Meta, the parent company of Facebook, Instagram, and WhatsApp, is a leading force in social media. Its platforms are used by billions of people around the world, making them a valuable tool for marketing in nearly all industries, including healthcare.
While Meta offers several services for businesses including business pages, groups, and other options to expand organic reach, this article will focus on the advertising side of Meta.
Meta’s advertising platforms offer a variety of features that make them well-suited for marketing, including:
As a result of these factors, Meta’s platforms are a popular choice for marketing in a wide range of industries, including healthcare. Healthcare businesses can use Meta’s platforms to reach a large audience, or a more refined, targeted audience.
This type of advertising, outbound marketing, is often used in conjunction with search ads, a form of inbound marketing from Bing or Google, which we have gone over the compliance of in previous posts.
Pro Tip:
Meta does have specific guidelines around advertising in Healthcare. Most notably, companies promoting pharmaceuticals & addiction services must be verified through LegitScript in order to advertise on Meta’s platform.
Of all of the platforms you may be using, it’s possible that Meta is the one collecting the most information about your users. This is largely because users who see your ads are already registered users of Meta’s platforms, meaning that Meta has extensive profiles on each customer, even before they may view your ad.
More data can be collected if you have a Meta Pixel installed on the site that your ads are driving to. This pixel links events and conversions on your website to specific ads, as well as specific user profiles. Some of that data can even be passed through the click-through URL, meaning that data is shared with your analytics platform, such as Google Analytics.
After the updated guidance from the Department of Health and Human Services was released, there were two notable companies that faced scrutiny from the FTC, both of which were using Facebook marketing tactics. BetterHelp and GoodRx both settled for large sums after these allegations surfaced. The scariest part? They were using Facebook and Instagram ads in very common use cases. And while compliance isn’t really a black & white concept, from our perspective, Meta is a very risky platform that should be among the first platforms marketers evaluate.
Furthermore, there are also some tactics available in Meta Advertising that aren’t unique to that platform but are never HIPAA-compliant, such as remarketing and lookalike audiences. It is also important to consider other tools that have access to your Meta data, including optimization and data visualization software.
Some risks can be mitigated in Meta ads by taking advantage of options to enhance data privacy. These options include never using remarketing audiences and foregoing the Meta Pixel. This could disrupt how you’re currently evaluating marketing effectiveness, so if Meta is a platform you must keep to grow your business, there are ways to still leverage this channel with limited data sharing risks.
As with anything HIPAA-related, compliance tends to lie on a spectrum of your risk tolerance as well as the steps you take to mitigate as much risk as possible.
Pro Tip:
It’s important to connect with your legal team to determine how best to move forward. Listen to our HIPAA & FTC 101 podcast for more information about changes for healthcare companies.
Google Ads is a pay-per-click (PPC) advertising platform that allows businesses to display their ads on Google’s search engine results pages (SERP) and other Google properties, such as YouTube and Gmail. When someone searches for a keyword that is relevant to your business, your ad may appear at the top of the search engine results page. You only pay when someone clicks on your ad, so you can control your advertising budget. Google Ads offers a variety of ad formats, including text ads, display ads, video ads, and shopping ads. You can also target your ads to specific demographics, interests, and even locations.
Healthcare marketers can use Google Ads to reach the following audiences:
Pro Tip:
Google does have specific advertising policies that apply to some Healthcare products and services including pharmaceuticals, speculative and experimental medicine, clinical trial recruitment, health insurance, and addiction services. In order to advertise pharmaceutical products or addiction services, a LegitScript certification is required. In order to advertise health insurance, a G2 certification is required.
Google Ads collects a variety of data about its users, including:
Additionally, Google Ads can collect personal information, including names, email addresses, phone numbers, and location data when using Enhanced Conversions and Customer Audience Data Imports.
According to the updated guidance from the Department of Health and Human Services, there isn’t a clear yes/no answer. However, knowing that Google Ads will not sign a Business Associate Agreement (BAA), we think using Google Ads, specifically when using conversion tags, does pose a risk.
Furthermore, there are also some tactics available in Google Ads that aren’t unique to that platform but are never HIPAA-compliant, such as remarketing and lookalike audiences. It is also important to consider other tools that have access to your Google Ads data, including optimization and data visualization software.
As with anything HIPAA related, compliance tends to lie on a spectrum of your risk tolerance as well as the steps you take to mitigate as much risk as possible. Some risks can be mitigated in Google Ads by taking advantage of options to enhance data privacy. These options include using server-side tagging, never using audience imports, remarketing audiences, or enhanced measurement, and not tagging pages that could potentially pass PII/PHI in URL parameters.
Pro Tip:
It’s important to connect with your legal team to determine how best to move forward. Listen to our HIPAA & FTC 101 podcast for more information about changes for healthcare companies.