Redact PHI
Safeguard protected healthcare information from non-compliant vendors like Google Ads
Retain Conversion Data
Continue using Google Ad's conversion data to identify users who converted on specific ads
Retarget Compliantly
Engage visitors with HIPAA-compliant retargeting journeys that won't share PHI
Featured Resource
Navigating the Waters of HIPAA Compliance in Digital Marketing
This on-demand webinar helps you unlock the full potential of your healthcare marketing efforts while protecting patient privacy.
Watch Now →HHS recommends Customer Data Platforms for Compliant Ads
We check all the boxes of the latest OCR bulletin.
Questions and Answers
What is Google Ads?
Google Ads is an advertising platform that helps businesses deliver ads to targeted audiences in order to create awareness, drive website traffic, and generate sales. Ad formats include text ads, images, or video, and appear on websites across the internet or in Google Search results.
Is Google Ads HIPAA Compliant?
Not out-of-the-box. Google won't sign a BAA with healthcare marketers, meaning they are not authorized to handle the PHI associated with ads when paired with the user identifiers they collect.
Will Google Ads sign a business associate agreement (BAA)?
Not currently, and it's unlikely they will in the future. BAAs inherently limit data collection capabilities, and could subject Google to more regulation.
Can Google Ads be used in a HIPAA-Compliant manner?
Yes. Google Ads for healthcare is only problematic because it pairs user identifiers with protected healthcare information. By preventing protected healthcare information from reaching Google's servers, conversion identifiers can be safely sent. This requires the configuration of a server side container and de-identification of potential PHI.
How long does it take to implement a compliant solution?
It depends on the complexity of your existing Google Ads campaigns. However, for simpler implementations, compliance can be reached in as little as two weeks.
Does the recent AHA ruling in Texas mean that healthcare companies can run Google Ads without worrying about personal healthcare information?
No. The scope of the ruling in Texas only applies to instances where IP address is the only identifier. Google Ads collects several identifiers, including GLCID, WBRAID, GBRAID, and Session, that empower more accurate user identification. For more information, see our article that breaks down the AHA ruling.
Get a Free Action Plan
Ready to make your Google Ads for Healthcare HIPAA compliant?
Leverage the power of Google Ads to grow your healthcare business without worrying about non-compliance fines.
In this meeting, you'll:
- Get a HIPAA-compliance analysis of your current Google Ads
- Get a Free HIPAA Compliance Action Plan for Google Ads
By submitting this form, you confirm that you have read and agree to the Penrod privacy policy.