Fresh off the road from this year’s SHSMD Conference, Jenny and Shelby Auer, Account Manager at Hedy and Hopp, share their highlights from the conference in Chicago. They discuss various sessions and speakers, including insights on rural healthcare, brand management, internal communications, data-driven decision-making, and improving the patient experience. They also speak about the importance of learning and sharing experiences within the healthcare marketing industry to make a positive impact. (Check out the show notes on YouTube for links to our favorite speakers.)
Connect with Jenny:
https://www.linkedin.com/in/jennybristow/
Connect with Shelby:
https://www.linkedin.com/in/shelby-wanne/
Interested in working with Hedy & Hopp on a healthcare marketing program?
Book time with Jenny today.
Jenny: [00:00:00] Hi, friends. Welcome to today’s episode of We Are Marketing Happy, A Healthcare Marketing Podcast. My name is Jenny Bristow. I am the CEO and founder at Hedy and Hopp, a healthcare marketing agency. And I am joined today with an account manager from Hedy and Hopp, Shelby. Auer. So, Shelby and I just got back from SHSMD ‘23 in Chicago.
We had an amazing time and we wanted to do just a quick little recap for any folks that weren’t able to attend or even those who did attend but weren’t able to attend all of the different speaks, uh, talks, speakers. So, what we’re going to be doing is we’re just going to highlight a couple of things that really stood out to us as far as events.
We’re going to link to all of the speakers in the show notes, to their LinkedIn. And we’re going to tag them on LinkedIn. If you have any questions about the presentations, I’m sure they would love to talk to you about it. Everybody was so amazing at the event. So, Shelby, first of all, high [00:01:00] level, tell me about SHSMD.
This was your first ever SHSMD. So tell me a little bit about your, just some big key takeaways.
Shelby: Yes. Oh my goodness. It was so wonderful getting to meet and connect with such wonderful people. Everyone. I mean, Brad, or Bread, as I should call him, who kicked us all off with such a great, uh, keynote, really nailed, nailed it on the head in regard to how wonderful and weird in the best way possible the group at SHSMD is.
And so, it was so wonderful getting to connect with everyone and knowing that a lot of the HIPAA conversations that we’ve been having as an agency is really top of mind across the industry, so it was so wonderful getting to connect with so many people who really just want to protect their patients and figure out what the heck they need to do with everything that’s going on.
And so, it was wonderful getting to brainstorm and talk to such wonderful people.
Jenny: That’s awesome. I completely agree with you, just, healthcare people are the best people. So, let’s jump in and talk a little bit about some of our favorite sessions. So, I will jump in and go first. So, there was a, um, a topic specifically about rural health that I absolutely loved.
So, I grew up in a super rural town, um, there were 11 kids in my class from grades K through 8. So, super, super small. So, I was really interested in attending this one to be able to hear more from different POVs about how folks are actually approaching those communications, understanding what research methodology they’re using to understand their access to, um, internet, um, likelihood to schedule annual exams, those kinds of things.
The speaker was Pauline Hoffman. She was absolutely phenomenal, great speaker. Um, but there was a couple of things that she mentioned. One thing she mentioned, the phrase social listening, but she used it in a different [00:03:00] terminology, which I actually really, really appreciated. She used social listening by actually like using your ears, right?
Not using tools and software, but actually like when you’re sitting in like a PTO event or you’re sitting in a restaurant in your small town, actually listening to hear what people are saying about the physicians and the facilities because in small towns, a lot of folks are going to be talking just through word of mouth versus using digital platforms like you may see in more urban areas.
And then some of the other things that she actually talked about is, um, getting information, um, about your services to first responders, because they’re some of the people that are most trusted in your community and have the ability to share information about access to care.
And then the third thing is, she talked a lot about fighting disinformation. Um, and not only about, um, you know, your physician. and facilities, but also just about the world and care that we want to and [00:04:00] need to offer to help make our communities a healthier and safer place. Um, and she had some really interesting perspectives talking about how PR is generally not as understood and they think it’s more of a spin position versus trying to share her phrase was truth and trust, um, which I thought was really great.
So that one for me really hit home.
Shelby: Love that. Well, and speaking of PR, one of the last sessions that I got to sit on was with Karen Brodbeck who works with OSF Healthcare. So, based out of Peoria, Illinois, so a lovely Midwest sister over there. And, she talked a lot about their brand management and how they’ve really built a national brand, though they are pretty small and focused in the Midwest space, and it was really, really interesting. She told a wonderful story about how she was at Girl Scouts as a kid and was always told, if you don’t [00:05:00] ask, the answer is no. And so how she’s kind of taken that as a mantra in the work that she’s doing, and she’s constantly reaching out and applying for different awards or speaking opportunities for individuals in the system.
And, specifically, I loved some examples of the great stories that they’ve gotten out about their health care system and I think we saw it all over this conference about not only just consumer focused work, but also stories and how important that is, how stories and data need to co-mingle and work together.
Um, but they had a story that ended up in People Magazine, got picked up in People Magazine about a nurse that cared for a sweet, sweet little baby and ended up adopting, um, this little boy. And how one of their workers on their [00:06:00] government team ended up talking to his daughter about everything that was going on in Ukraine, and they ended up sending over an ambulance filled with a bunch of stuff to Ukraine.
He ended up going and just such, such amazing stories that they have such a good. system of collecting those stories. And that was a lot of what she talked about is how they’ve really built up a space where across all their health systems, they’re sharing those stories because it can be hard to do that when you’re spread across different areas.
And so that one was a really, really great one to get some practical information, but also to get to really celebrate her and her team and how far they’ve come.
Jenny: I love that. Lehigh Valley out of Pennsylvania, they were actually the last session on the last day, but Pamela and Kirsten came in with such amazing high energy.
It was so fun to watch them. They did something really similar, but it was specifically focused on internal comms. So, how do you better communicate, [00:07:00] um, especially, you know, to those frontline people, thinking like nurses, they’re so busy. They’re not going to have time to go log into an intranet. So they, in 2019, they actually launched, um, something, um, they use Sprout, uh, and it’s an employee advocacy tool within Sprout.
So that’s the backend of the system. But it basically is a social media platform for within their internal organization. So they can do everything from talk about new services, they can, uh, feature and highlight employees or amazing cases and outcomes. But the cool thing is they came up with a colleague ambassador program where they actually recruited about 30 highly influential folks across the organization and gave them access to the platform ahead of everyone else, gave them branded swag, all of this fun stuff.
Um, and then that helped really spread usage of this platform. And they said at this point, 88 percent [00:08:00] of their team downloads the app and uses it on a regular basis. One of their biggest spikes in usage is at 3 a. m. in the morning, which you know, is nurses, right? Working shifts. And that was the most difficult group to access before.
And the cool thing is they actually have it, it’s so well loved within their organization that they actually have people submitting and, um, putting content out and engaging with other people’s content all of the time. And they, they shared so many metrics about the number of posts and engagement that they receive on those posts.
It blows away anything else that I’ve seen as far as internal comms and the, the pride that they’ve built up within their internal organization. I mean, they had this tool, you know, during COVID, they used it to be able to make sure that all the communication was clear, it was just, they had the hashtag LVHN proud, and I was so proud for them just sitting there listening to all of their wins, because that’s a huge accomplishment.
Shelby: Love that. And it reminds me of, uh, one of the sessions that I sat in on again, kind of [00:09:00] talking about internal comms, but focused a little bit on when that’s not so easy and when it is really, really hard. And shout out to Jeff Stewart, uh, on the CHRISTUS Health team, because he did such a wonderful job being incredibly vulnerable, sharing very, very, uh, in depth and specific quotes that he received from executive leadership that were really, really difficult to receive when you’re going through a complete website architecture redo.
And some of the biggest takeaways from that discussion were, what do you do when you get that negative feedback, right? So he was really, really struggling with the physicians in their group because they basically had a website where there was so much competing information, the same information on multiple pages across so many different of their specific [00:10:00] health clinics.
And, the session I loved, it was called, Can We Just Put The Old One Back? Because four months after the launch of the new site, after they had data to show how consumers were able to more easily find and set schedule appointments, that was an exact quote that he got via email from someone that was, “You just got the old site and you just put it back up.”
Jenny: And I get that, right? Like these people are so busy. They don’t have time to learn a new site architecture. So that probably was really difficult for him to hear, even though he knew it was doing better.
Shelby: A hundred percent. And I love the way he gave some really practical experience on how do you deal with getting that kind of feedback and showing up with empathy first and understanding where they’re coming from and not going to defensive mode, you know, trying to protect your team has been working so hard on this, [00:11:00] but really trying to understand where they’re coming from and help them really take the data showing, Hey, consumers are utilizing this, but sometimes the data is not everything.
And so one of the biggest takeaways was also pulling in those stories. Here are individuals that haven’t received care in years and now they have a primary care physician. Like, those are the things to celebrate.
Jenny: Yeah. It’s absolutely amazing.
Shelby: Yeah. When those physicians voices, and that this was a big takeaway, when those voices are sometimes the largest voice in the room, everyone can agree that the patient’s voice is louder. And so, just figuring out ways to communicate that across your organization and to really help everyone move toward the same goal. It was really inspiring.
Jenny: I love that. So, um, Arkansas Children’s, they did an amazing presentation talking also about the power of using data for internal buy-in. And, um, you know, all organizations, many organizations, have this intrinsic belief that like, [00:12:00] we’re the best, especially if they’re in a space where there aren’t many competitors and they’re really one of the only large providers within your state or your region.
Um, and so what this group did, um, is they actually began using some, um, third party data to pull in to understand not only where the gaps in care are, so where, where are we within the state where there are large groups of pediatric populations where we perhaps don’t have an outpatient center location, or people have to drive more than three hours to be able to access care. And then they also use that data to be able to look at things like birth defects within certain counties of the state to understand what may be coming up as far as specialized services that they perhaps don’t offer right now, or they aren’t offering statewide in a way that can really service their growing population.
And it was really powerful because so many times we talk about data and dashboards and so many times it’s just focused on your own data and the power they had at pulling, um, mostly [00:13:00] free third party data that’s available through your state and county and some meaningful story that then can allow you to be much more comprehensive with your strategic planning was super just impressive for me.
It’s something that so many groups we work with want to get to, and it’s like part of the continuum, and it’s certainly a worthy goal. So kudos, Arkansas Children’s. So I love it.
And then I think, um, one of the other ones that I really loved was, um, Advocate Health. Kelly, Joe and Jamie. Their energy, it was so much fun watching them. So they were talking about, um, being consumer first, which all of us want our organizations to be. Um, but they were talking a little bit about, um, things like, how do you actually measure that?
Right, like, how do you, how do you talk about progress of becoming a consumer first [00:14:00] organization or improving patients access to care? Like what metrics are the metrics that matter? And one of the things that stuck out to me is they actually have developed this internal metric called ease of use. And that’s something that they use to be able to understand how things are progressing within their own org.
And so again, it’s like, um, it’s a made up metric, but it’s one they’ve all agreed upon as something that’s important and valuable to measuring progress. And I think that was a really good reminder that, um, you don’t necessarily have to use these industry standard, um, you know, statistical analysis or processes or formulas within your own organization.
You can decide, what is the metric we want to use to understand if we won or not? And that’s enough, right? Like that’s enough, that aligns all of your team as far as where that, um, you know, finish mark is. So it was really cool to watch them. One other, I want to call out Mary Cronin from St. Luke’s did such a phenomenal job.
She was on a panel of two other people, there are three people total within St. Luke’s. Um, and [00:15:00] they were, um, talking about strategic and design thinking within an organization, but one phrase that she said, um, that really stuck with me and I wrote it down verbatim is, “A way to be able to get organizational buy in is really thinking about that influence on the front end and the empowerment on the back end.”
So, as a strategist, it isn’t really our job to execute the concepts, but really is our job to be able to influence and then empower. So it was a really great takeaway.
Shelby: Oh, love that. And one of the, one of the sessions that I sat in on with Joel and Beth from Columbus Regional Health in Indiana, again, another Midwest friend, but, they talked a lot about this WellConnect system that they developed over the past 10 years.
And I love one of the things that they talked about as kind of a key takeaway was to be a gap filler. That [00:16:00] every system, like, there’s going to be gaps. They have a very diverse population and who’s going to do it if not you to help? And they really, really showed this sense of accountability for the community that they serve, which was incredibly inspiring, reminded me of what Brad said in the keynote about why do you love what you do and how powerful that question is, and it’s really, really neat to see that they have this free offering to their community where you can call a connection specialist and they’re going to help connect you to a PCP.
They’ll help talk you through your insurance if you’ve got questions or concerns and even connect you with other community organizations that can help support you. So if your insurance isn’t covered, oh well we know of this non for profit that will be able to help you. And it was just really really neat to see how they really took this idea that started with, okay, we [00:17:00] need a building downtown that can serve the community and how that just has spiraled over 10 years.
And now, they have all of these connection specialists and they’re looking to grow the team super soon. So kudos to them and all the wonderful work that they’re doing in their community.
Jenny: That is awesome. Um, a session that really reminds me of that is KC Children’s Mercy. They were talking about, um, how to be able to positively impact the patient experience.
So first, how do you decide what patient experience you want to improve? So they made this beautiful, super simple chart with four quadrants and, um, the variables about the quadrants is urgency versus frequency. So, they then mapped all of their different service lines within that chart to be able to figure out, you know, how to make the biggest impact.
And they decided they were going to focus first on, um, patients, pediatric patients that had multiple visits within one day. So it can be super overwhelming for the parent and for the child when they go and they have like five appointments stacked. [00:18:00] And so they began working with client services and a bunch of other groups within the organization.
And they manually executed their ideas to see if it made a difference before actually rolling it out. So my favorite example, and this is near and dear to my heart because so many of the children in my family have had long-term care issues in pediatric hospitals. Um, they began mailing these welcome packets or, um, um, anticipation packets like a week before the day where everything was stacked.
And it not only had a nice letter to the parent saying, here’s the name of your, um, care, what word did they use, it was like a care manager or your friend at the facility that will be waiting for you when you arrive and they’re there to answer questions all day. They would try to pull food vouchers if they were there all day and they met certain income requirements.
They had that information in their database. But then they actually would print out a schedule of the day with all of the appointments. And then they would provide [00:19:00] stickers for the kids to be able to put on the different events to be able to mark the completion of it. And they literally printed these out and mailed them for a period of time manually before they rolled it out formally to see if it works.
So I really like that scrappy initiative of saying like, hey y’all, we think this is going to make a big difference, but before we put tons of resources into it, let’s test and iterate and then we can roll it out. So it was a really great way to think about a physical experience improvement, um, in a, you know, test and iterate formula, because often we just think about doing that in the digital world, but it can still be done in the physical world as well.
So, I love it. So, uh, this was Hedy and Hopp’s second year, um, being at SHSMD. Uh, this year I did a presentation on HIPAA, FTC, and state laws. Super well received, standing room only, had so many good conversations afterwards. Um, but we will definitely be there next year. Next year is going to be in [00:20:00] Denver.
So if you have any questions about any of the sessions that we talked about, please reach out to the folks that we’re linking to in the show notes and tagging on LinkedIn, because the presentations were all just phenomenal this year. And I really look forward to next year to continue learning and meeting more peers.
So, thanks for tuning in. We’ll talk to you soon.
Shelby: Thanks so much.
Piwik PRO is an advanced, privacy-focused web analytics platform. Designed as an alternative to platforms like Google Analytics, it offers in-depth insights into website traffic while ensuring user data privacy. Prioritizing data ownership and GDPR compliance, Piwik PRO provides both on-premises and cloud hosting options. It caters to businesses wanting granular data without compromising user trust or regulatory requirements.
Significant features:
Third party integrations: Piwik PRO supports many integrations with other CMS, data visualization and data storage tools, and marketing platforms like Google Ads.
Piwik PRO is a first-party data platform that uses a similar framework to Universal Analytics. The biggest difference between Piwik PRO & other analytics platforms is the data ownership. This means that the owner of the website always retains ownership of the data, which is fairly uncommon in similar products. What the platform collects is entirely dependent on the tool’s setup, but the following are almost always collected:
Every organization’s definition of HIPAA-compliance is dependent on their legal team’s interpretation of the guidelines set by the U.S. Department of Health and Human Services. That being said, Piwik PRO falls pretty low on the risk scale because they offer self-storage and are willing to enter into a Business Associate Agreement (BAAs).
Piwik PRO is a data-forward, privacy-focused product, whose risk mitigation options go beyond entering into a BAA. That being said, it is a good idea to ensure you have the following in place in order to catch some common missteps:
It’s always important to connect with your legal team to determine how best to move forward. Listen to our HIPAA & FTC 101 podcast for more information about changes for healthcare companies.
Mixpanel is a popular analytics platform, similar to Google Analytics. It’s widely used by marketers who want an alternative to Google Analytics, an upgrade to GA’s free version without taking the steep price hike to Analytics 360, as well as product teams wanting to improve their users’ experience. Mixpanel can also offer a more customized analytics or reporting system without going “around the system” in the way you sometimes need to in Google Analytics (Google Analytics was to provide very basic insights out of the box for just about any user who was willing to complete a simple setup guide).
Mixpanel, however, is not intended for beginners, and instead focuses on marketers & product team members who are looking for a highly customizable product that exists outside of the Google ecosystem. Mixpanel’s popularity has grown further since the release of Mixpanel Marketing Analytics.
Healthcare marketers use Mixpanel to do the following:
Mixpanel is a first-party data platform that, much like GA4, operates on an event-based framework. What the platform collects is entirely dependent on the tool’s setup, but the following are almost always collected:
Every organization’s definition of HIPAA-compliance is dependent on their legal team’s interpretation of the guidelines set by the U.S. Department of Health and Human Services. That being said, Mixpanel falls fairly low on the risk scale, largely because Mixpanel is willing to enter into Business Associate Agreements (BAAs) with its customers.
Mixpanel is a data-forward, privacy-focused product, whose risk mitigation options go beyond entering into a BAA. Mixpanel is built on Google Cloud Platform, which is subjected to regular, independent verification of security, privacy, & compliance controls against HIPAA. That being said, it is a good idea to ensure you have the following in place in order to catch some common missteps:
It’s always important to connect with your legal team to determine how best to move forward. Listen to our HIPAA & FTC 101 podcast for more information about changes for healthcare companies.
GA4 is the latest version of Google Analytics, the most popular analytics tool in the world. It is also the biggest change to the tool since its original release in 2005. For the first time ever, Google Analytics will not be backwards compatible with previous versions of the platform’s tags. GA4 requires a complete reinstallation of tracking tags, which has many users reevaluating their tracking platforms. Paired with OCR’s recent bulletin which identified IP addresses as PHI, this shift in the ecosystem has made the question of how Google Analytics fits in HIPAA-compliance a hot topic for healthcare marketers
Google Analytics, unsurprisingly, collects a lot of data about your user:
Google Analytics 4 has made a lot of improvements that make it easier for companies to utilize stronger data privacy standards and move further into the age of cookieless tracking. These changes allow the tool to be used more in line with GDPR, CCPA, & other privacy policies. Despite these changes, however, Google Analytics is not HIPAA-compliant, as it still receives and stores PII/PHI, including device IDs, browser information, and location data, and does not offer a BAA. Google even explicitly states that “Google makes no representations that Google Analytics satisfies HIPAA requirements” and instructs users to refrain from exposing the software from any information that could be considered PII/PHI.
There are several ways to make Google Analytics safer with strong data privacy standards. These are available in the Privacy Controls section of your Google Analytics settings. While enabling these settings will not satisfy HIPAA guidelines, it could help safeguard some user data while you determine a path forward (see our blog, Auditing your marketing plan for HIPAA compliance)
PRO TIP: Server-side tagging is a data tracking method that can help organizations protect user data. While it requires a well thought out digital infrastructure, it can give organizations more control over their data and help them comply with privacy regulations while still using Google Analytics.
Google Tag Manager, or GTM, is a powerful tool that allows you to track user activity on your website or mobile app with minimal coding knowledge required. By putting one snippet of code on a website, GTM creates a container that can manage all of the various tracking codes on your website. GTM is also a great way to improve your website analytics, track conversions, and retarget visitors (when compliant) from and to a variety of platforms. It’s also a valuable tool for businesses of all sizes, from small businesses to large enterprises.
Here are some of the benefits of using Google Tag Manager:
GTM is probably unique in your tech stack in that it itself does not collect any data – instead, it provides a container with easily configurable tags, triggers, & variables that allow you to control exactly what tracking tools are on your website and how they send information back and forth. Common tags to have in GTM include:
A good way to look at GTM through the lens of HIPAA-Compliance is that it can be the vehicle for compliance issues, and that it completely depends on how a specific site is using their tagging setup. A GTM container can manage tags for everything from a Google Search Console verification tag (completely HIPAA-compliant) to a Facebook Pixel that is gathering personal data about users who may be visiting sensitive pages on a site (completely non-compliant!).
PRO TIP: As a general rule, conversion pixels are concerning in terms of HIPAA-compliance and should be avoided. Learn more about the recent updates in HIPAA guidance by listening to our HIPAA & FTC 101 podcast.
While Google Tag Manager supports some obfuscation options that grant some level of increased data privacy and protection, this is not a watertight approach. Often, the obfuscated data is still being shared with some third party processors. Server-side Google Tag Manager (sGTM) can be a much safer approach, offering more options for data privacy and allowing users to completely control which data is shared (and not shared) with each platform.
If you want to assess your GTM risk in it’s current set up, a great place to start is by extensively documenting the functionality of each tag in your account. From there, you can assess the risks of each tag and make a plan to improve data privacy.
PRO TIP: While server-side tagging is not for everyone and does not eliminate issues associated with third party tracking tags, this approach puts more power in the hands of your team to ensure that you are protecting your users’ data.
These changes may seem daunting (and even a bit terrifying) at first, but remember that dealing with change is what marketers are designed to do. We constantly need to adjust based on the information received and this challenge is no different. Marketers can either embrace this new world as an opportunity to improve trust with their audience, or keep doing the same thing until they’re forced to make a change (which is inevitable).
At Hedy & Hopp, we prefer the former, and want to share with you how we’ve helped our clients make sense of the changes and set themselves up for success in the long-term.
Want more details on these steps? Please keep reading!
Got a case of “TLDR”? Please get in touch – we’d love to help!
Like most evaluation efforts when a massive change happens, we start with an audit. Document all of the channels you use, plan to use, are investigating using or/and have used in the last 12 months (to account for changes with seasonality).
Supplement this list by using third party tools like Wappalyzer to identify any pixels, code, plugins, etc., that may be on your website.
PRO TIP:
It is important not to skip this part. We cannot tell you how many clients have told us that they removed a software but we still saw live tags in GTM or hard-coded on their website There are also many plugins that our clients didn’t even know existed that we were able to identify (and actually remove if needed) through using these tools.
At least in the initial stage, it’s important for marketers to know what applies to them. Covered entities are always beholden to HIPAA, but health-adjacent companies and non-covered entities also need to be aware of the FTC and state laws, where applicable. Most states require companies to reach a number of annual visitors or/and meet a specific revenue goal in that state before they are required to comply, but it does vary. IAPP is a great resource for keeping up with those details.
First, conduct a monthly traffic report for the last 12 months, and separate out by state.
Under the state(s) that are relevant to your company, review the following:
You will probably find a lot of softwares that can be excluded from further investigation, like Javascript libraries, fonts and some plugins. But there will be a host of others that, either by nature of the platform or based on your implementation, will cause some issue with privacy – specifically with the “selling” (or sharing) of personal information.
Below is a guide for the kinds of platforms we have seen make the priority list:
If this list freaks you out, we see you. It looks like EVERYTHING is a priority! So we broke it down even further to prioritize based on the intent of how the platform is using that data, which makes the list looks a bit more manageable:
Priority 1: Data shared with additional third parties or/and includes sensitive information
Priority 2: Data necessary to perform function
Ok, that probably still makes your heart race, but what’s important to keep in mind is that the biggest concern for these platforms is based on the information being shared and how. Tools like your Website CMS by nature need to collect IP addresses, so while your company is sharing that “personal” information with a third party, it might not be a big risk for your company since that access is required to work.
Why do we say that? Although an IP address is still considered PII, it’s not nearly as personal (i.e., 1-to-1) as a diagnosis, a name, or an email address. This is why it’s essential to work with your legal team to determine what platforms are riskier than others based on the agreements in place.
As a marketer, your first instinct may be to say that all of these softwares, tools and platforms are necessary. And that might be the case. In our experience, however, there are usually software or tactics that are duplicative or have a more compliant alternative. Think critically about what your marketing is doing for you and embrace the opportunity for refinement that you now have.
Here are some questions to ask yourself while evaluating the priority tools:
If you said “no” to either of these questions, definitely consider removing those tools and tactics and you’ll be on your way to a cleaner, more compliant marketing plan and website. If you responded yes to any of these questions, then the next step is an important one – so keep reading!
PRO TIP:
Consider if any of the tools are duplicative. If you can consolidate tools to limit the number of third party tags and tools on your website, we would always recommend doing so.
This is the big one – the future of your marketing activation and evaluation. This last part will take some time and collaboration from your organization and marketing partners. The main question here is how you can modify the implementation or replace the tool to improve compliance. Some tools may offer anonymization, for example, which would be worth exploring.
Each marketer will implement various tools in various ways (too many variables for this post!). Here are a few best practices that helped us get our clients up to par (without losing their minds).
PRO TIP:
If you’ve not done so already, this is the time to make absolutely sure your legal team is aware and involved in these discussions. With the number of nuances with HIPAA privacy, it’s critical that your company’s legal team has the opportunity to engage and provide input on updates, specifically on privacy policies and the company’s overall data privacy approach.
Once these changes are in place, consider the next 30-60 days as a trial period. Are you missing any data for evaluation? Any new questions arising with the data you can see? It’s a good reminder that any change that you make will take some adjusting, but that doesn’t mean insights can no longer be found.
PRO TIP:
Don’t forget to update your data visualization dashboards to account for any new placements, accounts or configurations!
A healthcare marketer can leverage LinkedIn advertising in several ways to effectively reach their target audience and promote their healthcare products, services, or brand. Here are some strategies and tips:
Targeting Healthcare Professionals: LinkedIn allows precise targeting based on job titles, industries, and functions. Healthcare marketers can target specific healthcare professionals, such as doctors, nurses, pharmacists, administrators, and executives, based on their job titles or industry affiliations. This ensures that the ads are reaching the right audience.
Thought Leadership and Content Promotion: Healthcare marketers can use Sponsored Content and Sponsored InMail to share valuable content, such as articles, research papers, case studies, or educational materials related to their field. This positions the marketer as a thought leader and helps build credibility and trust with the audience. Promoting webinars, conferences, or speaking engagements can also be effective in establishing expertise.
Job Postings and Recruitment: Healthcare organizations often have specific talent acquisition needs. LinkedIn provides targeted options for promoting job openings and reaching qualified healthcare professionals who are actively seeking employment opportunities. Healthcare marketers can use Sponsored Job Ads to attract top talent to their organization.
Brand Awareness and Reputation Management: LinkedIn advertising can help healthcare marketers increase brand visibility and manage their online reputation. Display Ads and Dynamic Ads can be used to create visually appealing brand messages and reach a broad audience. Marketers can also target specific industries, organizations, or regions to raise awareness of their brand and build positive associations.
Industry Events and Conferences: Healthcare marketers can utilize LinkedIn advertising to promote industry events, conferences, or webinars. Sponsored Content, Sponsored InMail, and Display Ads can be used to drive registrations, highlight keynote speakers, and generate buzz around the event. Targeting options ensure that the ads reach professionals interested in the healthcare industry.
LinkedIn collects a variety of personal and technical data from its users, including:
Remember – just because a targeting option is available does mean that you should use it. In fact, taking advantage of features that could make your campaigns more effective could be what compromises your HIPAA compliance.
After the updated guidance from the Department of Health and Human Services was released, things haven’t exactly been black and white as far as whether or not this crosses a line, but from our perspective, it really depends on how you use the platform – specifically the Insight Tag. Conversion pixels can compromise HIPAA compliance in a few ways.
While LinkedIn only keeps personal data collected from the Insight Tag for 180 days, there is a lot that can be done with this data in that time period. The HHS is also very specific that the sharing of, or even the ability to access any personal health information is a violation.
Pro Tip:
LinkedIn is somewhat unique in that healthcare marketers may be using the platform to reach a different audience than prospective patients. For example, if a healthcare marketer is using LinkedIn to reach HCPs (healthcare professionals) HIPAA may not even apply to those efforts.
That being said, there are also some tactics available in LinkedIn Advertising that aren’t unique to that platform but are never HIPAA-compliant, such as remarketing, lookalike audiences and uploading target lists. It is also important to consider other tools that have access to your LinkedIn data, including optimization and data visualization software.
As with most advertising platforms, there are steps that can be taken to mitigate risk and to protect your users’ data as much as possible. Some good rules of thumb are to limit conversion pixels as much as possible, consider a server-side tagging strategy, and to ensure that you are not using predatory tactics to reach people with a specific condition or disease.
As with anything HIPAA-related, compliance tends to lie on a spectrum of your risk tolerance as well as the steps you take to mitigate as much risk as possible.
Pro Tip:
It’s important to connect with your legal team to determine how best to move forward. Listen to our HIPAA & FTC 101 podcast for more information about changes for healthcare companies.
YouTube is a powerful tool that can be used for marketing in a variety of ways. It has over 2 billion active users, making it a great way to reach a large audience with your messages. You can target your YouTube ads to specific demographics, interests, and behaviors, ensuring that your messages reach the right people.
YouTube is a visual platform, so it’s a great way to create engaging content that will capture people’s attention. By creating high-quality, informative videos, you can build trust and credibility with potential patients. You can also use YouTube to drive traffic to your website by embedding your videos on your website or by linking to your website in your video descriptions.
Here are some specific ways that healthcare businesses can use YouTube for marketing:
This type of advertising, outbound marketing, is often used in conjunction with search ads, a form of inbound marketing from Bing or Google, which we have gone over the compliance of in previous posts.
Pro Tip:
YouTube does have specific guidelines around advertising in healthcare. Most notably, companies promoting pharmaceuticals & addiction services must be verified through LegitScript in order to advertise on YouTube’s platform.
Similar to Google Ads, YouTube relies heavily on the user being signed into their Google Account (which automatically becomes their YouTube account) in order to track behavior across a wide range of touchpoints. This means that YouTube collects the following data on its users:
Additionally, even just embedding a YouTube video on a website could be cause for concern, as the iframe sends information back to DoubleClick, the base advertising platform that Google uses. This means that users watching a YouTube video embedded on a third party site could have that video’s contents tied to their Google profile, which could potentially reveal sensitive health information about that user.
After the updated guidance from the Department of Health and Human Services was released, things haven’t exactly been black and white as far as whether or not this crosses a line, but from our perspective, YouTube advertising is certainly one that your team should think critically about, especially when you consider the long list of Google’s subprocessors, who could potentially have access to any and all data collected. This is especially true if you’re adding a Google tracking pixel to your website.
Furthermore, there are also some tactics available in YouTube Advertising that aren’t unique to that platform but are never HIPAA-compliant, such as remarketing and lookalike audiences. It is also important to consider other tools that have access to your YouTube data, including optimization and data visualization software.
As with most advertising platforms, there are steps that can be taken to mitigate risk and to protect your users’ data as much as possible. Some good rules of thumb are to limit conversion pixels as much as possible, consider a server-side tagging strategy, and to ensure that you are not using predatory tactics to reach people with a specific condition or disease.
As with anything HIPAA-related, compliance tends to lie on a spectrum of your risk tolerance as well as the steps you take to mitigate as much risk as possible.
Pro Tip:
It’s important to connect with your legal team to determine how best to move forward. Listen to our HIPAA & FTC 101 podcast for more information about changes for healthcare companies.
Meta, the parent company of Facebook, Instagram, and WhatsApp, is a leading force in social media. Its platforms are used by billions of people around the world, making them a valuable tool for marketing in nearly all industries, including healthcare.
While Meta offers several services for businesses including business pages, groups, and other options to expand organic reach, this article will focus on the advertising side of Meta.
Meta’s advertising platforms offer a variety of features that make them well-suited for marketing, including:
As a result of these factors, Meta’s platforms are a popular choice for marketing in a wide range of industries, including healthcare. Healthcare businesses can use Meta’s platforms to reach a large audience, or a more refined, targeted audience.
This type of advertising, outbound marketing, is often used in conjunction with search ads, a form of inbound marketing from Bing or Google, which we have gone over the compliance of in previous posts.
Pro Tip:
Meta does have specific guidelines around advertising in Healthcare. Most notably, companies promoting pharmaceuticals & addiction services must be verified through LegitScript in order to advertise on Meta’s platform.
Of all of the platforms you may be using, it’s possible that Meta is the one collecting the most information about your users. This is largely because users who see your ads are already registered users of Meta’s platforms, meaning that Meta has extensive profiles on each customer, even before they may view your ad.
More data can be collected if you have a Meta Pixel installed on the site that your ads are driving to. This pixel links events and conversions on your website to specific ads, as well as specific user profiles. Some of that data can even be passed through the click-through URL, meaning that data is shared with your analytics platform, such as Google Analytics.
After the updated guidance from the Department of Health and Human Services was released, there were two notable companies that faced scrutiny from the FTC, both of which were using Facebook marketing tactics. BetterHelp and GoodRx both settled for large sums after these allegations surfaced. The scariest part? They were using Facebook and Instagram ads in very common use cases. And while compliance isn’t really a black & white concept, from our perspective, Meta is a very risky platform that should be among the first platforms marketers evaluate.
Furthermore, there are also some tactics available in Meta Advertising that aren’t unique to that platform but are never HIPAA-compliant, such as remarketing and lookalike audiences. It is also important to consider other tools that have access to your Meta data, including optimization and data visualization software.
Some risks can be mitigated in Meta ads by taking advantage of options to enhance data privacy. These options include never using remarketing audiences and foregoing the Meta Pixel. This could disrupt how you’re currently evaluating marketing effectiveness, so if Meta is a platform you must keep to grow your business, there are ways to still leverage this channel with limited data sharing risks.
As with anything HIPAA-related, compliance tends to lie on a spectrum of your risk tolerance as well as the steps you take to mitigate as much risk as possible.
Pro Tip:
It’s important to connect with your legal team to determine how best to move forward. Listen to our HIPAA & FTC 101 podcast for more information about changes for healthcare companies.
Google Ads is a pay-per-click (PPC) advertising platform that allows businesses to display their ads on Google’s search engine results pages (SERP) and other Google properties, such as YouTube and Gmail. When someone searches for a keyword that is relevant to your business, your ad may appear at the top of the search engine results page. You only pay when someone clicks on your ad, so you can control your advertising budget. Google Ads offers a variety of ad formats, including text ads, display ads, video ads, and shopping ads. You can also target your ads to specific demographics, interests, and even locations.
Healthcare marketers can use Google Ads to reach the following audiences:
Pro Tip:
Google does have specific advertising policies that apply to some Healthcare products and services including pharmaceuticals, speculative and experimental medicine, clinical trial recruitment, health insurance, and addiction services. In order to advertise pharmaceutical products or addiction services, a LegitScript certification is required. In order to advertise health insurance, a G2 certification is required.
Google Ads collects a variety of data about its users, including:
Additionally, Google Ads can collect personal information, including names, email addresses, phone numbers, and location data when using Enhanced Conversions and Customer Audience Data Imports.
According to the updated guidance from the Department of Health and Human Services, there isn’t a clear yes/no answer. However, knowing that Google Ads will not sign a Business Associate Agreement (BAA), we think using Google Ads, specifically when using conversion tags, does pose a risk.
Furthermore, there are also some tactics available in Google Ads that aren’t unique to that platform but are never HIPAA-compliant, such as remarketing and lookalike audiences. It is also important to consider other tools that have access to your Google Ads data, including optimization and data visualization software.
As with anything HIPAA related, compliance tends to lie on a spectrum of your risk tolerance as well as the steps you take to mitigate as much risk as possible. Some risks can be mitigated in Google Ads by taking advantage of options to enhance data privacy. These options include using server-side tagging, never using audience imports, remarketing audiences, or enhanced measurement, and not tagging pages that could potentially pass PII/PHI in URL parameters.
Pro Tip:
It’s important to connect with your legal team to determine how best to move forward. Listen to our HIPAA & FTC 101 podcast for more information about changes for healthcare companies.