location data, and does not offer a BAA. Google even explicitly states that “Google makes no representations that Google Analytics satisfies HIPAA requirements” and instructs users to refrain from exposing the software from any information that could be considered PII/PHI.

Risk Mitigation

There are several ways to make Google Analytics safer with strong data privacy standards. These are available in the Privacy Controls section of your Google Analytics settings. While enabling these settings will not satisfy HIPAA guidelines, it could help safeguard some user data while you determine a path forward (see our blog, Auditing your marketing plan for HIPAA compliance)

  • Data collection: You can disable the collection of certain types of data in Google Analytics, such as location data, device information, and user-agent strings.
  • Data sharing: You can control how your data is shared with other Google products and services, including Google Ads & YouTube.
  • Consent mode: You can enable consent mode, which allows you to collect data from users who have given their consent.
  • Data retention: You can control how long your data is retained by Google Analytics.
  • User-level data access and portability: You can grant users access to their own data in Google Analytics.


PRO TIP: Server-side tagging is a data tracking method that can help organizations protect user data. While it requires a well thought out digital infrastructure, it can give organizations more control over their data and help them comply with privacy regulations while still using Google Analytics.

Where do you go from here?

Hedy & Hopp’s Analytics experts can help by auditing your Google Analytics account for you, so reach out if your team is struggling with how to approach what can be quite an undertaking!

We have already engaged multiple healthcare clients to perform an audit and risk assessment that both marketing and legal teams can use to make the best decisions for their business. Give us a call – we’d love to help!

As a healthcare marketing agency, we get a lot of questions about whether or not certain tools are HIPAA-compliant. That’s why we at Hedy & Hopp decided to create a blog series that specifically dives into common marketing tools and software in order to determine whether or not it poses a HIPAA concern.


This week, we’re taking a closer look at Google Tag Manager (GTM).

What Is Google Tag Manager?

Google Tag Manager, or GTM, is a powerful tool that allows you to track user activity on your website or mobile app with minimal coding knowledge required. By putting one snippet of code on a website, GTM creates a container that can manage all of the various tracking codes on your website. GTM is also a great way to improve your website analytics, track conversions, and retarget visitors (when compliant) from and to a variety of platforms. It’s also a valuable tool for businesses of all sizes, from small businesses to large enterprises.

Here are some of the benefits of using Google Tag Manager:

  • No coding required: You don’t need to be a developer to use GTM. The user interface is intuitive and easy to use for users with basic technical knowledge.
  • Increased security: GTM helps to protect your website from security risks by preventing unauthorized access to your tag code.
  • Improved collaboration: GTM makes it easy to collaborate with other team members on tag management. You can share tags and permissions with other users, and you can track changes to tag configurations.
  • Scalability: GTM can be scaled to meet the needs of businesses of all sizes. You can add as many tags as you need, and you can manage multiple websites and mobile apps from a single account.

What Data Does Google Tag Manager Collect?

GTM is probably unique in your tech stack in that it itself does not collect any data – instead, it provides a container with easily configurable tags, triggers, & variables that allow you to control exactly what tracking tools are on your website and how they send information back and forth. Common tags to have in GTM include:

  • Google Analytics: The most popular analytics tool in the world, GA ties directly into GTM with minimal setup.
  • Conversion Tracking Pixels: Google Ads, Meta Ads, LinkedIn Ads, and most other digital advertising platforms can use a conversion tracking pixel on your site to improve ad performance. At Hedy & Hopp, we consider these pixels to be a high risk in terms of HIPAA-compliance, since they share user data with third parties.
  • Engagement/UX tools: Heatmapping tools like Lucky Orange, A/B testing tools like Optimizely, and countless other tools are routinely installed via Google Tag Manage

Is Google Tag Manager HIPAA-Compliant?

A good way to look at GTM through the lens of HIPAA-Compliance is that it can be the vehicle for compliance issues, and that it completely depends on how a specific site is using their tagging setup. A GTM container can manage tags for everything from a Google Search Console verification tag (completely HIPAA-compliant) to a Facebook Pixel that is gathering personal data about users who may be visiting sensitive pages on a site (completely non-compliant!). 

PRO TIP: As a general rule, conversion pixels are concerning in terms of HIPAA-compliance and should be avoided. Learn more about the recent updates in HIPAA guidance by listening to our HIPAA & FTC 101 podcast.

Risk Mitigation

While Google Tag Manager supports some obfuscation options that grant some level of increased data privacy and protection, this is not a watertight approach. Often, the obfuscated data is still being shared with some third party processors. Server-side Google Tag Manager (sGTM) can be a much safer approach, offering more options for data privacy and allowing users to completely control which data is shared (and not shared) with each platform. 

If you want to assess your GTM risk in it’s current set up, a great place to start is by extensively documenting the functionality of each tag in your account. From there, you can assess the risks of each tag and make a plan to improve data privacy. 

PRO TIP: While server-side tagging is not for everyone and does not eliminate issues associated with third party tracking tags, this approach puts more power in the hands of your team to ensure that you are protecting your users’ data.

Not sure how to get started?

Hedy & Hopp’s Analytics experts can help by auditing your GTM account for you, so reach out if your team is struggling with how to approach what can be quite the can of worms! Our team has already engaged multiple healthcare clients to perform an audit and risk assessment that both marketing and legal teams can use to make the best decisions for their business. Give us a call – we’d love to help!

Today Jenny welcomes Megan Cornish, a licensed clinical social worker turned healthcare marketer. Megan shares her unique perspective on marketing and copywriting in the mental health space, emphasizing the importance of positive messaging and careful language choices.

They discuss the intersection of marketing and clinicians in driving demand and the need for clinician involvement in marketing strategies. They also touch on the challenges posed by large companies entering the mental health space and the importance of viewing traditional therapists as allies, not competitors.

Connect with Megan Cornish:

Interested in working with Hedy & Hopp on a privacy compliance program?

Book time with Jenny today.

Connect with Jenny on LinkedIn

Explore what Hedy and Hopp can do for you

Jenny: [00:00:00] Hi friends. Welcome to today’s episode of We Are, Marketing Happy, a healthcare marketing podcast. I am Jenny Bristow, the CEO and owner of Hedy & Hopp, a healthcare marketing agency. 

I am so excited today to have Megan Cornish here with us. She is a licensed clinical social worker turned healthcare marketer.

So she’s bringing her clinician experience into the marketing world. And I’m so excited to dig into what that means. Welcome Megan. 

Megan: Thank you so much. I’m very excited to be here. 

Jenny: So we connected originally on LinkedIn because you were making some really fabulous posts talking about the intersection of marketers driving demand with clinicians satisfying that demand and then when things, you know, don’t quite match up.

And so I’m excited to chat with you first about how you approach marketing, copywriting, and [00:01:00] content strategy in the mental health space. So talk to me about some of the work that you do. 

Megan: Yeah, absolutely. I think as a clinician, I have a unique perspective on things that I can kind of see the whole scope, the whole span of the treatment journey.

Marketers tend to view it as a funnel and their role ends as soon as that person starts treatment. But I kind of understand it on a longer scale where the clinicians are gonna start working at that point. But the marketer is actually a part of the treatment journey as well. So the way they say things, the way they get people into treatment really matters.

It’s really important because words are important and the way that these clients are viewing their treatment journey is gonna really play a big role in how successful they’re going to be in therapy. 

Jenny: Yeah. So one thing that I have noticed in the mental health space in different communication strategies is fear based communications.

Talk to me about how [00:02:00] words matter when you’re trying to encourage somebody to enter a treatment journey. How do you approach it? And what is your perspective of how language matters? 

Megan: Yeah, absolutely. Well, I think as a clinician, if I have someone coming into my office who wants to change the 1st thing I need to help them see is what they want.

Not what they don’t want because it’s if you move away from something, you can move in any direction, but you have to know what your goals are and what it is that you’re looking for. So that’s super important. I think to to use positive tactics to get people into therapy in the 1st place.

Otherwise, you’re sending these people who are scared and are not in a good place to start. They’re not ready. They might drop out. You’re gonna have to spend more marketing dollars. You want to make sure that the motivation and the pathway into therapy is on positive. I also think it’s important specific words that are used.

You have to be careful how you talk about mental health. You have to be even down to little things like anxious people or depressed [00:03:00] people. We don’t, in mental health, we don’t label people that way because part of treatment is getting people to separate themselves from their issues. You can’t work on your mental health issues if you can’t view yourself as separate from them.

So, if the marketing itself is just reinforcing this idea that you are your problem. You’re not going to be able to have success in therapy. 

Jenny: Absolutely. And I think it’s really interesting. We’ve done lots of provider based marketing to bring patients in. And one of the things that we often struggle with is the difference between how physicians talk about their services versus how consumers Google and research the services and the big gap between that. 

So one of my favorite stories is we were redoing assets for different service lines and the cardiologist, the head cardiologist was reviewing the copy and he actually got really frustrated that it was “heart doctor” but that is how everybody Googles it.

Like people don’t [00:04:00] know the word cardiologist. The average reading level is actually quite lower, you know, than a doctor’s. So you have to actually speak to them in a way that they can understand. 

Megan: Absolutely, yeah, I think that clinicians tend to be a little bit more in tune with that, you know, because a cardiologist, it doesn’t matter what they say the treatment that they give is going to be the same.

But for a therapist, what you say is the treatment. So we’re pretty in tune with what our clients need to hear from us, which I think is part of my superpower in marketing is understanding what resonates already as a clinician. I just kind of shift the way that I’m doing my work.

I’m still promoting mental health. I’m still bringing up motivation to change, which is something you do every single session. You have to help people tap in their motivation to change and their motivation to get better. And I do that in marketing now too. It’s just kind of on a larger scale. 

Jenny: So, best case scenario, if there was a marketing team in the mental health space, at [00:05:00] what point is it the most important to have a clinician or somebody with a better understanding of the treatment plan to kind of weave in to the marketing team’s approach? 

Megan: Best case scenario, I would say having someone as a partner or consultant all the way through.

Having a conversation like this, where you say, this is what we’re thinking about our strategy. This is what we’re thinking about our messaging. Like, what do you think from a clinical perspective? What do you think is going to resonate? All the way through to say, what’s the best way to describe this term for someone who doesn’t know what it is?

And then obviously, you know, at the end say, can you give a review? But minimum, you need to have clinician eyes on it before it goes out. You need to say, is there anything problematic about this? Is there anything confusing? Is there anything that’s clinically just kind of off? 

I mean, down to it matters that people know who they’re being treated by and things like therapists and social workers, and these are [00:06:00] not interchangeable terms. Helping clients be clear and understand the system and not confusing them by acting like terms are interchangeable is really helpful.

Jenny: So, whenever we’re thinking about mental health and mental health services, there have been, as you know, some really large companies entering the space in a big way, right? So you see Headspace, [00:10:00] BetterHelp. And they’re coming in and they are trying to reach mass scale through these large nationwide campaigns to be able to provide people access to care.

And it’s kind of interesting. As a consumer you know, if I remove my marketer hat and I think of myself as a person that may need or one of my family members may need mental health services, it’s kind of interesting now that we have two different camps starting, right? You have like the huge private equity backed investments, and then you have individual clinicians or a smaller localized group practices.

And the marketing of those two is taking massively different approaches. I’d love to hear your thoughts on that and kind of how you see the environment right now. 

Megan: Yeah, I think that it’s super important to understand where the money is coming from and why they’re putting the money into it.

And it kind of gives you some perspective. So these big venture capital [00:11:00] firms are helping these companies scale. Most of that is going to marketing and acquisitions. The problem that I see with that is that clinicians are actively working to get rid of clients. Like, that’s kind of your job.

Your job is to constantly be trying to get your clients better so that they don’t need a therapist anymore. Which is at odds with what I assume is the proposition in these conversations with venture capitalists, which is we just need help on the front end to get clients. And then we can spend, we’ll spend a little, a lot of marketing in the beginning, but then we won’t need to spend as much marketing.

Well, that’s not actually true. You’re always going to if that’s the customer acquisition costs, those customers are going to leave. That’s the point of therapy. And you’re going to need to spend more money to get more customers too. So I think that’s kind of a dynamic that I don’t understand, and I don’t know why all this money continues to go into these. 

I think most of them are not even in the black yet. Because of the marketing spend, so it’s interesting to [00:12:00] see how that’s going to play out. I hope new solutions are going to pop up to address that. I think that it’s important. individual clinicians have access to all the referrals that they need. Because the demand is so high. 

I would really appreciate it if marketers, these big companies, would stop viewing traditional therapy as their competitors. Traditional therapists are not your competitors.

Your competitors are stigma and shame and barriers like pricing and insurance. Those are your competitors. I don’t want to see another chart of comparing your platform to traditional therapy, like leave the traditional therapist alone. There’s more than enough for everyone. Go after these actual competitors that are keeping the market smaller than it needs to be.

Jenny: I will say also, like, I don’t know many traditional therapists that even have availability for new patients. So it definitely is not a situation if somebody is actively seeking [00:13:00] therapy, traditional therapists are like you said, likely not competition for that reason alone.

So Megan, it has been such an absolute joy. I think the point of involving clinicians early and often and thoroughly in marketing communication strategies in mental health is a very good one. 

So thank you for being on today. I’m going to add your LinkedIn to the show notes. If anybody would like to continue the conversation with you offline! 

Thank you friends. I’ll see you in a future episode.

With the recent changes with CCPA, CPRA and HIPAA, as well as recent lawsuit settlements in headlines and new states updating their data privacy regulations, many marketers (and privacy champions) have been spinning their wheels trying to understand how to stay compliant. What does this mean for our website? What does it mean for how we evaluate marketing performance? What does it mean for our visitors and their experience?


Indeed, balancing what your customers need, what your C-Suite needs and what your state governance requires can be challenging. And no agency understands that better than Hedy & Hopp.


In this post, we share our successful approach to compliance that has helped our clients make a few necessary changes that builds trust with their customers – without losing the ability to derive actionable insights that grow their business in a privacy-forward world.

These changes may seem daunting (and even a bit terrifying) at first, but remember that dealing with change is what marketers are designed to do. We constantly need to adjust based on the information received and this challenge is no different. Marketers can either embrace this new world as an opportunity to improve trust with their audience, or keep doing the same thing until they’re forced to make a change (which is inevitable). 

At Hedy & Hopp, we prefer the former, and want to share with you how we’ve helped our clients make sense of the changes and set themselves up for success in the long-term. 

  1. Conduct a thorough audit of your marketing & communication tactics, softwares and tools
  2. Determine which state laws apply today, and in the next 12 months
  3. Determine which tactics, tools and softwares are the highest priority based on what data is being shared, stored or provided (and how)
  4. Determine which high priority items must be kept and which can go 
  5. Remove/Replace and modify what’s left


Want more details on these steps? Please keep reading!

Got a case of “TLDR”? Please get in touch – we’d love to help!

Conduct an audit of all tactics, tools and softwares

Like most evaluation efforts when a massive change happens, we start with an audit. Document all of the channels you use, plan to use, are investigating using or/and have used in the last 12 months (to account for changes with seasonality). 

Supplement this list by using third party tools like Wappalyzer to identify any pixels, code, plugins, etc., that may be on your website.


It is important not to skip this part. We cannot tell you how many clients have told us that they removed a software but we still saw live tags in GTM or hard-coded on their website There are also many plugins that our clients didn’t even know existed that we were able to identify (and actually remove if needed) through using these tools.

Understand the core requirements of applicable state laws

At least in the initial stage, it’s important for marketers to know what applies to them. Covered entities are always beholden to HIPAA, but health-adjacent companies and non-covered entities also need to be aware of the FTC and state laws, where applicable. Most states require companies to reach a number of annual visitors or/and meet a specific revenue goal in that state before they are required to comply, but it does vary. IAPP is a great resource for keeping up with those details. 

First, conduct a monthly traffic report for the last 12 months, and separate out by state. 

  • Add Europe to confirm if GDPR needs to be included

Under the state(s) that are relevant to your company, review the following:

  • Are companies who follow HIPAA excluded from compliance? If so, and you are a covered entity, then the state’s laws likely do not apply
  • How does the state describe “sensitive information”? This can include marital status, sexual orientation and other non-health-specific (but very personal) information. 
  • Is consent required from users before any data can be collected (i.e., before any tags are fired)? If so, how is “consent” defined?

Determine Priority Concerns

You will probably find a lot of softwares that can be excluded from further investigation, like Javascript libraries, fonts and some plugins. But there will be a host of others that, either by nature of the platform or based on your implementation, will cause some issue with privacy – specifically with the “selling” (or sharing) of personal information. 

Below is a guide for the kinds of platforms we have seen make the priority list:


If this list freaks you out, we see you. It looks like EVERYTHING is a priority! So we broke it down even further to prioritize based on the intent of how the platform is using that data, which makes the list looks a bit more manageable: 

Priority 1: Data shared with additional third parties or/and includes sensitive information

  • Analytics tools
  • Advertising platforms
  • Video Platforms or Embeds 
  • Product Review platforms

Priority 2: Data necessary to perform function

  • User Experience tools 
  • Website Servers & Hosts) 
  • Customer Relationship Managers/CRM
  • Data Visualization tools 


Ok, that probably still makes your heart race, but what’s important to keep in mind is that the biggest concern for these platforms is based on the information being shared and how. Tools like your Website CMS by nature need to collect IP addresses, so while your company is sharing that “personal” information with a third party, it might not be a big risk for your company since that access is required to work. 

Why do we say that? Although an IP address is still considered PII, it’s not nearly as personal (i.e., 1-to-1) as a diagnosis, a name, or an email address. This is why it’s essential to work with your legal team to determine what platforms are riskier than others based on the agreements in place.

Determine Your Must-Haves

As a marketer, your first instinct may be to say that all of these softwares, tools and platforms are necessary. And that might be the case. In our experience, however, there are usually software or tactics that are duplicative or have a more compliant alternative. Think critically about what your marketing is doing for you and embrace the opportunity for refinement that you now have.  

Here are some questions to ask yourself while evaluating the priority tools:

  • Has this tool provided me with information that helped me improve a marketing tactic or initiative? 
  • Has this tool impacted my bottom line? Is it a tool that has generated leads or improved customer experience? What data do I have to prove it?

If you said “no” to either of these questions, definitely consider removing those tools and tactics and you’ll be on your way to a cleaner, more compliant marketing plan and website. If you responded yes to any of these questions, then the next step is an important one – so keep reading! 


Consider if any of the tools are duplicative. If you can consolidate tools to limit the number of third party tags and tools on your website, we would always recommend doing so.

Remove/Replace/Modify and Evaluate

This is the big one – the future of your marketing activation and evaluation. This last part will take some time and collaboration from your organization and marketing partners. The main question here is how you can modify the implementation or replace the tool to improve compliance. Some tools may offer anonymization, for example, which would be worth exploring. 

Each marketer will implement various tools in various ways (too many variables for this post!). Here are a few best practices that helped us get our clients up to par (without losing their minds). 

  • Get Business Associate Agreements (BAA) in place for the platforms that have access to your customer’s PHI. Not all of them will sign one (we’re looking at you, Google and Meta), but those that will sign one should be looked into.
  • Consider moving to server-side analytics
    • Pixels are helpful and make optimization really easy and automated. But they are also a primary culprit in why advertising and analytics platforms can be risky. Moving to server-side analytics or incorporating a Customer Data Platform (CDP) might be the way to go if you have the proper IT infrastructure and resources in place. 
    • Moving to server-side doesn’t automatically absolve your website of data privacy concerns, but it could be the first step in a privacy-forward approach to data collection and storage.
  • Remove pixels and rely more on manual UTMs and short links. It might seem like a step back for senior marketers, but ensuring that Meta, Google, Microsoft and other advertising platforms have no access to user data is a critical component to compliance, especially for platforms that don’t have the option of a BAA or updated terms.
  • Take an extra step in updating tag configurations and settings for tools and platforms that offer such settings, to anonymize or remove specific PII from website visitors
    • Be sure to confirm what they mean by anonymization, and that they don’t really mean pseudonymization. Also, be sure to confirm that data is anonymized before it’s shared and that the third party in no way has access to the actual data). 
  • Make sure consent banners and your website’s Privacy Policy have been updated to account for what website data is shared and how (and what privacy regulations you need to follow).



If you’ve not done so already, this is the time to make absolutely sure your legal team is aware and involved in these discussions. With the number of nuances with HIPAA privacy, it’s critical that your company’s legal team has the opportunity to engage and provide input on updates, specifically on privacy policies and  the company’s overall data privacy approach.

Activate and Evaluate

Once these changes are in place, consider the next 30-60 days as a trial period. Are you missing any data for evaluation? Any new questions arising with the data you can see? It’s a good reminder that any change that you make will take some adjusting, but that doesn’t mean insights can no longer be found.



Don’t forget to update your data visualization dashboards to account for any new placements, accounts or configurations!

Need more support for your specific marketing plans?

We’d love to help. Contact us today to see how we can get you and your team data privacy compliant!