Similar to Google Ads, Microsoft Ads is a pay-per-click (PPC) advertising platform that allows businesses to reach their target audience on the web, on mobile devices, and in apps. Microsoft Ads offers a variety of ad formats, including text ads, display ads, and video ads.
Healthcare marketers can use Microsoft Ads to reach a variety of audiences, including:
Microsoft Ads collects a variety of data about its users, including:
Microsoft uses this data to serve ads that are relevant to your users, track the performance of ad campaigns, and improve its own ad platform’s performance.
You can see a full list of the data collected and accessed through the UET tag in their privacy section (“What data does UET collect once I install it on my website?), but that list will get longer with the new UET update set for June 29.
Additional Considerations
There are some tactics available in Microsoft Ads that aren’t unique to that platform but are never HIPAA-compliant. These include remarketing and lookalike audiences. Conversion pixels also may render your ads non-compliant, depending on their usage. It is also important to consider other tools that have access to your Microsoft Ads data, including optimization and data visualization software.
The updated guidance from the department of Health and Human Services, there isn’t a clear yes/no answer. However, knowing that Microsoft Ads will not sign a Business Associate Agreement (BAA) and doesn’t have the same kind of privacy configurations you can leverage in Google Ads platform, we think using Microsoft Ads, specifically placing their UET pixel on your website, does pose a risk.
As with anything HIPAA related, compliance tends to lie on a spectrum of your risk tolerance as well as the steps you take to mitigate as much risk as possible. It’s important to connect with your legal team to determine how best to move forward. Listen to our HIPAA & FTC 101 podcast for more information about changes for healthcare companies.
Today Jenny welcomes her longtime friend and VP of Marketing at TCARE, Julia Pitlyk. They dive into Julia’s transition from the consumer packaged goods (CPG) industry to healthcare marketing, discussing the similarities, differences, and best practices that have emerged along the way.
Jenny and Julia reminisce about their early days working together and reflect on how their shared love for problem-solving and complexity led them to the healthcare industry. Julia shares her unique experiences in both the CPG and healthcare sectors, highlighting the valuable insights she gained from working on billion-dollar brands and driving consumer-driven campaigns.
She also emphasizes the need to consider the holistic manifestation of a brand throughout the patient journey, extending beyond visual elements to encompass every interaction. They also discuss the complexities of the healthcare industry, and developing a strong brand presence throughout the patient journey.
Connect with Julia:
https://www.linkedin.com/in/jpitlyk/
Interested in working with Hedy & Hopp on a privacy compliance program?
Book time with Jenny today.
Connect with Jenny on LinkedIn
Explore what Hedy and Hopp can do for you
Jenny: [00:00:00] Hi, friends. Welcome to today’s episode of We Are, Marketing Happy – a Healthcare Marketing Podcast. My name is Jenny Bristow and I am your host. I am so excited to be joined today by my long, longtime friend Julia Pitlyk, who is the VP of Marketing at TCare. Welcome, Julia.
Julia: Hi. Happy to be here. Longtime friend, also former employee of yours.
Let’s not forget way back!
Jenny: true. It was like, 13 years ago. Long time ago. And it’s turned into a great friendship, so that’s right. Yes. It’s been so fun watching your career grow and continue to evolve. We had worked together previously at sort of an agency and then you left to go into the CPG world with a well known brand.
[00:01:00] After a while, you then pivoted and came into healthcare. So that’s quite a transition and I’m really excited to dig in with you and talk about the differences in the industries and maybe some best practices you’ve been able to pull over, or some, really big evolutions or differences that we can chat about.
So let’s get into it.
Julia: Yeah, that sounds great. I love that we both found our way into healthcare independently. I was thinking about that as I was preparing for this conversation. I feel like we just love problems to solve. We love complexity and bringing kind of clarity through it so it makes perfect sense that we would wind up doing marketing in healthcare where there are just such complex journeys and as everything from the journeys to the data analytics.
Always something to navigate, always a problem to solve.
Jenny: Well, we love helping people too. Right? We want our work to feel impactful, so I agree. Totally not surprised.
[00:02:00] So, let’s talk first about that transition. You were at that large, big packaged consumer goods organization for some time, and then whenever you made the pivot into healthcare, talk to me about some of your initial reactions and experiences with that change.
Julia: Yeah, absolutely. So I spent about eight years in the consumer packaged goods industry. My experience there was really unique. I think I sort of got to see some of the best of both worlds. Working within the walls of a company, building, managing and operating billion dollar brands. But I was also more of that entrepreneur, so I was on a team, focused on innovation and building out new business models, really focusing on directing consumer pathways.
So I really got to see, what does it look like? What can I take from that experience where it’s so much rigor around brand design, consumer insights brand management, really having that [00:03:00] data driven business mindset when it comes to marketing and branding, but also that scrappy perspective – designing the journey’s, experimenting, testing by design.
So I was really grateful to have that pretty unique vantage point. Especially knowing that, coming from more startup backgrounds, being able to always preserve some of that scrappiness was really helpful and that was absolutely necessary in coming to healthcare especially.
The role that I came to after my time in CPG was designing direct-to-consumer experiences and campaigns for healthcare, because I think a lot of legacy companies and healthcare of course, depending on the nature of the vertical you’re in within the healthcare industry a consumer-driven approach is a new one.
So the organization that I went to was very B2B focused, had a typical kind of healthcare sales-based model, account-based model with a large end market and field sales force. And so as they were thinking about how [00:04:00] do we reached consumers with our message. That was a very new way of thinking and was very grateful to have had the experience that I had from the CPG side because we leaned really hard into journey mapping.
We wanted to know at every stage of the experience, not just where does the brand need to show up and where do we need to market, but so much deeper than that. What is that consumer thinking, feeling, doing? What’s their mindset at each of these nuanced stages and how do we really design and deploy a really good experience for them?
So I took that and just absolutely lifted and shifted, of course with some modification, but applying it to healthcare and found that was a really successful way to bring some of these consumer driven campaigns to life. And it’s interesting because I think one of the benefits of healthcare is it is so human driven.
When I was in the CPG side, we’re selling packaged goods, right? Like there’s emotional ties. That’s what all the branding is about is you know, that [00:05:00] emotional resonance. And we were very insight rich. We had tons of great consumer insights and tons of great empathy work. But it’s always a leap to go from something onto the shelf to really like, winning the heart of a consumer.
Brands do it well, we did it well. They do it every day. But when you go into something like healthcare, that’s such an inherently, there’s nothing more personal than a healthcare decision for you or for a loved one. So being able to come into a space where empathy and insights and kind of that emotional connection are, should be the norm, should be table stakes.
Was really exciting because it made the way that we could deploy messages at the right stage of the journey. Really rich and personalized.
Jenny: Oh, I love that. So when you began to apply that experience in the healthcare space, were there any unexpected hurdles or roadblocks that you had to overcome and really change your approach?
Or do you think that most of your prior experience was [00:06:00] applicable?
Julia: I would say most of it was, the core of, how do I think about designing marketing? I’ll say a campaign, but really a marketing experience or a consumer experience. Leaning into the insights first and foremost, really not listening to anybody but the user insights and, the feedback, the call recordings, things like that.
That’s where I start. That’s kind of where I build my gut, I like to say, very data driven. You wouldn’t have raised me any other way when I first started working for you. But so much of that, the qualitative stuff is, that forms insights too. To me, it’s all about forming the gut.
I think from a marketing standpoint, we’re really data driven, but the data’s never going to tell you what to do. It gives you, insight and direction, but you have to apply that. And some of that is, what I like to think of as like a really well educated gut that’s connected to your heart that’s connected to the mind. Right. It all has to work together. So that was all really applicable I think with healthcare the most.
The biggest gap, I think is more [00:07:00] of the, this maybe sounds a bit tactical, but more of the channels with which we can go to market. Where I would say the gap between marketing to a consumer and then them actually getting, the product, the good, the service, within consumer package goods, it’s commercials, it’s coupons, it’s anything. And then you go to the store and if distribution’s done well, then it’s on the shelf.
And you put it into cart and you buy it. Or you go on an e-com site and do the same thing. Depending on the business model, within healthcare, you may be marketing to a consumer, but there is a big chasm, a big gap that they have to jump from wanting the good, the product – the medicine, the test, whatever, to actually getting it ordered.
So there is a very the journey maps and the messaging and all of those artifacts get a lot more complex because you have a much bigger landscape and ecosystem of stakeholders to educate. You’ve gotta think about, okay, well we also have to make sure we’re educating the providers.
There’s the payer angle [00:08:00] too. When I started in healthcare, we were in the testing space. So you literally had to have a provider order a test. So that’s a whole other set of education and tasks and jobs to be done.
So I think that, there are some kind of pure play, more true direct to consumer healthcare products popping up, be it telemedicine services or direct to consumer tests or medications or things like that, which feels much more straightforward and I should say normal, not in a judgment light, which is normal, a normal user journey compared to the really fragmented one that can happen in healthcare.
Yeah, and I’m sure you run into that too with a lot of your work.
Jenny: Yeah, absolutely. Especially depending on the kind of care. So for example, like cancer is much different than promoting say, bariatrics, where it may be a decision that is proactively being made versus a decision that your health makes for you and then you have to find a solution.
So I think that’s definitely an excellent point.
Julia: Yeah, that’s a great point [00:09:00] too, when I think about the journeys and you said a health event, something happening to you. As marketers, we’re always thinking about what’s going to trigger the beginning of that journey.
And in healthcare sometimes, and oftentimes, unfortunately there’s a very very personal, very intense, sad, heavy trigger that happens. A diagnosis, okay. Of yourself or friend or family member, and that’s, very crudely from a marketing perspective, that is a clear entry point from a marketing standpoint.
That’s, it’s not nice, but you know what I mean, it’s a way in. But my goodness, again, that’s where it goes to the empathy, the insights, the messaging, the respect that you have to have, the first words out of your mouth to someone to speak is absolutely critical.
But yes. You’re exactly right. In terms of that journey. I remember doing some of my initial journey maps when I came into healthcare, and I was so used to going all the way from awareness, engagement, conversion. I mean, I had direct to consumer e-com store, so I’m used [00:10:00] to cart convert, reorder.
And one of the first journey maps I saw really sort of ended at this more of this…Consideration stage, right? Because that’s all we could get the patient to do was say, I’m aware of this product. I know it’s for me. I’ve considered it. I want to talk to my provider about it. And I remember thinking, wait what more can we do?
How else can we help bring this along? And truly, to your point, it’s about helping someone who has a need and helping them fulfill it. But I think was the biggest adjustment I had to make was that, I could not have my e-comm side of transactions all the way through, and some healthcare companies do, but that was very much an adjustment.
Jenny: I love it. Let me, let’s kind of slightly pivot – still talking about the overall patient journey. Let’s talk about the importance of a consistent brand showing up throughout that journey. I mean, I think [00:11:00] it’s really interesting when you think about legacy, large well-known brands compared to tech startups and smaller organizations that maybe don’t have that consumer recognition and are still offering something really phenomenal to patients, but they’re not super well known, they’re not something that’s top of mind. How can and should marketers be thinking about the brand and the ways that it shows up throughout that patient journey?
Julia: Oh, I love that question. To me, a brand is a promise kept. You don’t do it for you as the organization. It’s really the brand is designed for the people that you’re serving. And that’s one of the biggest takeaways from, my time in cpg Again, that’s in a more commoditized space. The brand is really all you got.
So you have so much time and investment in architecting that. And I think it’s important for me to clarify to [00:12:00] marketers, but also especially non marketers, that when we say brand, it’s not colors and typography. That’s a part of it. And I could spend an hour talking about the millions of dollars spent researching some of those things because it does, it does ladder up to something.
But for me, I remember, in my, even in my early days of brand management, just as much what you say when you answer the phone when someone calls in as it is the colors, the typography, all of it Yes, actually it’s so much more than that. Especially for a company that’s developing a brand. My biggest advice is to think about the brand as just how your company shows up to consumers in every touchpoint.
And you said that yourself, you know how you show up and don’t. Don’t think of it as just the visual aspects or, sort of over invest or over architect in that. Cause you think about it, an iconic brand like [00:13:00] Nike, that was a $35 swoosh logo. Right?
It’s all the heart and the meaning and the manifestation of that core. Go to work with every touchpoint, especially the ones that are often outside of typical marketing control and really understand how your business is coming to life.
So go to the call center, right? Look at those scripts. Look at the way that those are being navigated. I think those are some of the channels that are often not under the umbrella of marketing, but actually, especially from like a call center standpoint, is one of the very few places where your brand voice is actually talking directly to your customer.
I did a lot of work with that in my CPG side as well, because we would spend lots of time and money thinking about brand voice, but that whole world was not part of marketing. And wasn’t really [00:14:00] influenced by it. So to me it was, oh my goodness, we need to bring that all in.
The brand is about the consumer. That’s it. If your consumer can feel how your org is structured then you have not done your job well. As a marketer, as an organization, it should feel really seamless. So I think tactically it’s looking at that journey. Any good journey’s gonna have these channels sort of defined.
And then it’s going and really making sure that what’s manifesting in those touchpoints are exactly how you’d want your brand as a person to show up in the world.
Jenny: I love that and I spoke at a class with Northwestern two nights ago, and one of the students had such a great question specifically about telehealth, so we’re gonna pick a very specific subsection within healthcare.
And she asked me what the importance of branding was in the promotion of telehealth services. And so I used a real life example. At Hedy & Hopp, we work with a lot of different telehealth service [00:15:00] offerings. As far as our clients, and I’ll tell you, it is much easier and cheaper to get a telehealth patient for Ascension or some large brand that already has that patient relationship and that patient trust than a startup that is trying to break in into the field.
Even if clinically, their outcomes are wonderful and they are great, if they’re not known, it’s gonna take a lot more work and budget to be able to even have a third of the ability to sign a patient up online.
Julia: Yeah, absolutely. I think there’s, so when you look at something like telehealth, and I’ve had this experience too in my prior role of designing a telehealth experience with a third party provider.
I think it’s really important too, in my mind, I wanna say the words brand equity, right? Which doesn’t really mean much to a consumer, but to me it’s looking at where is there the strongest [00:16:00] brand equity, or I should say, To put it in better consumer words, recognition and trust from that consumer or patient.
And let that lead the way. So your example with Ascension is exactly right. There’s trust, there’s a relationship, there’s scale of the brand. And so the consumer then has, permission to bring someone else to the table, to literally like think about if you came over to my house and you had a friend with you because of the trust that I have with you, I’d feel fine letting that friend in my house compared to a mild acquaintance or even relative stranger wanting to bring someone else in my house.
Like, it’s just very different and that’s the way I like to think about marketing, be it whatever channel, especially digital. I think we kind of lose the fact that we’re just humans with hearts and minds and I always like to think of like, okay, what’s just a real human example of what we’re trying to do here?
And so that’s how my mind [00:17:00] works. Like, if you bring someone over to my house because of the trust I have with you, they can come to the party. And I think that’s exactly, especially with the proliferation of online care and telehealth and there’s definitely some scrutiny and skepticism around it, especially as you’re looking to perhaps targeting older audiences.
There are bad actors in certain situations and I’m glad the consumers have a healthy amount of skepticism when it comes to their health. But yes, so I think in terms of if I’m a smaller company, a startup trying to bring in a telehealth partner tactically, I would really like to consider things like what would it look like to White label a service or just get the brand hierarchy done right?
Because you’re kind of just a bunch of acquaintance acquaintances showing up to a consumer’s house, and you’ve gotta respect that and you’ve gotta build trust. I’ve been in situations where a telehealth experience I designed, it was a provider referring a patient to my [00:18:00] organization and then we were referring them to Telemed and I kind of zoomed out on the creative.
I’m like, there are three logos, like to get it really clean and simple. Three logos, and this consumer maybe has 75% of a hundred percent of trust in one of them being their provider, and the rest are complete strangers. So how are we gonna do this in a way that’s actually gonna make them feel comfortable and that they know what’s going on, and kind of who’s on base in terms of providing them what kind of care?
And then back to my example of the journeys, like you’ve gotta also think about the service and fulfillment aspect of it. So who does the patient call and when, if they’re referred by Ascension to telehealth and they have a question or an issue, how do they know who to go to? And are the teams orchestrated and organized behind the scenes so that they’re not receiving a call from a patient saying, oh, sorry, that’s not us, you need to call Ascension instead.
Like, but that’s not great, right? So you’ve gotta really think about that [00:19:00] orchestration. Both from, I should say the consumer facing front end and the back end.
Jenny: Yeah. And the much more difficult thing, as we’ve already spoken about, is typically the patients coming from a place of fear, right?
If they’re seeking out telehealth, something’s probably wrong. And so, like you said, making it as easy and streamlined as possible is so important,
Julia: Exactly. That’s the promise that they’re thinking that they’re going to get from telehealth. Right. It’s easy, it’s streamlined, it’s not needing to leave the home.
It’s more access. Like what are the types of benefits that they think they’re getting that you better be sure that you at least deliver table stakes on, but definitely don’t make it in that negative in terms of making it more difficult, more complicated. Because you’re right, that actually just adds to the fear and the skepticism.
And if there’s a sense of urgency with what this patient needs to get from this. You best not get in the way of that as much as possible.
Jenny: Exactly. Well Julia, this was so much fun. It has been just a joy watching your career continue to [00:20:00] grow over the last decade plus. And I’m gonna link to your LinkedIn profile in the show notes.
So if anybody would like to connect with you, please feel free. I’m sure you’d love to continue the conversation.
Julia: Yes, I could talk about this stuff all day, so please connect. I would love that.
Jenny: I love it. Perfect. Well, for all of our listeners, thank you so much for tuning in and we’ll see you on a future episode of We Are, Marketing Happy.
You can’t fully understand the evolution of something without knowing the history. This is where Jenny and her guest, Michele Szczypka, Interim VP of Marketing and Communications at SSM, begin today’s episode. Michele expresses the importance of understanding the industry’s past to comprehend the impact of changes in the present. She emphasizes the value of this perspective for new graduates and early-career professionals.
Jenny and Michele discuss how healthcare marketing Initially started as PR and image-building for hospitals, but has gradually transitioned into true marketing and branding, aided by the emergence of marketing technology (MarTech) in the past decade. They highlight the challenges faced by early adopters of MarTech in developing models for ROI to convince hospital executives of the need for increased budgets.
Michele also notes the evolution of CRM in healthcare marketing which from their inception grew to allow more sophisticated tracking and measurement of marketing efforts. The implementation of CRM systems necessitated collaboration with finance teams and the establishment of goals and ROI models for different service lines.
The conversation shifts to the current concerns regarding tracking methodologies in healthcare marketing due to HIPAA and FTC regulations. Michele identifies two
camps and how they are reacting and/or pivoting. She and Jenny know that it boils down to the importance of respecting privacy and finding solutions that balance progress and compliance with guidelines.
Connect with Michele on LinkedIn
Interested in working with Hedy & Hopp on a privacy compliance program?
Book time with Jenny today.
Connect with Jenny on LinkedIn
Explore what Hedy and Hopp can do for you
Jenny: [00:00:00] Hi friends. Welcome to today’s episode of We Are, Marketing Happy, a healthcare marketing podcast.
I am super excited to have Michele Szczypka. She is currently the interim Vice President of Marketing and Communications at SSM, but she previously held the role of Chief Marketing Officer at Trinity Health for 18 years.
So welcome, Michele. Thank you for joining us.
Michele: Yes, thank you. I’m really excited to be here too, and it’s so nice to see you, Jenny.
Jenny: Thank you. So this is one of my favorite kinds of episodes. I’m really looking forward to digging into the history of measurement in the marketing world, specifically within healthcare.
I know whenever I graduated college and first started getting involved in healthcare, I knew what was happening at that time, but it was really difficult for me to understand what had happened 5, 10, 15 [00:01:00] years before I personally entered the industry. And I think having that perspective is really helpful for new graduates or for people, let’s say in the first five years of their marketing career because then they can more effectively understand how something that may seem like a small change can actually have rippling effects within our industry. So I’m looking forward to digging in.
Michele: Sounds good.
Jenny: Awesome. So let’s talk first about your role at Trinity. So it overlapped multiple transformative periods within healthcare and communications.
So let’s talk about that a little bit. Let’s talk about your experience.
Michele: Yeah, what you had said in the very beginning about people coming in and being new, also people coming from outside the industry have no historical perspective on how healthcare marketing strategies have evolved, especially now that digital has really exploded.
It just didn’t exist when we first started this work. Healthcare [00:02:00] marketing started out really, quite frankly, maybe over 20, 25 years ago. We were PR groups, trying to sort of tell this good story of what’s happening at the hospital, trying to develop just image and awareness.
And then we’ve sort of over time transitioned into true marketing, branding engines and also adding on a MarTech stack, which didn’t exist. I mean, as we all know, the MarTech stack has really come out in the last 10 to 15 years. So those that were early adopters really didn’t have models for ROI.
And really were trying to develop those to build the budget, to convince them, the hospital executives and CFO that, look, we need more money so that we can, really build out new strategies.
Jenny: And on that, let’s talk about the evolution of ROI specifically, because generally the justification of additional budget happens as a result of measurement and showing that it’s working.
So tell me a little [00:03:00] bit about what measurement was like when you started in your healthcare marketing career, and then what big leaps you have seen and have made over those years.
Michele: So, boy, there are so many different things that took place in terms of measurement.
We were desperately looking for measurement. What is soft ROI? What’s hard ROI? The soft ROI was really around, we did an advertising campaign and we would start to see the volumes creep up. And we could anecdotally say, yeah, look at what’s happening with our campaigns.
We put a bunch of billboards out, we did some radio and television advertising and we got all kinds of calls and that was great, right? And we believe that was because of our advertising. But over time, really trying to find ways to build out true ROI. Looking at what areas in the organization were great revenue opportunities, and then building out nurturing cycles. A sales sort of cycle, which didn’t exist before[00:04:00] for healthcare marketing.
How do you build that out? So we did start to turn to look into the new age of digital marketing and turning to partners that could help us determine the best practices that were out there and pioneer new models.
Jenny: One of the things as we were kind of chatting, prepping about this episode is chatting about the evolution of CRM and your work at previous organizations. Talk to me a little bit about what it was like when CRMs first came on the scene in the healthcare marketing space and how that changed the work.
Michele: It really did change the work, Jenny. I mean, CRM just didn’t exist. I mean, there were some database tools to keep track of how certain customers were interacting with us. And especially when it came to physician relationship management, like looking at the referrals that came in, but [00:05:00] not true, like looking at our customer base and our patients and how they interact with us.
And over time we said, we really need to be more sophisticated. So when we started, we were at meetings and you would talk with people about their new CRM tools.
Well, we did have this one group that had some ideas about how to do it and we decided we wanted to pioneer some of the work and brought in a partner. And they’re some other company today. But they were really building out new ways of interacting through CRM and being able to look at a little bit of the patient journey, but really starting to dig into when we did a campaign, were we able to really bring in some return on our investment?
One of the things I think I told you about was our CFO and our finance team. Really, it took a while to convince them that this was gonna work and to invest the expense to [00:06:00] in this type of tool. So then there needs to be, beyond the expense, there needs to be additional revenue, and we have to agree on what that model looked like in terms of what money might already be coming in because we don’t just advertise, but we might also have a new business strategy or even a new technology.
Right? And then what is actually coming in because of our campaigns. It was very exciting. It was very challenging, and it really was the beginning of this work that was not that long ago. We’re still early on in this journey and there’s so much more that’s happening now as we’ve, sort of explored with you guys looking at how to really do our patient journey. That’s something that’s happening in the patient experience world, right? I mean, that’s important to us too. But that customer journey, what is the consumer journey from the minute they look at your front door to what they, which is your website or other digital touchpoints to when they’re interacting with your [00:07:00] organization and starting to request information, starting to actually request an appointment or talk to your call centers.
What’s that journey like for them and where do we have gaps in how we interact with them?
Jenny: Yeah, it one of the things that whenever I meet with young marketers entering the healthcare space, one of the things I always tell them is, become best friends with the CFO.
You need to understand how they see and value marketing’s role within the organization so that way you can speak their language. So, as you were able to develop larger budgets to be able to implement CRMs, and you were able to really begin seeing and justifying and understanding the actual lift.
How did that change marketing departments? How did that change the way teams were built or the way that you communicated with, within the organization or with other leadership team members?
Michele: [00:08:00] So, when we started to implement all these CRM tools and some of the activities around that, we would predict a certain amount of money that might come in through a campaign. Obviously, that’s very difficult to do, but we certainly had goals and that was always by service line.
So those people that are, familiar with our sector service line is sort of like a product line, right? And so, if we put out a cancer campaign we knew there’s a longer journey for people to actually get into the system, it’s more around awareness, but there certainly would be a journey we’d have to agree on, what the length of period of time before we’re gonna see a return on an investment.
It’s different than a campaign that you’re talking about for bariatrics. We found that was one of the best ways of measuring more rapidly. People are dealing with weight issues. And they’re making decisions pretty rapidly over that. So we would see return on that investment much more rapidly than we would a different [00:09:00] type of service line.
And orthopedics, for example, also an opportunity for a higher or quicker turnaround. And when we’d make these goals, and we would tell our CFO, or our finance teams who also validated the model that we put together for their ROI, we worked with them directly. And then when we said, yeah, this is what we’re gonna test, this is what we’re gonna believe in.
And then when they started seeing the value, the investment either, continued or increased.
Jenny: Which is that’s phenomenal. Very helpful perspective I think. The big thing that’s happening right now that is on top of mind for every healthcare marketer is all of the things happening related to HIPAA and FTC and all of the tracking methodologies that we’ve all become so comfortable with having to change. We’ve really seen two camps. We’ve seen one camp where even super large systems are just pulling all tracking. They’re so afraid about doing the wrong thing, they’re just going to do [00:10:00] nothing.
And so we’re stepping back 20 years. And then on the other side, we’re seeing people actually implement correct tracking to be able to continue measuring their campaigns appropriately. So I would love your perspective on what you’re seeing at the leadership level throughout the country with your large network, how are people taking all of these changes and evolutions in healthcare marketing in stride?
Michele: Yeah, you kind of nailed it. There’s, there probably are two camps and there’s really very few things happening in between. I think there’s that anxiety about, wanting to really be sure that, we’re following the guidelines and making sure that we are protecting privacy.
And that’s so, so important. I don’t think there’s anyone that’s not concerned with that across the board with healthcare. So, we’ve made so many strides in what we can do in the marketing space, but we wanna be sure that we really honor and respect all of the issues that are out there.
So I think that what my personal philosophy and what [00:11:00] a lot of people that I’ve talked to really wanna do is be sure that you’re committed to progress. I mean, honestly, there’s a way to solve for anything, right? I mean, right now there’s AI, AI is coming out and it’s all over the place.
And AI is so exciting. There’s so much opportunity with it. And there’s some people that are afraid of it because also it comes along with some issues that you have to be sure that you’re avoiding. And I think marketers. We need insights. We need technology. We need tools to help reach people in better ways than ever.
And for us, we’re selling a product nobody wants, right? I mean, nobody wants to have healthcare issues, but do they wanna have good health? Do they wanna deal with health issues?
And you wanna know that you’re going to a trusted provider and trust is everything. Right? So some of the tools that have had to come offline, well, they’re, being retooled, if you will, to be secure. There are other avenues that perhaps you can pursue you. I don’t think you should [00:12:00] abandon this all together. This is my personal belief. I think that progress is something that is so important.
And if you pause, I mean you should be thoughtful and pause where there’s risk. But you should also think about, there’s always solution. There are always ways, and so pursuing that work and that passion for progress is important.
Jenny: I love that. And that is definitely the way that we’re all gonna continue having a positive impact on patients’ ability to access care.
So yeah. Thank you so much, Michele. This was such a wonderful episode. I hope for all of the folks that are either new to healthcare marketing as an industry or just starting their careers, that this was some helpful perspective. And thank you for being a guest.
Michele: Thank you. It was great talking with you.
We are thrilled to announce that our podcast, We Are, Marketing Happy was named the 2023 Healthcare Agency podcast of the year!
Thank you Medigy and HITMC!
If you aren’t yet subscribing to our podcast, View our We Are, Marketing Happy show page and Subscribe/Listen now!
With the new HHS/OCR bulletin surrounding HIPAA guidelines, healthcare marketers who use Google Analytics for measuring digital tactics have had to shift focus from the impending Google Universal Analytics (UA) data retirement (on July 1, 2023) to considering how their current (and future) data is being collected and stored. While Google will keep all UA data for at least 6 months after this date marketers cannot lose sight of what their plan is for storing this data before it’s gone forever.
The challenge: The HHS/OCR bulletin has many marketers questioning whether they should continue using Google Analytics as their third party tracking technology at a time when they may still be working on their full migration to GA4 (especially now that Google is automatically installing GA4 for Google Ads conversion tracking) and their plan to store UA data. What do they prioritize? What precautions do they need to take? Who else needs to be involved in the decision?
The bottom line: Regardless of what tracking platform marketers plan to use, UA data IS going away in a few months, and a plan to save and store relevant data must be made and started as soon as possible.
Our recommendation is to take your UA data storage plan into consideration as you plan to safely and compliantly store and track your future data.
Deciding to keep everything will likely be a challenge for most marketers, unless you have an in-house data engineering team who can store and organize all past UA data into a data lake of sorts. Depending on how large your website is and how far back you want to review data, you could be exporting (literally) millions of rows of data, spread across multiple spreadsheets, making data retrieval and analysis incredibly difficult (if not impossible).
We recommend first determining what data you want to look at on a regular basis, and how it needs to be analyzed to make this data storage process as seamless (and as useful) as possible. For example, if you use mobile vs. desktop traffic to inform your advertising spend, you’ll want sessions by device saved by week or month. However, if you really only reference mobile vs. desktop traffic to understand trends over time, you likely only need sessions by device by year. Moving a dimension to yearly will likely save you thousands (if not tens of thousands) of rows of data to later have to sort through and aggregate.
Doing this step first will also help you better evaluate your options for tracking and storing data in the future – it’s a good exercise (and discipline) to root your organization on the data that really matters and have a plan in place to retrieve it easily.
Where do I begin?
When considering what’s important, always begin with your business objectives and the website KPIs you’ve established to measure success. If you have not done so already, start this discussion today and include your marketing, sales, IT teams and leadership if needed, to ensure you’re not leaving out any core metrics that other departments require to determine success or opportunities.
Since this data will no longer be available in your Google Analytics account, the data you want to keep will need to go somewhere. This is where your technical and IT teams come into play. As long as it’s useful and works for what you need, we recommend sticking with whatever system you have in place for future data tracking and storage (see Step 3!)instead of building something separate.
A few options for storing this data include Google’s BigQuery, Amazon Web Services (AWS), or even spreadsheets with pivot tables, if you don’t have a lot of data.
Next, think about how you want to access this data (and who else will need access). Tools like Looker Studio, Tableau or Power BI can be really helpful in aggregating and visualizing your core metrics, as they are straightforward and more user-friendly than complex servers that may require a more technical or experienced hand. Setup and maintenance is fairly simple once you have your core metrics and KPIs established (remember Step 1!).
Finally, test, test, test! Once your data has been stored and accessible, it’s important that you play around with it to make sure you have the right dimensions and filters available. Do this before the deadline to avoid any gaps or issues in future reporting and analysis!
Not sure if you have the right data? Here’s a tip: find a recent request from a colleague and try finding the answer in an older time frame from the UA data you stored. Were you able to access that data? Any missing information? Was there any additional or manual work you needed to do to find the answer?
You can learn more about Hedy & Hopp’s guidance for understanding the new guidelines and ways to make tracking compliant here. But the key things that matter for storing and accessing UA data relate to where your data can be stored moving forward in consideration of your success metrics (see Step 1).
For marketers currently using Google Analytics, we see a few options:
Throughout the decision making process it’s important to consider how your new setup can account for past analytics data storage, too, if possible. Ideally, the quicker solution for UA data will also be a compliant one.
Where do you go from here?
If this seems doable, great! Our hope is that this 3-step guide will help you stay on top of what’s coming and feel confident that you know what needs to happen and who to involve in your organization.
However, there is a LOT to think about, and we know that you may need to shift focus to other priorities. If you are feeling overwhelmed, don’t have the time, or are just not sure how to start, please reach out to us! We’d love to help you evaluate your current set up and get you on the right path forward.
After Jenny’s two-part series on the new HHS bulletin and movement from the FTC from two experts, she is recapping and giving a broad overview emphasizing the most essential parts you need to know.
She discusses what compliance used to mean, what you could be doing unknowingly that is considered sharing data, and the reasoning around the fines levied at GoodRx and Better Health.
She digs into what shifts organizations can make to their analytics and marketing to become compliant but continue marketing campaigns to service prospective patients.
Finally, the episode wraps up by explaining the three-part program that Hedy & Hopp is using to help healthcare companies across the United States become more confident in their marketing and technical work with these shifting rules.
Interested in working with Hedy & Hopp on a privacy compliance program?
Book time with Jenny today.
Connect with Jenny on LinkedIn
Explore what Hedy and Hopp can do for you
Jenny: [00:00:00] Hi, friends. Welcome to today’s episode of We Are, Marketing Happy, a healthcare marketing podcast.
I’m Jenny Bristow, and I’m the CEO of Hedy and Hopp, a healthcare marketing agency. We’re a full service agency, but we’re really nerdy and great at marketing and analytics. Our history as an agency has been always be really analytics focused, helping our clients be compliant.
But as many of you know, the FTC and HIPAA goalposts have recently moved, and so we’ve done a two-part series – an attorney’s point of view and a marketer’s point of view on all of the recent shifts.
So today I just wanted to do a quick 101. If you only have five minutes (let’s hope I can keep it to five minutes becuase I’m quite verbose) but if you only have five minutes to understand what’s going on and why people are so concerned right now, let this be the five minutes that can help educate you.
So I’m gonna walk through a couple of things. First of all, let’s talk about what being [00:01:00] compliant used to mean. My agency has been around for almost eight years, and we’ve always been helping healthcare organizations become what at that point, was believed to be HIPAA compliant, following all of the rules and guidelines set forth with HIPAA.
What did that mean? Well, we worked with an attorney and they helped create guidelines, again, based off of the interpretation of what HIPAA was trying to say through the lens of digital marketing. Most of what internal legal teams were focused on were around the clinical settings, not so much around marketing.
Many marketing teams we began working with eight years ago had never chatted with their internal legal teams about the things they were doing and how to be compliant. So some things that we began doing right off the bat and the things we’ve been doing with our clients up until now:
Number one – Not collecting or obfuscating the IP address whenever possible. So with Google Analytics, for example, turning it where it does not collect the IP address.
Number two – [00:02:00] not doing super specific retargeting. If an organization wanted to do retargeting, let’s say for example, a local children’s hospital wanted to do it, you could do retargeting at a brand level, but not specific to the pages of the site that they visited.
So not specifically around pediatric cancer, pediatric eye care, etc. It’d have to be at that brand level.
Our organization also made sure not to capture or touch PHI. Every team member goes through HIPAA training to be able to understand HIPAA as well as identify PHI as we’re doing marketing campaigns for our clients.
And then we also always avoided signing BAAs because again, if we purposefully touching or collecting PHI, our organization didn’t need to do that.
So what has changed? Two things happened. We’re gonna break it into the FTC and then we’re gonna break it into the HIPAA side.
So FTC is really going after those healthcare adjacent organizations, so not necessarily [00:03:00] organizations that have to comply with HIPAA, but organizations that are healthcare adjacent.
With this tech boom, in the healthcare space, there are tons of companies popping up that are dealing with patients, yet are not covered entities. So FTC is specifically going after folks because they are selling data to third parties without consent.
Now, hard stop.
Many organizations do not realize they are selling data to third parties. The way that this is being interpreted by the FTC is if a Meta pixel is on your website and you’re sharing your patient’s information or user’s information with Meta/Facebook in order to understand conversions for ads, that is consideration legally, that is considered selling the data in exchange for getting something in return, which is that conversion data.
So, they also believe that disclosing that you’re selling the data [00:04:00] to meta in exchange for conversion data, the average consumer would not agree to that. So you can’t slap it onto your new privacy policy saying that, hey, by the way, we’re giving your information to Meta thanks, hit okay. You can’t just add it on there and think that you’re going to be okay.
So that is what is behind both the BetterHealth and the GoodRx fines. So both of them, and you can go online and you can read all of the language. The FTC basically said, hey guys, you sold your customer’s information to Meta.
And both GoodRx and Better Health said we believed we were following marketing best practices. Everybody does this. It was considered okay, but fine. We’ll pay a fine.
I actually will second that. Everybody in the industry believed this was okay. So this is a, a goalpost that has been moved. and so it’s really helpful to understand the history behind that. So at this point, third party pixels of any kind should not be on a healthcare website.
That could [00:05:00] include tools like Lucky Orange, or CrazyEgg or any user testing tools, any form tracking technologies, any advertiser pixels. None of those should be on your website as a result of these FTC fines. Now let’s talk about HIPAA. So OCR and HHS submitted a bulletin in December, not a new law, a bulletin, which is their interpretation of the law, and a little bit of clarification that did a couple of really important key things.
First, it defined an IP address as PHI. It was very vague before and many attorneys that I talked to said, well, if you wanna be conservative, let’s say an IP address is PHI. So that’s what we had always done. But the average marketer and what HIPAA had said before did not say the IP address was PHI.
What they also said is that even if you tell a tool not to collect an IP address, if it CAN collect an IP address, like if the tool has the [00:06:00] ability to do that, then you’re not compliant. So all of my marketer friends out there that are currently using Googled Analytics or Google Analytics along with Google Tag Manager and have it set up not to collect IP addresses, guess what?
You are not compliant with this new bulletin tin and you are consider having a data breach.
Huge concerns. 99% of the marketers I know in the healthcare space are all using Google Analytics and Google Analytics is not compliant with this new bulletin. The other thing that they clarified is the importance of having a business associate agreement in place with any tech vendor that can see the IP address or device ID or any other individually identifying information, which again, is much more specific in this bulletin.
So Google’s never gonna sign a BAA. Meta is never gonna sign a BAA. And kind of to their credit, if they know that they can’t properly keep data safe with their tech stacks, then good for them, you know, for not just signing one or, [00:07:00] you know, rushing to create a new business unit to serve this.
So, How can companies be compliant?
How can marketers in healthcare actually be successful with these new guidances from the FTC and with HIPAA? One more thing that I wanna point out is GDPR and state level privacy legislation. So GDPR in general is a European law does not apply to the United States, but the structure of GDPR is really similar to the state level legislation that we’re seeing in California and other states that are proactively pushing state level privacy legislation.
So a lot of our clients are choosing to go ahead and become GDPR compliant, and then just monitor state level legislation. You have to have a certain percentage of your traffic within a state when a state passes state level legislation before you have to be concerned about it. So, it exists and that’s another data and privacy concern.
But again, we’re really gonna focus on FTC and HIPAA [00:08:00] when we’re talking about how to become compliant with these next couple of minutes. So you really have three options to become compliant.
Number one – a new analytics tool. Get away from Google Analytics.
Work with an analytics tool that’s willing to sign a business associate agreement. It either can be self hosed. You host it yourself on your own server or they can host it, but again, you can capture IP address and continue to track your conversions as long as you have a BAA with that company that’s willing to make reassurances to you that they will keep that customer and patient data safe.
So new analytics, platform.
Number two – server side tag manager. So this is a great easy solution if you’re already having a lot of dashboards or downstream workflows that feed off of Google Analytics. A lot of folks had just invested a lot of money to move over GA4, so to move over to another tool, is just emotionally exhausting for a lot of us to think about. With the server side tag management[00:09:00] solution, you can actually set up Google Tag Manager as a server side solution, which is really great. However, again, you have to have the IT infrastructure internally to be able to manage that. Because that’s not something Google manages. You have to have that server and you have to have a BAA with that server company in order to make that happen.
Number three- you can do, I’ll describe it first, a cloud based tag manager/buffer. So the term they’re using is a CDP – a customer data platform.
But it’s easier to imagine it as like, here’s your website, here’s Google Analytics, and it’s sort of like a little barrier that goes in between. So all the information you’re tracking on your website goes through this barrier, or CDP, and gets filtered and cleaned out, and you monitor and pull what data you don’t want to go into the analytics tools and then you can continue using Google Analytics.
Again. This middle company will sign a BAA with you. It will really allow you to continue using a lot of your tech stack and continue tracking those [00:10:00] conversions. So, there’s a couple of different things.
So we, Hedy & Hopp, we have actually partnered with an attorney, his name is Drew Westbrook.
He was on the episode two weeks ago where we were talking about his perspective on the shifts, and we’ve partnered with him to create this three part process where we do an audit, educate, and recommendations for our clients.
So if you are stuck in a point where your tech team and your marketing team and your legal team are kind of fighting and your legal wants you to remove all your tags and marketing wants to keep doing their work, and you need to come up with a new analytics and marketing strategy, call us!
We have become experts in this really quickly and have just immersed ourselves in all of the legalities and the technical solutions. We’re helping folks across the country with this.
So it’s a three part solution. First audit, you look at every single thing you’re doing from an analytics, marketing and CRM database perspective.
So where and how are you talking to prospective patients online? [00:11:00] Wherever that is, we’ll include it in our audit and we’ll flag all the areas of concern.
Next is educate. On the educate side, we’re gonna tell you why those things are of concern, why you can’t do them anymore, or how we may need to change them.
And we’re also gonna Educate you about the legalities. We have a risk tier model that we’re using to help people kind of figure out where within that sliding scale they wanna be. Do they want a gold star from OCR or are they okay kind of being in the middle? Maybe they feel their organization isn’t really high risk so they’re okay being a little bit riskier in their setup and maybe using some current processes they’re using now without overhauling everything.
Anyway, we work with them, figure out where they wanna be on that sliding scale, and then create a full recommendations deliverable that then walks through and says, here’s all of the things you need to change with your analytics. Here’s all the marketing tactics you either no longer can do, or how you can do them differently. Here’s how you can track your conversions. Using this new setup so you don’t lose that [00:12:00] information you need so desperately in order to do your job.
We absolutely love this work, and are having so much fun because again, at Hedy and Hopp, we’re a full service marketing agency and our passion is improving patients access to care.
So it pained us watching all of these healthcare organizations have a knee-jerk reaction and just strip all of their analytics off of their website and stop all of their marketing. Because what that means is when that scared patient go to the to Google to be able to find a provider, they’re not gonna be able to find you.
And that for us is really a worst case scenario. So we’d love to be your partner to help make sure your marketing continue and that your legal team feels really comfortable with our recommendations and they understand why we believe they’re compliant, or they are compliant with all of the new and changing landscape.
And then bonus. If you work with us on this program, we will continue to educate you, and inform you as case [00:13:00] law is defined and as the goalposts continue to shift.
Because again, this is not a once and done conversation, it’s gonna continue changing over the next couple of years. So all of our clients get that added benefit of our education and that existing relationship.
So again, give us a call if you’re struggling with this, we’d love to help you. Again, we’re Hedy & Hopp, a full service woman owned, independent agency.
We hope to see you again on next week’s episode. Thanks.
Is your team scrambling trying to figure out how to make your marketing analytics setup HIPAA-compliant with the new bulletin? Yep, everyone else is too.
Today, Mark Brandes, Hedy & Hopp’s Director of Analytics and Decision Science joins the podcast to talk about the huge impact this bulletin from OCR has on healthcare marketers (as well as the FTC’s ruling against GoodRX).
Mark talks about tools and processes that were considered best practices prior to the OCR bulletin and how our approach to HIPAA-compliant marketing has changed. He talks about the reason why third-party marketing pixels are causing so much concern and are difficult to control.
Jenny and Mark wrap up the episode by talking about the three-step process Hedy & Hopp are using to help clients become HIPAA-compliant – Audit, Educate, and Recommend. We’re working as a middle ground between marketing and legal teams, making sure both groups get what they need! Listen in to learn more.
This (episode 17) is part two of a two-part series (part 1 is available here)
Jenny: Hi, friends. Welcome to today’s episode of We Are, Marketing Happy, a Healthcare Marketing Podcast. I am thrilled today to welcome one of Hedy & Hopp’s own team members, Mark Brandes. He is our Director of Analytics and Decision Science, and this is part two of a two-part conversation about the crazy bulletin that is shaking up analytics in the healthcare marketing space.
Last week we chatted with Drew, an attorney that specializes in digital health, and has a very deep understanding of HIPAA and the implications of the bulletin. And this week we’re gonna be talking with Mark about real world [00:01:00] implications. How are marketers responding and, what changes and shifts are we seeing today and plan to see over the next coming months. So welcome Mark. Happy to have you.
Mark: Thanks, Jenny. Glad to be on.
Jenny: So you’ve been in analytics for a long time. and I say that with love, not calling you old, but I, very much appreciate the perspective of people that have been in marketing analytics for a decade because then you really have seen the shifts over time.
But specifically, let’s say over the last couple of years, what are some standard things that we see when we begin working with a healthcare system or a healthcare provider? Really any covered entities that we work with. What are some standard things that you have seen, up until now that they’ve been using from an analytics perspective?
Mark: Yeah. So over the past few years, things have definitely shifted on us. I think the first big domino was probably when [00:02:00] GDPR hit. There was already talk about privacy and patient confidentiality. Before that, when GDPR hit over in the EU, that’s when really people started to really take it seriously that, hey, there’s something going on with this privacy stuff and we need to be careful of what we do.
And so in the states here, it wasn’t our law, so it doesn’t necessarily affect us, but there still was the ripple effect of, well, we should be thinking about this too. And a lot of places already started to proactively kind of take some of those steps, putting up some cookie banners, asking people for consent before they go on the website, letting them know how the cookies are being used.
Some of that already was changing, which was a good step. And then you had some other litigation that, or not litigation, I’m sorry, some other legislation that came in like the CPPA in California. Then there’s a few others that are, in the process of getting put into law now across several different states.
And so all of those are gonna have very similar kind of things where you’re gonna need consumer consent, you’re gonna have [00:03:00] to let people know what you’re doing with their data and their information.
Jenny: So that was an excellent overview. Thank you.
So in general, I will say that if you think about all of the covered entities that we work with across the country, regardless of size, we work with some of the largest hospital systems in the country, all the way down to single or perhaps multilocation, groups.
Almost all of them are using Google Analytics. Almost all of them are using Google Tag Manager. A lot of them are using call tracking software. I mean, one of the things that we all believed to be appropriate – we had received a legal opinion that we were using to implement according to the perceived HIPAA best practices – was that if you obfuscate or do not allow the tool to collect the IP address, that would be considered compliant.
With HIPAA’s new guidance and this bulletin, that’s not the case anymore. And so can you walk through a little bit what that implication is as far as how the [00:04:00] tools are leveraged or why that’s gonna be very difficult to continue using something like Google Analytics?
Mark: Yeah, definitely that OCR guidance that just came out was definitely the next seismic shift for us in the digital marketing landscape.
One of the big things they said was really, it was even about passing personal health information. So not only identifiable stuff, but just passing health information seem to be a HIPAA violation based on this guidance. So one of the things that we’ve really focused on was, on some of our clients’ websites even a page that talks about a specific ailment or a specific diagnosis, trackinga page view could be seen as a HIPAA violation now based on this guidance. and so that’s a really interesting shift. Before now it was kind of common to just, you put the page view tag on the website across all the pages so you can track them all and see how people are looking at them, what the volume is.
And now, you’re probably gonna have to be a little more careful about what pages you’re putting on these. It’s specifically called out things like login pages, anything, [00:05:00] after a login. So anything after a user’s been authenticated. Those definitely seem to be off limits at this point. But even some of the non authenticated pages, like I mentioned, you’re gonna have to be careful where you’re putting stuff.
So certain forms that get submitted if they’re on a certain page, even if you’re not collecting what’s on those forms, like what’s in them, the fact that they were put on that page, would indicate that the user was interested in that information and therefore that could be seen as, some PHI that you’re providing that other software.
So that’s one of the big shifts that’s happened. And I think the biggest thing is it came kind of outta nowhere. It was kind of a surprise to us. There was legislation that we were seeing moving through the system, and we were watching it and seeing what the impact was and we could prepare for it.
Because HIPAA was already in place and this guidance has just kind of adjusted how we look at that and what it applies to. I think everybody was taken by surprise a little bit. So I think there’s been a lot of scrambling. So some of the softwares that we’ve been really comfortable with, like Google Analytics [00:06:00] software, has been comfortable with like Google Tag Manager or even some CRM tools, right?
Or some of our platforms that we use, Facebook, Google Ads, Twitter, things like that. Those pieces of software that we were kind of comfortable using, passing data to them, using that to optimize our own campaigns. A lot of that has become a little hazy now about what we can and can’t do.
Jenny: Yeah, let’s talk about third party pixels, because we saw the FTC leveraged a huge fine against GoodRx, who is not a covered entity, by the way, but they are still in the healthcare space.
So it again, calls out the importance of paying attention to the safety and concern of patient data, regardless if you’re a covered entity or not. But they got in trouble for having meta pixels on their website. And they actually, in the settlement of it, said that they believed still that they were willing to pay the fine, but they still believed they were following marketing best practices by having those pixels on.
Jenny: Talk to me a little bit about how third party pixels work. Like if you’re [00:07:00] explaining it to a super non-technical person, which I think is one of the big difficulties that marketers have when working with their internal legal teams is explaining how pixels work. So give that to us a little bit, if you don’t mind.
Mark: Yeah, definitely that the GoodRx one in particular was quite interesting to me. Because if you were to read what GoodRx’s response was to that, it sounded like any company you could pick across the states, that’s exactly what they would be saying as well, right? Like, we did this was best practice, we didn’t do anything out of the normal.
It’s just all of a sudden you’re telling us it isn’t okay to do that anymore. So, it was really interesting seeing that. What’s tough is that if you look at the way, I can’t remember what the name, what’s the name of this? The entity, not the OCR?
Jenny: The FTC.
Yeah.
Mark: FTC. Yeah. So if you look at what came across and what they said was that GoodRx had shared all this private information. They’ve done all this and what’s tough is that it’s tough to find out where’s the truth in that, [00:08:00] because I don’t think GoodRx was intending to do that, at least based on their response.
But because of the way some of these pixels work, they almost feel like black boxes, so to speak. You put that pixel on and your intention is that you’re sharing, hey, this random user clicked on my ad. They did my conversion. That’s great. Let Facebook know that, or let Google ads know that so that Google Ads can then optimize your campaigns.
But what’s interesting is when you actually think about, well, what does that optimization means, typically it means, well, that person did it, so I’m gonna find more people like that. And in order to do that, then the service has to know something about those people, about what they’ve been doing, what sites they’ve been on, who they are.
And so once you start thinking about kind of the mechanics that go into that, it’s like, oh, I guess they are providing some information. And again, I think most places are doing that with the intention of just, I wanna make sure that I get to the people that want my [00:09:00] stuff. I don’t wanna just be spraying it out and spamming people.
Mark: I want to get to the people I that really need it. I think about a place like an addiction treatment service or something like that. Sure, you’re trying to send out some information, some marketing to let people know, hey, this service is out there. If you’re struggling, we’re here to help you, but without the kind of data that you need to really target in on people that may be struggling, people that may be needing help with that, you could end up spending, sending that message to a bunch of people.
And a lot of those places, especially some of these small healthcare entities, don’t really have the budget to just spray it out to everyone. Right. it’s not the Mad Men days where we can just kind of have huge unlimited budgets.
So really it was more about us trying to focus in on the people that really need our help. It wasn’t anything nefarious necessarily, but what happened and what we realized was that Facebook could take that innocuous information that we figured and they can turn that into something worse because of what they’re doing on their end.
Mark: And so then unfortunately through that process we have to realize, oh, well maybe we can’t share [00:10:00] this. Maybe we can’t share that. And I think that’s where a lot of this is coming from. Some work has been done. What’s tough is that, like I mentioned, those pixels are really black boxes.
Sometimes it’s just this little tiny one by one pixel that gets sent. But because you open that window, it has access to a lot of other things. What your browser stuff is, the history of your browser. Well, not history. I’m sorry.
Jenny: If you’re logged into the browser, it would have a lot of information.
Mark: If you’re like logged into Chrome, then it has all of that history that could be tied to it. Like for Google. Yeah, exactly. What your settings are, those kinds of things. Yeah. We would have access to that kind of stuff.
And so because of that, even opening that window, there is some issues there and some of that is because we have to go through browsers and so because we’re using those browsers, there are some ways around that. Some companies are coming up with APIs where we can pass stuff through APIs instead.
Mark: So we’re kind of bypassing the browser, but that still doesn’t get around the fact that [00:11:00] we’re still providing information to that third party about that user. so there’s all this gray area and what’s tough is we really need some of these software companies to actually help us out. Their best interest is making money for their company, and data is huge business right now.
And so it’s kind of not in their best interest to help us kind of protect those users. Now we have seen some companies trying to help us with that. Recently I heard that LinkedIn is trying to make some updates about their group policy, who they share their ads with, stuff like that.
Mark: So I think, I’m hoping that some companies start to come around and help us out with this. But some of these companies are so big that I don’t think that’s one of their priorities. So then unfortunately that onus shifts to the individual users who are setting this stuff up. And so we have to just figure out how to protect ourselves when we can’t rely on those companies to actually protect us.
Jenny: Yeah, that’s such a great point. And I think it’s interesting too, like we Google so large, but I [00:12:00] think their are days of being the forefront runner in innovation are behind them. So expecting them to respond, as quickly as smaller companies can, to be able to capitalize on this opportunity to begin billing a lot of healthcare organizations that have previously been using their services at no cost, it may take a lot longer for them to respond than, it would have a few years ago.
So, one of the things I’ve been really proud about at Hedy & Hopp is the way that we’ve been responding to this. So, we like to say Pivot with Positivity because you never know what’s gonna happen next in healthcare marketing.
But we partnered with Drew Westbrook to be our legal counsel and we’ve developed three tiers of risk, and a great three step process that allows our clients to work with us to really bridge the gap between their internal legal teams and what the marketing team wants to do.
The biggest thing that we hear from people is a general frustration, becuase legal doesn’t wanna be bad guys, right?
Jenny: They don’t wanna come in and say, stop all marketing that you’re doing. But they also need to make sure that they’re [00:13:00] compliant and protecting their organization. And so there’s typically this really big gap within organizations of what legal understands as far as what marketing is doing and what marketing understands as far as what legal’s trying to accomplish.
So with this three step process, we’ve really been able to bridge that gap successfully over the last couple of months since this bulletin came out, and we are really excited to help more organizations do it.
So it’s a three step process. The first step is audit. We go in and do a full documentation around all of the analytics tools, marketing tactics, CRM databases, anywhere perspective patients are touched or engaged with – all of that’s documented.
We then educate our clients about the three tiers of risks and help their legal team decide where they feel comfortable being within that three tier setup. And then we do a formal recommendations according to their chosen level of risk, based off of the implementation that we recommend and changes to their marketing tactics based off that chosen level of risk.
So I’m really [00:14:00] excited about what we’re doing right now, but can you explain a little bit about those three level or those three tiers of risk? Like why would one organization maybe choose one, whereas another organization might feel comfortable choosing another one?
Mark: Yeah, definitely. And, I will start off with that audit you talked about.
So that’s a really big one. I think one thing people don’t understand is there are stuff where your website, you may think that it’s not, but it’s passing PHI. That audit will really help you understand that maybe there’s things where people could have a login page or they could have a form submission.
And while you’re not grabbing anything from those forms, there are times where your website is designed that on the next page it passes stuff through the url and like we’ve mentioned, usually we set up page view tags to just grab all page views. So then when that stuff gets put in the url it’s not a good setup. We had this happen with a client not too long ago.
Their site was designed, the stuff got put into the url, so they were capturing actual email addresses and [00:15:00] sending them to Google Analytics without meaning to it all. And so though the audit will catch those kinds of things, and I think that’s really helpful. I think then what that leads into is the tiers you talked about.
Because once we kind of know some of those things, some of those issues you might be having, we can really determine whether you’re kind of high risk, whether you’re low risk. And that’s really what we’re looking for. So for example, in the audit, we may find that you have a lot of content on your site that’s very specific.
It talks about specific diagnoses or specific ailments. And so because of that, we would realize, oh, that may be a little more high risk. We may want to be concerned about passing that and stuff to Google Analytics. And so that’s something we can then bring to those tiers to kind of understand, okay, we might put you guys in this kind of higher risk tier because of all that content, but we may find sites that are a little more, generic, not in a bad way, but more that they’re talking about different plans you can sign up to or some [00:16:00] different information that will be in their newsletter.
So here’s the types of stuff we give you. Those kinds of things and those pages we believe wouldn’t actually cause any issues. So then that can be kind of a low risk. So it’s us looking through that site, looking through your kind of digital properties to understand where those things are.
And after talking to Drew, using his best judgment on kind of where would that fit.
So if you have pages that are about a lot of specific ailments or diagnoses or, diseases, whatever, that could be seen as that [00:17:00] PHI that we discussed, so then we could kind of put you into that more high risk kind of a bucket. Whereas if you have a more general site, speaking about, general information, so here’s stuff that we can send to your newsletter, stuff that you’d get on a monthly basis, like that kind of general stuff is not going to be seen as bad.
Are you talking about your different plans you have available? Different features or services for different things? None of that is gonna be seen as, as PHI. So then we can put that kind of stuff in low risk. So depending on what kind of site you have, then we can kind of understand where we should go, where we should not.
The other part of this is you mentioned legal. And so that’s an interesting conversation where there’s going to be a lot of gray area, some room for kind of interpretation, so to speak. I think we’re gonna find that some companies are gonna feel like, oh, we’ve gotta shut this down.
Mark: We can’t do any of this. And then we’re gonna have other companies that are gonna say, well, we’re okay doing this. We’re okay doing that because of how we’re [00:18:00] structured in the way that we work. Really we’ve kind of laid that out so that we give kind of an impression of here’s where we think your risk tolerance would lie.
We’ll also speak to your legal team or to your, leadership and have them understand, well, here’s where we feel like our risk tolerance is, and finding a nice balance there. So what we’d find is on a, high risk tier, or a low risk tolerance, however you wanna put it.
We’d find that like, you’re probably going to not want to just use a general analytics platform like Google Analytics. What we’ve found is that all your analytics platforms, based on the nature of how those work, are really gonna be collecting some of that PHI, the way that they’ve now defined it.
Mark: And so really what you’re gonna have to probably do is find an analytics provider that does sign a BAA with you or allow you to keep your data on your own server so you can protect it, and then really kind of control what goes out the [00:19:00] door. So you can see that with things like server side analytics, some of that may be an option for those kinds of companies.
And then for that low risk tolerance, you’d also probably not do many pixels at all unless you really were confident about what was being passed in that pixel. So we would kind of limit you in what you could do, right? That would be our kind of recommendation and our guidance. Whereas on the higher risk tolerance side, it may be that, okay, we’re all right with using these types of pixels.
But even then we would probably still kind of lean toward, well, let’s not put them on specific pages, right? Let’s not do specific things with those pixels. Let’s just do the bare minimum that we need to really kind of make our marketing work. And what’s gonna be interesting there is that without that official guidelines and with those kind of gray areas and how risk tolerant you are, it’s kind of interesting to determine how your competitive advantage will go up or down based on that, right?
Mark: Because without some consistent enforcement or consistent kind of definition of [00:20:00] some of these things, the companies that feel like they can be more risk tolerant, can kind of maybe have an advantage in the market over some of the others and kind of trying to bridge that gap is gonna be tough. But I think there are creative ways that we can help the low risk tolerance clients still get around and still make it work.
So there’s contextual advertising that we can use. Things like in Google ads where we can look for other things people have searched and then we can give ads based on those things, right? So instead, we don’t really know anything about them but we’re using the information they’re providing us at the time to really help them see that yes, we have some options for you.
Mark: So I think there’s stuff we can still do for those low risk tolerance, but it’s definitely gonna be a little bit harder of a road for sure. And then finally, there’s gonna be, like we mentioned, there’s gonna be gray areas. So there’s low and there’s high, and then there’s gonna be a lot of stuff in between.
And so I think we’re gonna have different points of yes, we’re okay using Google Analytics, but no, we don’t want to use these pixels. Or we’d rather just use, generic click tracking like a Lucky Orange or Crazy Egg or [00:21:00] something like that, which, we’re still not clear about if that’s passing user information, we think it’s probably okay.
But, again, still gray area and we’re all trying to figure it out right now.
Jenny: I think the thing that is exciting for me based off of our organization’s passion about improving patients access to care, is we’re trying to go in and help both groups be successful, right? Like we want legal to feel comfortable in the tools and processes that marketing is using, so they’re comfortable with the level of compliance.
And we want marketing to continue to be able to do their job and be successful. I think what’s gonna be really interesting is over the next year, watching as this continues to shift and evolve as case law does come out to be able to make it a little bit more definitive about how they’re going to be not only truly defining PHI, the importance of BAAs, but then, also, people’s perceived level of risk I think will continue to shift.
Well, thank you so much for being on today, Mark.
For any of you that are currently [00:22:00] struggling with this and whether you’re on the legal side or on the marketing side, know that we’ll be on your side and we’ll help both sides of the groups feel comfortable with solutions.
We’d love to work with you. Give us a call. We have just a couple of additional slots available over the next couple of months to take on some additional clients for consulting work outside of our normal client workload.
Would love to work with you, and help you solve this problem.
So have a great day and thank you for tuning in.
Is your team scrambling trying to figure out how to make your marketing analytics setup HIPAA-compliant with the new bulletin? Yep, everyone else is too.
Today, attorney Drew Westbrook joins the show to discuss the bulletin released by OCR in December 2022. In the bulletin, OCR expanded the definition of what information is protected under HIPAA beyond what most people have read in the law and completely changes the understanding of how marketers can and can’t use analytics tools as part of our toolset, including web analytics and call tracking.
Drew explains the biggest points of concern with the new bulletin, including IP addresses being identified as PHI under HIPAA.
We then shift the conversation to what healthcare marketers need to do to understand if their organization is at risk. Auditing data to understand the information being collected, where it is being collected from, and where it is going is a good first step. They also touch on state-specific legislation and if there is any real difference in data handling of covered and non-covered entities.
This (episode 16) is part one of a two-part series (episode 17)
Jenny: [00:00:00] Hi, friends. Welcome to today’s episode of We Are, Marketing Happy, a healthcare marketing podcast. I am so excited to have Drew Westbrook on with us today. A lot of marketers in the healthcare space have been frantically trying to understand the recent HIPAA-related bulletin that was released in December and Drew is an attorney that we absolutely love working with because he understands technology better than any attorney I’ve ever worked with.
So we have invited Drew on today to talk about the bulletin and help all of the marketers in the healthcare space really better understand what the bulletin says and what the implications are.
So welcome, Drew.
Drew: Thanks, Jenny. I’m glad to be.
Jenny: Awesome. to get us started. Tell us a little bit about your background and your area of expertise. How do you have such a good understanding about all of the things in the healthcare world? [00:01:00]
Drew: Well, I would say that I’m still learning all of those things, first of all.
But no I’ve been practicing for over 10 years at this point, and I started off kind of looking at business issues, and then picked up a few clients early on that I needed to start layering healthcare regulations on top of. And so, I started absorbing all that information. They also happened to be picked up a few early on technology clients and over the years as we like to joke, it’s called the practice of law for a reason. Constantly learning and getting embedded with my clients so that I can understand not just what the law says and tell it to them, but actually say, what do you need to be able to do? How does your software work?
How does your business run? How do you make money? And then how can I help you use the regulations to stay free [00:02:00] of trouble and also to actually help you succeed in business. It’s not just about avoiding liability, although that is a big part of it. It’s also about creating opportunities, exploring opportunities, and taking advantage of those opportunities.
Jenny: Absolutely. So let’s jump right into the bulletin. So the bulletin was released in December, and it’s about two pages long, but it has caused quite a ruckus. So walk us through some of the highlights.
Drew: Yeah. So, December of 2022 the Office of Civil Rights at Health and Human Services, which is the division of the organization that enforces HIPAA, published a bulletin.
It is a bulletin on the website. It is not a law, it is not regulation or rule. But because it is published by the division that enforces the law, it is worth noting because you don’t want to go contrary necessarily [00:03:00] to what the enforcer of a law says explicitly.
So they published a bulletin. OCR describes what tracking technologies are and how companies that are subject to HIPAA can use or shouldn’t use tracking technologies on their websites and on mobile apps. The most notable piece about it is that OCR kind of expanded the definition of what information is protected beyond how most people have read the law to date.
There’s always been a concept from the beginning of rule making under HIPAA that it’s not necessarily just direct information that a provider creates in treating a patient. There’s more to it than that. It’s broader than that, but what this bulletin has said is, information collected through tracking technologies on the website of a covered [00:04:00] entity, which is an entity that’s subject to HIPAA can be considered protected health information and therefore subject to all of the rules and regulations under HIPAA.
And this is a little, it’s a little interesting because the bulletin distinguishes between authenticated portions of webpages, unauthenticated portions of webpages and mobile apps, as well authenticated portions of a webpage. You can just feel that’s different, right? If you log in, especially to a patient portal or something like that, you do expect more protection for your information inside that access point.
But if I’m just browsing the webpage of a healthcare provider, even as a patient, I’m not necessarily expecting that any information collected about that visit would be protected information Now, to be fair to the bulletin, that’s not exactly what it says. It’s maybe more targeted than that.
But there is [00:05:00] some sweeping language that OCR included in the bulletin. I mean, there’s one point where it says that when a regulated entity, I’m reading now, so I have my notes here, but when a regulated entity collects the individually identifying health information through its website or mobile app, the information connects the individual to the regulated entity and thus relates to the individual’s past, present, or future health or healthcare or payment for care, which then triggers the privacy rule.
But the problem is that it’s saying collection of information connects the individual to the regulated entity and thus relates to an individual’s healthcare.
So I’ll give you a quick example of why this is really broad sweeping. I, as an individual, I represent companies that do business with healthcare providers. When I have a new deal that a client is doing with a healthcare provider, I go to that healthcare provider’s website.[00:06:00] Often I’m looking at things like what their notice of privacy practices says, information about exactly what they do, that sort of thing.
It helps me, again, inform how to help my client get a deal done. A lot of these are in states that I’ve maybe even never visited and have zero relationship to that entity, but, the company has a cookie on its website and it collects my IP address, but now it’s got individually identifiable information about me because I’m typically, not as the bulletin says, I’m not accessing it from a public library.It is from my my personal laptop on my home network.
So that IP address is gonna identify me, and that starts to get into really significant issues for marketers. And for the owners of the websites about what do they do with all of the tracking technologies that are used on pretty much every website [00:07:00] that’s available these days.
Jenny: Yeah. And Drew a great, another real world example is all of the folks in the healthcare space, or I’d say 95 plus percent, use Google Analytics to track their website traffic. There is a setting within Google Analytics where you can obfuscate or not collect the IP address. However, the bulletin also makes it pretty clear that if that technology has the ability to access the IP address, it’s still not compliant.
Even if you tell it not to, it still is now at this point not compliant, and that really completely disrupts and shakes up everybody’s setup. And what previous to this bulletin we thought was okay.
Drew: Yeah. And that’s the tricky part is you know, if you grant access to information, then that could be considered to be triggering a business associate relationship.
And in the same way, I guess you could look at [00:08:00] it as if OCR calls it in a separate section of this webpage, a cloud services provider where you’re storing your information, even if that information is protected and the hosting company doesn’t have the access key, that cloud services provider is still business associate because they are maintaining, they’re hosting that data.
So it’s similar in one sense. It’s the reverse. But if you grant access to, or even if you don’t grant access to that data, then you are providing access and disclosing and triggering the privacy rule.
Jenny: I think what’s really interesting and what people are gonna have to come to terms with is that no service will sign a business associate’s agreement if you are using their service at no cost.
Right? Why would they take on that risk and liability if you aren’t even paying for the service. So I feel like this really is a line in the sand where analytics will [00:09:00] no longer be free. We can’t rely on using these free off the shelf platforms anymore and have comfort in being compliant.
Drew: Yeah. I think there’s a couple of factors going on with that.
I mean, one is it’s good practice. I shouldn’t say everyone. Some people sign business associate agreements and you look at it later and you say, why did you sign that? Right? But more often you avoid business associate agreements to the extent you can legally because you don’t want to take on that additional obligations.
Even if just contractually. They’re not saying a whole lot more than what you would agree to, but a business associate agreement is gonna have obligations that you would not otherwise contractually agree to if you weren’t bound by the law. Things like access rights for individuals and those sorts of things.
So currently there’s really no reason why these providers of analytics who say I’m not subject and who have traditionally said I’m not subject to HIPAA, would agree to a business associate agreement [00:10:00] that’s just added liability, especially if they’re not getting paid. On the other hand, I could see going forward, if we get enough concrete evidence that this would, this interpretation by OCR will hold up, then you might start to see more players agreeing to business associate agreements. You will not see them agreeing to anybody else’s business associate form than theirs. They’ll create their own.
It will not be negotiable. It will be favorable to that company. But you might see that, I don’t know if you’re gonna see that with at no cost. That would surprise me. But I think, there’s, there are quite a few lawsuits out there that have been filed relatively recently. Some before, I mean many before the bulletin came out.
But this is a ball that’s rolling downhill. Albeit [00:11:00] very slowly at time, but people are considering privacy more and more in the US you know, and outside of the US maybe in Europe it’s a little different, but so there are lawsuits out there that may start, and there will be more for sure.
I don’t know that, I guess with a hundred percent certainty, but I would imagine that you’re going to see more and more that are gonna start using the OCR bulletin as part of their reasons why. Using some other standard, because there’s no private right of action under HIPAA, but using some other standard why someone violated a right or didn’t use a industry standard practice because OCR has said that this is not permitted.
If we start to see that’s going to work, then the courts will say yes, that we agree with OCR. Or you start to see OCR enforcing this and winning. Or you start see them enforce and people roll over [00:12:00] enough. Then you might actually get some movement with some of the bigger players of understanding that their tool will not be used in the healthcare industry if they don’t make some sort of change. But it we’re a long ways away from that, I would say.
Jenny: And I’m sure no organization wants to be the case study, right? Nobody wants to be the one that they end up being the case law that changes the direction of what can happen.
Drew: You know, no, most people don’t. There are a few people out there that that love the challenge and that feel strongly enough. You know, in healthcare people don’t tend to be very risky, not even tolerant, but you know, they don’t like to push boundaries except in certain areas of the law and he.
People are scared of HIPAA to the point where, you know, I’ve seen a lot of people interpret HIPAA [00:13:00] more conservatively than it needs to be in a lot of situations of, oh, I can’t provide information because HIPAA prohibits it. And you say, well, that’s not true. I’m the patient. This is my information.
I can actually demand that you give it to me. So, but you’re right there. Nobody wants to be the case law. Nobody wants to be the guinea pig for pushing this boundary. Maybe some of them do. Because unwittingly, they don’t know for sure. And they’re gonna be the guinea pig because they’re either they don’t read the bulletin or somebody’s read the bulletin and it doesn’t get passed to the right people, or they don’t understand it. And they really continue to use these tools because they’re valuable tools. And in one sense, some of these companies that are placing the tools on websites to kind of have your information either way.
That kind of thinking might lead to some companies saying let’s keep going.
Jenny: Well, and one of the things, one of the very first conversations we had with you, we were trying [00:14:00] to talk about and explain, you know, what Hedy & Hopp does and our passion for improving patients access to care.
And one of the things that we talked about is it doesn’t matter what your intent is. It doesn’t matter if you feel as though you are helping patients. By having this tracking technology on your site, OCR does not care that you thought you were doing good by doing it. They have their own perspective of what tracking technology is and is not.
So they don’t care if you thought you were being helpful,
Drew: Not for whether or not you violated. I guess I would being the typical lawyer. I would say that technically they do care what your intent was, for criminal purposes, but not of whether or not what you’re actually doing is violating HIPAA, that is not intent based.
Jenny: Absolutely. Okay, so next question. So if I were a healthcare marketer within a organization and I [00:15:00] needed to look at everything that my organization was doing, what’s some super high level advice that you would give them as a starting point of understanding if they’re at risk or not?
Drew: The first thing that I would say is do a data map. You. You need to know what information you’re collecting from where you’re collecting it, and then where it’s going, whether it’s going temporarily, whether it’s going and staying, and who has access to it.
You need to figure out everything you can about the data and the information that you have and are getting. That’s a big task for certain organizations, you know, for bigger entities that have a lot of brands, a lot of different websites. That’s a lot. And I understand that. But it doesn’t change the fact that you really do need to know what you have, where you got it, [00:16:00] where it’s going, and who can get it.
Jenny: Totally. That is excellent advice and that is what we do for our clients as a first step is we go in and we do a full audit and map out not only all of their tracking technologies, but all their digital marketing practices and data storage. So it’s important to also think about where you’re placing ads and how you’re doing it.
Let’s talk a little bit about state specific legislation. I don’t wanna get into the details of it but I’ve had a couple of clients reach out and just saying, you know, we care about this bulletin, but also state specific legislation. But really we’re at the very beginning stages of state specific legislation, right?
I mean, there are less than a handful of states that have any sort of privacy related legislation. Now over the coming years, we may see more, we’re really at the tip of the iceberg for that.
Drew: I mean, pretty much every state has two, we’ll call it two laws related to privacy that are applicable here.
There’s a medical [00:17:00] information privacy law, and there’s a breach notification law. Those are typically really limited in scope. The breach notification is simply that it is, you know, if you disclose whatever, however they define the information of an individual, if you disclose it improperly, you have to notify someone. The patient, the attorney general, somebody.
And then the medical privacy is really kind of when we’re talking, when we’re trying to generalize over 50 states. They are really more of a, you know, your doctor shouldn’t go publish your information online, well, shouldn’t post it on a billboard, you know, it’s a lot of these are antiquated technologically in one sense. Plus HIPAA is going to preempt any state level law related to health information privacy that [00:18:00] is less restrictive than HIPAA. So if it’s more restrictive than, you know, the federal government says, great, those rights apply.
Those obligations apply. But if it’s not as restrictive as HIPAA, then HIPAA’s gonna preempt it. Now on with some of the newer laws at state levels, we’re getting a more comprehensive privacy regime. That’s more like the GDPR in Europe, Again as you said, there aren’t that many. We really only have two that are in effect currently three more coming into effect in 2023.
There are others kind of in the pipeline, but those are in the very early stages of the pipeline and also all of the laws that are going into effect, or are in effect, have some sort of carve out for health information that’s subject to HIPAA. It could be that it’s you know, HIPAA covered entities are excluded or in, you know, PHI as HIPAA defines it is [00:19:00] excluded.
You really need to look at the specific statutes and regulations to make those determinations, but they definitely will apply to tracking technologies and what you’ll see in the state level is you have to be careful because you may not as a company be excluded from that state law. It may be that certain types of information are excluded or if you handle that information in a certain way. Meaning if you take data and you apply the HIPAA standards to it, maybe it’s excluded, but anything else is going to be covered and protected by that state level law. And a lot of those laws are, you’re gonna see that tracking technologies, sharing that information with a third party vendor who places a cookie on your website, for example.
That could be considered to be information which is gonna trigger additional obligations and individual right. [00:20:00]
Jenny: So definitely something to keep an eye on. And it’s it’s interesting all the different directions marketers are getting all of this guidance from. So one of our big sayings and core values at Hedy & Hop is Pivot with Positivity because tomorrow the rules are gonna change.
Drew: So I like that. Yep. I’m gonna use that if that’s okay!
Jenny: Of course. Yes. I’m happy for you to use that. Last thing I’d like to chat about with you. I know we’ve been talking a lot about covered entities because that’s what this bulletin specifically discusses. However, the FTC has recently fined GoodRX, who is not considered a covered entity.
And so whenever we’re thinking about healthcare organizations that need to be aware of how they’re handling patient data, at the end of the day, it really doesn’t matter if you’re considered a covered entity or not, right? You still need to have the same level of care and concern for the data that you’re collecting and storing, because [00:21:00] if it’s not OCR coming after you, it may end up being the FTC.
Drew: Yeah, that’s true. You, when you say concern, I know that you’re not speaking in the legal sense. And that’s great because I think it really is important for companies to care about the individuals that they collect data from, care about their rights or their privacy.
It’s important and it’s good business at this point. If you can’t take care, if you’re gonna constantly have data breaches or just be disclosing people’s information it’s at some way, at some point, not going to end well, but you do have a little, maybe a little bit more freedom or leeway than if you are not a covered entity or a business associate of a covered entity and subject to HIPAA.
But you’re right, it doesn’t mean that it’s completely free. You can’t just do anything that you want. The FTC they’re more concerned with are you complying with your [00:22:00] privacy statements. That’s one thing that you’ll see.
And one thing that you could see if you are a HIPAA covered entity or business associate you know, there, there is a case in the past where someone said they were HIPAA compliant and used a logo on their website. There’s no certifying agency for whether you were HIPAA compliant.
You can get certifications for privacy and security. You know, HITRUST being one of them, and that’s more healthcare specific. But if you say that you’re HIPAA compliant and then it turns out you’re not HIPAA compliant, well, you might have the FTC and OCR coming after you. Or if you’re clearly stating that you do something in your privacy policy that’s on your website and you’re not that’s also something that the FTC could be concerned about.
Jenny: Excellent guidance. Well, Drew, thank you so much for joining us today. I’ll say Hedy & Hopp really appreciates your partnership in making sure that we look at our clients’ work [00:23:00] through the correct lens. So the education and partnership has been wonderful, so thank you Drew.
And for all of the listeners, I’m gonna go ahead and link to Drew’s LinkedIn as well as his company’s website in the show notes. So if you have any additional questions or want to reach out to him, you’ll be able to find him easily. So thanks for being on today, Drew.
Drew: Jenny. It was a great time.
On today’s show Jenny is pleased to welcome William (Skip) Hidlay, Vice President and Chief Communications and Marketing Officer for the Ohio State University, Wexner Medical Center, to talk about the exciting things he’s been doing in the world of content marketing.
Skip has been in his role for over two years and in that short time, he’s already accomplished some truly impressive things. When he arrived, the Ohio State University, Wexner Medical Center was dealing with the winter surge of the pandemic, and as part of their outreach and branding strategy, Skip positioned the physicians and scientists of the center at the forefront to help counteract the misinformation that was spreading.
As he got to work, Skip realized that there were 11 different websites with no unified storytelling strategy. He envisioned a new website that would bring together the brand, storytelling and messaging into one cohesive platform. In just 9 months, Skip and his team built and launched Ohio State Health and Discovery which launched in January 2022 and is a true labor of love for everyone involved.
Skip’s team strategy was to create an integrated organizational design that blended traditional disciplines to create a brand marketing and content strategy to create a hybrid of a content marketing agency and a traditional newsroom.
His passion for marketing and his ability to bring people together to achieve great things are truly inspiring. His work at Ohio State University Wexner Medical Center is a testament to his expertise and passion for content marketing.
Website: health.osu.edu
Connect with Skip online: https://www.linkedin.com/in/skiphidlay/
Connect with Jenny online: https://www.linkedin.com/in/jennybristow/
Read the show’s transcript:
Jenny: [00:00:00] Hi friends. Welcome to today’s episode of We Are Marketing Happy. Today I’m so excited to have William Hidlay. He goes by Skip. He’s the Vice President and Chief Communications and Marketing Officer for the Ohio State University, Wexner Medical Center. Welcome, Skip.
Skip: Thank you, Jenny. I’m so elated to be here.
So I’m William Skip Hidlay. I’m the Vice President, Chief Communications and Marketing Officer for the Ohio State University, Wexner Medical Center. And I love talking about marketing and things that make marketers happy, so I really am honored to be here with you. So thank you for the invitation.
Jenny: Of course, and you’ve been doing some really wonderful things.
I specifically wanna focus and talk about content marketing today with you, Skip. I know that you’ve been in your role for less than a year and you’ve accomplished some really impressive things with content marketing. So talk to me about what the content world was like whenever you joined the organization.
You had mentioned to me before that there were 11 [00:01:00] different websites, but no unified storytelling strategy. So talk to me about your approach in evaluating the state of the state and the strategy that you developed.
Skip: Well, thank you, Jenny. Yeah, I actually have been at the Wexner Medical Center at Ohio State for a little over two years.
And so when I arrived in November of 2020, it was right as we were starting into the winter surge of the pandemic, really into year two of the pandemic. So it was a really interesting moment in time and provided a lot of opportunities for amplified storytelling using our experts at Ohio State. Our physicians, our scientist, to help sort of clear up what I would say was a rampant amount of misinformation that was going on. And so we really, as part of our outreach and branding strategy, we positioned our physicians and our scientists out front, and we did regular news media briefings. Our top leaders appeared regularly [00:02:00] with the governor of Ohio on his news briefing.
So we did everything we could to really counteract misinformation, and that really was part of our public service as well as our continued work to build our brand. So while I was doing all of that work, I had to sort of take inventory of where I had landed. And you’re correct, there were 11 different websites in the space of medicine, health, science, and wellness.
And each of them had, you know, reasonably sized audiences, but there was no unity. It was sort of, everything was kind of balkanized into silos. And of course in a large complex university and academic medical center setting, very difficult to merge websites. People liked having their own websites. And so I came up with the idea to create a brand new website that focused on uniting the brand storytelling and the brand messaging from all of the platforms into one platform that would sort of sit above the other [00:03:00] 11 websites, so was able to make the business case for this, was able to get the capital needed, and in nine months we built and launched what we call Ohio State Health and Discovery.
And the URL and for your listeners is health.osu.edu. Again, I’ll say that health.osu.edu and I, you know, encourage everyone to go take a look at it.
We’re really proud of it. It’s been a true labor of love for everyone involved on the team. We launched it in January of 2022, so just a little bit, almost a year ago, a little under 11 months.
Jenny: That’s wonderful and we will put that you URL on the show notes as well to make it really easy for folks to be able to visit the website.
So talk to me a little bit about your team strategy. So the strategy as far as creating this new website so that each of the individual groups did not have to give up their existing websites absolutely makes sense. But you also had internal teams that [00:04:00] were working in silo. So how did you develop a communication process internally, and how did you get everybody working in the same direction to be able to successfully launch this website in that short of a timeframe?
Skip: So, it’s a great question. Yeah. So my role was really a new role that was created to unify three previously separate teams, the Wexner Medical Center team, the James Cancer Hospital team, and the College of Medicine team. And then we have collaborative relationships with Ohio State, six other health science colleges.
So the way we did this was I first created an integrated organizational design that created one structure out of previously three structures. I did some blending of traditional disciplines, so, the traditional name of communications really didn’t appear, you know, so we created a brand marketing and content strategy, like, like to call them ecosystems rather than, We had our digital strategy and [00:05:00] marketing team, and then our growth marketing and reputation team, and they sort of intersect with each other.
And then we created a number of collaborative team-based meetings at which we would start to operate like a hybrid of a content marketing agency and a traditional newsroom. So it’s kind of a blend of the two approaches. And then in terms of the building of the website itself, I was the executive sponsor of that project, but I attended and directed every single meeting.
We had weekly meetings, and we involved all of the key stakeholders, both the leaders of marketing communications for the seven health sciences colleges, the Wexner Medical Center and the James, but also providing regular updates to the senior leadership team of the organization, the deans of the health sciences colleges to really create buy-in and a feedback loop as we are creating the new website.
Jenny: That’s wonderful. Talk to me about how you were able to get physicians and other subject matter experts excited about [00:06:00] participating in the content strategy.
Skip: Well that is a great question and you know, again, we have well over 2,000 expert physicians, scientists, different areas
And so what you have to do is find, what I like to say, Jenny, is we work with the willing, so we try to find those experts who are willing to invest some time, go through some media training, and then work with us to, you know, share their expertise. Ohio State is a land grant mission-based organization. So the good news is that the large majority of our physicians and our scientists willingly make their time available to really help educate the public.
They consider that a key part of, you know, of their personal mission and the organization’s mission. So it’s really not hard. The biggest challenge is they’re very busy and we have to sort of, you know, create our calendars to fit with their calendar. The other thing that we did to make it easy for them is [00:07:00] we actually built a video studio right in the heart of the medical center campus.
We expanded the size of our video storytelling team, and we created a professionally designed TV set right on campus. You know, with branding for both the Wexner Medical Center, Ohio State and the James Cancer Hospital, and so it makes it easy, they can just walk out of the hospital, not even a half a block away, and all of a sudden they’re in a really professional video studio.
So we can. Record interviews for the news media if we get particular video, you know, news media interview requests. We also record our own programming for Facebook Live and for YouTube. So it’s just a another little asset to have in our, you know, in our arsenal of media assets.
Jenny: Yes, that’s so brilliant to do it, to make it so easily physically accessible.
Talk to me about measuring results. Whenever you talk about content, so often people just talk about clicks and views. How are you measuring results and how are you communicating it to the rest of the leadership team?
Skip: [00:08:00] So, great question. So for we, we measure everything we do in many different ways and we’re constantly measuring it.
So one of the things that with particular focus on the new website, Ohio State Health and Discovery, there we measure your traditional, you know, sort of input. So we look at, you know, how many visitors, how many users are we attracting, you know, what’s the number of sessions and what’s the number of page views?
And I’m happy to report that we just earlier this month, crested 3.1 million users since launch.
Jenny: Congratulations.
Skip: Thank you. At 3.8 million page views. And I will say they’re, it is for me, the fastest growing website I’ve ever, you know, been involved, you know, with helping to create. And the team, you know, huge credit goes to our extended digital strategy team.
And in particular we have a very strong, small, strong, and mighty team. And so we really went into this, when you build a new website, really heavily focused on the optimization and how to make this [00:09:00] really visible in Google search. And what’s really interesting is 70% of our traffic, and it’s held constant since launch, 70% of our traffic has come from organic search.
Jenny: Wow.
Skip: So part of what we do is we really pay attention to what is trending, not only on social, but what is trending in terms of queries related to health topics in Google. And we use those to design content. And then the other thing we do is we’re constantly looking at older content that performed well and looking for opportunities to update that content, you know, for whatever moment in time we are in.
And then the final piece that we do is we really lean into our physician expertise and our scientific expertise, and we’re trying to humanize who these folks are. So we do a lot of deep profiles and content packages that I would say is kind of a hybrid of a personality profile and an explanatory science story.
And then we actually spend a lot of time [00:10:00] looking at the individual views those stories get time on site, how long are people spending with the content? And then from those, we continually are running little experiments to say, okay, well we shorten this if we add more photos. What we’re trying to do is make our content very accessible, both on a desktop and a mobile environment, either a phone or a, or a tablet.
What’s really interesting, we’re doing a lot of experimentation with immersive multimedia storytelling, so lots of photos, videos on page, breakout quotes, so that you can either deeply read the content or you can skim it and scan it and you’ll still get a lot of, a lot of value from it. And so lots of different ways we’re monitoring it.
And then in the social media space, we’re obviously always pushing our content out on all the social channels. And then we monitor. The one we really like to monitor is engagement and followers, and really try to grow the number, the size of the audience that [00:11:00] across all the platforms is engaging with us and following us.
Jenny: So the holy grail question of measurement is have you been able to develop any sort of tie-in driving new patient appointments?
Skip: Yeah, we have, uh, we have just implemented our second generation CRM system.
Jenny: Nice.
Skip: And so we track everything we do to make sure that in terms of particular growth marketing means, you know, as opposed to sort of pure brand building campaigns, we really put focus on both types of market.
We’re able to track and get to the point where we’re coming close to true ROI. Not quite there yet, but we’re being able to determine exactly how much volume we’re driving to particular locations. One thing I will note, we open, we’re on a huge expansion clip, and so we’ve opened two very large multi-specialty ambulatory clinics, and when I say large,
The first one was 250,000 square feet, and the second one was 275,000. So they’re almost like mini [00:12:00] outpatient medical centers. And those, we really hyper-focused on multichannel, omnichannel growth tactics, and both are far exceeding the goals the organization set for them. And the marketing team has derived a huge amount of credit for helping to really drive those volumes through the campaigns that we’ve been running.
Jenny: That’s wonderful. Skip. It’s great to hear all of the progress you’ve made in such a short period of time, of bringing together only all of these different dispersed marketing teams, but really having a net positive impact for so many different locations and patients. So kudos. So what’s next? What are you gonna focus on next?
Skip: Well, that’s a great question. What we’re working on now are some omnichannel campaigns to first grow. Actually, one we’ve already launched is to grow our, you know, cancer, our brand as a comprehensive cancer center, as well as our volumes in cancer. So we’re really spreading that not only in central Ohio, but down into southwestern Ohio.
So it’s almost not quite a statewide campaign, but pretty far. And again, [00:13:00] starting, you know the manifesto, 60 and 30 second spots. We’re doing some real experimentation now with ten second pre-roll across YouTube highlighting in particular areas of the cancer program. So that’s so far done very well.
And now we’re in a little bit of a rinsed repeat. And we’re actually right now as we speak, producing similar campaign for our heart and vascular service line. And then next up after that we’ll be our neuroscience service lines. So those are kind of the big three. The other thing that we’re really hyper focused on, as are many people in the healthcare space, is recruiting more and more staff members, nurses, surgery, operating room tech, technologists, what they call surge techs, environmental services, you name it, we have openings.
So we actually, our team, in partnership with our human resources team, we run all of the recruitment marketing. So we have some very creative campaigns in market. Leaning into our brand as Ohio State [00:14:00] Buckeyes and why people are proud to work as a Buckeye in healthcare. And so there’s a lot going on social channels.
It’s very creative where we’re using our own employees and staff members to really help recruit other folks to the organization. So that’s done very well. And we again, receive a huge amount of credit tracking how many, you know, how many applications we’re bringing into the environment. And then obviously it’s up to the recruiters to try to convert those new employees.
But we’ve been very successful in that space as well.
Jenny: That was wonderful, Skip. Thank you for sharing all of this information. I’m sure our listeners are gonna be excited to dig into the website to be able to learn more. Again, I’ll put that in the show notes. Then I’ll also put a link to your LinkedIn profile in case anybody’s interested in reaching out directly for more information.
But thank you for being on the show today. Skip. It was a joy.
Skip: Thank you Jenny. It was really fun. As I said, I love to talk about marketing and communications and digital strategy at any time, so thank you so much and thank you for the great work you and [00:15:00] your agency are doing because it’s important to, to help a lot of different folks in a lot of different spaces get better at this work.
Jenny: Thanks, Skip.
What do you do when your internal surveys show your patients are thrilled with their care….but your external online reputation is terrible?
No one knows this better than today’s guest, Cindy Graham, Director of Digital Strategy at St. Luke’s Health System in Boise, Idaho. Cindy has worked in healthcare for almost 25 years and has been in her current role for almost a decade, which gives her a unique position to be able to share the changes that have happened during that time and the areas that she and her team are focusing on now, going into the new year.
The discussion begins with one of those areas – reviews and online reputation management. Cindy gives insights on how she turned an overall poor rating into an overwhelmingly positive one over the last year while boosting the number of reviews by nearly 20 times!
They also discuss the delicate balance of budgeting with the need for additional healthcare space and constructing the hospital system’s image and reputation in the community both in need of important funding. Jenny and Cindy end by talking about continuing education, mentorship, and other ways that you can help your organization now as you continue along your career path.
Connect with Cindy online: https://www.linkedin.com/in/cindygraham5/
Connect with Jenny online: https://www.linkedin.com/in/jennybristow/
Read the show’s transcript:
Jenny: [00:00:00] Hi, I’m Jenny Bristow and I’m the CEO and founder of Hedy & Hopp, a healthcare marketing agency based in the Midwest. We started the We Are, Marketing Happy podcast because of our passion for improving patients’ access to care. And understanding the innovations and shifts in the healthcare industry are key to making that happen.
Please follow, share, and let us know what topics you’d like for us to cover next. Enjoy!
Hey friends! Welcome to today’s episode of We Are, Marketing Happy, a healthcare marketing podcast. I am so excited to have Cindy Graham with us today. She is the director of Digital Strategy at St. Luke’s Health System in Boise, Idaho.
Cindy, you have been at St. Luke’s for 12 years, but you’ve been in this particular role for seven to eight years.So I think it’s a really cool opportunity when somebody’s been in a role for so long to kind of step back and kind of take the view of what you tell your younger self, or what would you [00:01:00] tell somebody who’s entering healthcare marketing for the first time. So I’m really excited to dig into a couple of different topics with you today.
Cindy: Welcome. Thanks for having me. I’m happy to be here.
Jenny: So one of the things that, I really wanna talk about is, I know that less than a decade ago, you had mentioned in a prior conversation that your organization had only one brave soul managing the entire website, and you had really no digital to speak of.
And I will say through our experience and all the systems we work with, that was such a common place for organizations to be. But you have stepped in and now you manage the digital team and there are other groups within the organization you collaborate with to make sure that you’re really providing the best and easiest access to patient care.
But let’s talk about some of your group’s key wins in particular – Reviews. So reviews are an area that [00:02:00] providers can be really afraid of. Honestly, providers in general are always worried that all of the reviews will be negative, and there can be a lot of fear around purposely trying to get more reviews.
But you had mentioned that 18 months ago your organization received about 250 Google reviews a quarter. Now you’re receiving 5,000. So talk to me about this initiative. Why did you take this on?
Cindy: Yeah, it was really good timing actually, because everything we had been working on with respect to our website and patient access had redirected towards covid response support.
So our regular old digital roadmap for all the things that we had planned to do for the organization was kind of put on pause. And we were very dedicated to the covid response but then also it kind of slowed the rest of that stuff down to give us an opportunity to look at what other things we had we just hadn’t been able to get to.
And one [00:03:00] of those things was proactive management of our online reputation. And when we really looked into what our current online reputation was, we were stunned with how bad it was because we know that we provide excellent patient care and we receive great feedbacks through our cap surveys and all of that kind of feedback that we collect but we don’t share publicly.
So we started with a bit of discovery, not only with kind of what our reputation was out there in the online wilderness, but also kind of what our internal leaders and physicians thought about us pursuing proactive online reputation management. And we found two things. The first was that our online reputation was pretty poor.
We know that when people are motivated to post on their own right, when we’re not asking them to do so, they just are motivated to post on their own. They’re typically motivated by an extreme experience. It’s awesome when that extreme experience is really [00:04:00] good and they’re posting something glowing about your clinics, your providers, or you.
But sometimes they’re motivated by something that really disappointed them or frustrated them. We were seeing significant percentage, I think 35 to 40% of the reviews that were being posted about our physicians, our clinics, and our hospitals were, were negative and challenging. And then the other thing that, that we discovered as we were asking questions internally.
Was a lot of hesitation to ask for more reviews because people were like, why do we want people to tell us more things, more bad things about us? Right. Especially some of the providers that, that had been a little pummeled, right? They felt really, really reluctant and really demoralized, I would say, because, you know, they go into work every day with patient’s best interests in mind, doing their best with schedules and during a [00:05:00] really stressful time during a pandemic, we’re trying to certainly care for people with covid, but then there are people with a lot of other things too, who had limited access and stressful situations. And so they really felt like this would be something that would demoralize them further.
And so I knew that we had the opportunity to shine a light on the great work that they were doing, and I felt like this would be a good way to do it, but I had to convince. So what we, ended up recommending was a six week pilot, right? Our health system is the largest in Idaho. I know that there are many larger health systems across the country, but we have eight hospitals, about 250 ambulatory care clinics, and then other lab imaging surgery centers.
So it, it comes out to about 300 plus locations. All of those have their own Google business listings and all kind of stuff. I really wanted to make sure that, that we proved that this could work. So we invited five [00:06:00] ambulatory clinics to participate in a six week pilot, and I included the providers that were the most scared, which I’m pretty excited to report worked out pretty well
But it was a risk, right? You know, they were nervous. And I said, just take this leap of faith with me and we’ll see what happens. And then we’ll adjust and decide after six weeks. So we started small and we texted patients after every appointment as long as we only sent one text every 90 days.
That was our rule. If they came in next week, we wouldn’t text you again. We don’t wanna pumble anybody. 80% of the time we asked for a comment about the provider. 20% of the time we asked for a comment about the clinic, and we received all of that feedback. Then we’d also ask somebody if they wanted to post to Google.
And sometimes they say yes, and sometimes they say no, and that’s okay. But we would get all of feedback. And what we found in that pilot period was that 98% of what [00:07:00] we received was five star positive, positive, positive. And it was awesome because what it proved to those providers and to the organization was that the excellent patient experience that we strive for every day and that we’re committed to deliver is being seen and recognized by our patients and their families. All we’ve gotta do is ask them to let us know how, how it went. So over the proceeding or the following, six to eight months, we rolled out the program to each of our additional service lines. So we have about 11, you know, everything from primary care and children’s to cardiology, oncology, orthopedics, all the specialties.
And we’ve been fully rolled out now for about a year, and our reputation score has increased dramatically. We went from kind of, I would call it poor and sad, [00:08:00] and we didn’t change anything about our patient care. All we did was ask people to tell us about their experience. And so now it’s a better reflection of our actual patient experience and our reputation.
Scores across the board have gone through the roof. So we were getting about for all of our locations and all of our employed physicians, which totals about 17 to 1800 entities in total, we were getting about 200 Google reviews a quarter that were 35 to 40% negative.
Today we get around 5,000 Google reviews a quarter that are 98% positive. And that being able to share that reporting back with physician leadership groups that they can then share with their own colleagues and sharing it with our executive leaders and our clinic managers. I am so proud [00:09:00] because we didn’t really do anything but reflect back how the patients truly feel about the work that they’re doing, which has been really important after such a tough period.
That’s
Jenny: so wonderful, and I love your approach about including the people that are most afraid of the initiative in the trial rollout because it really helped make sure that you got organization wide buy-in immediately, but it was a risk, and that’s something that I think people early on in their careers likely would be afraid of.
So that’s definitely a great piece of advice. One thing that struck me during a former conversation that we had is you have a pretty good process for deciding as a system, really for responding to or not responding to reviews. How do you decide when you engage with someone or what resources you provide to them?
Cindy: Yeah, so we set up a foundational rule that, well, and this is how he initially started, let me say, a foundational rule [00:10:00] that we were gonna respond to every single review. And for the most part, that is what we do. We thank everyone, whether it’s a positive or negative review, we try to do so within 24 hours.
Sometimes it’s, it’s closer to 48, but, but we wanna make sure that we are responsive and anybody who gives us feedback understands and believes that we’re listening and that we care about their feedback because it’s true. And we do. And especially when those comments are negative, or they express some disappointment or frustration.
We want them to know that that matters to us and that we’re going to ensure that there’s visibility to that feedback internally. Sometimes that comes through me and I will share it with clinic managers, but other times when the feedback is tougher, let’s say, we do have a process with our patient relations department where we escalate for [00:11:00] for follow up.
And I think that that has been extremely successful as well for a couple reasons. First of all, we wanna make sure that those patients and families that have concerns immediately have a pathway for follow up. So, so they can make sure that the organization understands what happened and can learn and be better next time.
Or sometimes there’s just needs to be more communicative or provide an explanation on why certain decisions are made or why things happened in the way that they did, and that gives the organization a chance to connect with that patient and family and have that conversation outside of a public space.
Right? We, we don’t, we don’t want to have lengthy patient care conversations on Google. Not only would that be a HIPAA violation, but that wouldn’t be a great customer service experience either. So we route people into that process. But in terms of responding or when not to respond, I think we’ve learned some pretty good lessons.[00:12:00]
This country has had a politically charged climate for a while. I don’t know that that will change anytime soon and, and sometimes people will use Google reviews as a place to complain about things that aren’t really that specific to patient care experience. I mean, they might have touched a patient care episode.
I’ll just use a simple, easy example. Someone complaining about having to wear a mask in our facility, you know, for safety reasons. Around during the Covid pandemic, we had a lot of Google reviews posting us about the fact that they disagreed with having to wear a mask. The reality is that it’s a safety issue for our patients, our providers, our staff, and we need to protect our patients in a safe care environment.
But some people would just want to argue with us there. And it was almost posting something to debate us into a debate about philosophy that [00:13:00] we were never going to change their mind and so we look carefully for things that just seem to be trying to pick a fight when they’re more general and they’re not specific to patient patient care episodes and encounters and we don’t respond to those.
One other thing that I think is important to mention though is, is in the same vein, sometimes people will post things that give you an opportunity to reinforce your organizational values. So you’re not talking necessarily about an individual patient encounter, but you are talking about what’s important to you as an organization and, and standing up for what’s right.
I’ll give you another example. So we flew pride flags proudly throughout our health system during Pride Month, and we had a Google Review posted about how upset somebody was that we flew a pride flag, and that just gave us [00:14:00] the opportunity to respond and reinforce our organizational values, which is everybody’s welcome here, and we care for everybody.
We’re a welcoming and safe space for everybody in this community. It gave us the opportunity to reinforce that, not just for the person that commented, but for everyone else that reads that comment. I think it’s important that when you have those opportunities to reinforce your organizational values so the community understands who you are, that that’s a good opportunity to do that.
Jenny: That’s a beautiful way to look at it. Let’s talk a little bit about budgeting, because one of my favorite things about healthcare is the wonderful people that work within healthcare, but one of the most difficult things is that marketing budgets have to be considered alongside clinical and operational and many other very, very important budgets.
So as you are creating your priorities for the year and as you’re thinking about what you want to do to [00:15:00] really improve patient’s access to care, and provide a better digital experience, what do you do to try to ensure the success of your projects actually being approved during the budgeting process, and then making sure that they’re supported really for the long term, and it’s not something that you allocate money to for a year, and then it died on the vine the following year?
Cindy: You know, wish I knew the, the magical answer that, that anyone in healthcare wouldn’t have to face this issue. I do think I have some perspective and advice, but I will be honest in saying that this is still something that I struggle with in the healthcare industry all the time. And that is exactly what you said, right?
We are an important and critical function of our health systems to connect the community, patients and families with the products and services, really services more than anything that they need to maintain and proactively stay healthy, right? But we have to compete [00:16:00] with the dollars that are necessary for delivery, excellent, exceptional patient care and outcomes, and those are things.
You know, our population is growing like crazy and we have to build additional hospital space and we have to build additional primary care clinics, and those things are very significant capital investments. It’s a little hard to compete with those types of investment because you know that we need the capacity to care for those patients.
But that also the function that we offer is critical, connecting those patients and offering them access and information about those services. So the way that I tackle it here, and what I’m still working towards at St. Luke’s is ensuring that our leadership has an understanding of the impact of each of those connection points and kind of the extent in the volume of them, [00:17:00] right?
So, you know, when you have 10 million visits to your website in a year, for example. They need to understand the impact and the value of those connection points so they understand the importance of continuing to invest in them and that our world changes so quickly and evolves so quickly as well, that we need to be able to be nimble, right?
So whatever you guys can do out there to educate your leadership. Every time somebody invites you to present anywhere, say yes and like it doesn’t matter if you don’t think you have anything new to say, go there and remind them about the importance of all these things. Talk to them about what you’re doing.
Talk about what you’re seeing in the community and what patients are asking for. Talk about what trends are happening out in other industries that that could influence healthcare, the evolution of your digital experience, but it has to be top [00:18:00] of mind for them always as a critical piece of your patient engagement and community engagement infrastructure, I would say.
But what that really boils down to from a budget perspective is that it has to be kind of an ongoing budget that’s dedicated to helping you evolve over time. You will always struggle if it’s project-based, right? You don’t wanna have to go ask, and now I wanna do this, and now I wanna do that, and now I wanna do this.
Like, it has to be something that the entire organization understands, needs constant feeding and investment. And it’s critical as the front door to your organization. So whatever you can do to. For that, for that ongoing committed and dedicated budget. And then also whatever you can do to continue to get in front of as many leaders as you can, whether they’re your executive leaders, whether they’re patient care leaders, even [00:19:00] nursing leaders.
I really think that as much as they understand about the work that you do, the more you’ll be considered as a critical part of that infrastructure and the easier it will be for you to get that funding, not as a competitor to the things. The organization needs to build buildings and to expand access, but as a critical piece of being able to do that successfully.
Jenny: That’s a great perspective and one that we hear often is that relationship building within your organization is so important.
Final question is, let’s talk about resources. So if you were to give advice to someone just entering the healthcare marketing space, what resources would you point them to for continuing education and to kind of understand the trends and what is happening?
If they are in a situation, say that they can give a presentation to their organization’s leadership team, or really just even a stay up to date themselves, where should they be looking?
Cindy: Well, you know, I will tell you that this may be not the answer that you were expecting, but I’ll tell you it is what came to.
So [00:20:00] my career is about 25 years old and I have been at St. Luke’s for 12 years, but I’ve been working for a bit longer than that. And earlier on, especially in my healthcare role, I was really looking outward for inspiration on what to do next. I have to tell you that these days I am looking inward within our organization more for that inspiration.
I’ll tell you why. I think that’s really important for younger people who are earlier in their careers. What I have found is that I would go out and I would get these really amazing ideas about trends and opportunities, and then they would be incredibly difficult to advance or implement just for practical reasons.
Everybody else would think that they were awesome and exciting and definitely something we’d be interested. But, but getting them prioritized and getting them executed practically [00:21:00] sometimes was challenging. Like the fact that, you know, we had the opportunity during Covid to launch that online reputation management work.
It wasn’t a new idea right The timing was right. I don’t know if we would’ve gotten to it yet if Covid hadn’t happened. But I would say that what I have found to be most valuable in my career in learning and helping me support St.Luke’s in achieving its objectives is putting myself out there within the organization and helping connect the dots where they might not, you would think they’re connected, but maybe they’re not. I’ll give you an example. One of the things that I feel has been most helpful is building relationships.
You said a lot of people mention this, but with senior nursing leaders, usually in a healthcare marketing role, I feel like you hear more from executive leaders or [00:22:00] physician leaders or physicians or clinic managers that want something. I didn’t have any earlier on in my healthcare career any natural connections with senior nursing.
But I will tell you that I think that say they’re the best people to know within an organization to really understand what is working well in our patient care engagements. What is not working well? What are some of our opportunities and how someone in a marketing or digital role can help support patient experience.
So one of my closest colleagues here at St. Luke’s has become our director of patient care experience. And we talk all the time about the types of things that they’re seeing, the content that we can deliver, the things that we can say, the way that we, ways that we can help educate the patients and the community to help ease their experience and improve their experience.
And what I found is that we don’t always have to look outside for ways to really dramatically change our organizations and help [00:23:00] our organizations, the opportunities are there, and they’re glaring often right in your face. And sometimes they just need someone with a marketing mindset or an experienced mindset to help activate those things.
So if you’re in healthcare and you don’t know any nursing leaders find a way to meet some. And I also think, I’ve always struggled with the sort of quote unquote mentorship relationship. If you just ask someone for a mentor and then you sit down for coffee every once in a while and that can be great and it’s awesome.
And I have some people that I do that with, but I have learned the most when I dive into a project with someone that scares me a little bit. Right? I’ve done that a couple of times with some nursing leaders in a healthcare organization. There are lots of things that need to get done that are not really anyone’s job to do.
And I volunteered sometimes, sometimes with a little [00:24:00] bit of hesitation, but I volunteered sometimes to take on things that would certainly impact my work and impact patient care. But if I hadn’t taken them up, nobody else really would’ve done them because they’re nobody’s job. And so I kind of decided to bring together some people that I thought could help get it done.
And in one, in one particular instance, those leaders were senior nursing and we worked together for 18 months on a way to improve our information governance on patient care materials, right? Like how we’re organizing them, how we’re delivering them, how we’re templatizing them, all those sorts of things.
It was nobody’s exact job, but it was something that we knew would help improve our patient care experience, and I learned so much from them during that period, even though I had already worked at St. Luke’s for eight or nine years.And then of course you have these relationships throughout the organization that you can tap into as you go on for more of that mentorship, more of those ideas and more of a finger on the pulse of where you can help and [00:25:00] where you can improve.
So I don’t have any great outside resources to share. I mean, not that they aren’t there. I still go to conferences. I still read marketing articles and all of those things, but where I find the inspiration that is most practical and easy to implement at St. Luke’s is from within.
Jenny: Cindy, it has been an absolute joy having you on today’s episode. I will link to your LinkedIn bio in the show note. So if anybody’s interested in reaching out directly, they can connect and chat more in depth about these topics. But thank you so much for being on. It’s been a joy.
Cindy: Thank you for having me.