HIPAA Compliant Google Ads with Salesforce Data Cloud
Learn how healthcare companies are using Salesforce Data Cloud to make Google Ads HIPAA compliant.
Read Full Use Case
Learn how healthcare companies are using Salesforce Data Cloud to make Google Ads HIPAA compliant.
Read Full Use Case
Google Ads stands out as one of the most effective platforms for precisely reaching target audiences. However, it is not inherently HIPAA compliant, preventing healthcare companies from leveraging its full potential. Why isn't it compliant? Google Ads tracks conversions on landing pages that include protected health information, such as healthcare services or conditions. This practice, when combined with user identities, constitutes a HIPAA violation according to the OCR ruling. Consequently, healthcare companies face a dilemma: either they must forego Google Ads' vast audience or find a way to ensure compliance with HIPAA regulations.
Ensuring protected healthcare information (PHI) is safeguarded from Google Ads while maintaining conversion data
Salesforce Data Cloud, a HIPAA-compliant customer data platform
Safeguarded PHI, HIPAA-compliant marketing
When using Google Ads, healthcare companies can't pair PHI with conversion events because Google Ads won't sign a BAA. What constitutes PHI? Anything on a landing page that signals a visitor's intent to seek treatment for healthcare conditions. The possibilities are quite broad, ranging from colonoscopies to asking for more information about a medical device.
Keep in mind that it's not just about user input. PHI could be in the page title, the URL, the page content, or wherever else information is displayed.
Once a users clicks on an ad, Google Ads identifies them with the following data points:
Each of these data points are important to identifying who converted on a specific ad. As a result, solving this use case – and making Google Ads HIPAA compliant – rests in our ability to retain this data while redacting PHI.
Here is a diagram of what we're trying to achieve:
In order to handle the data redaction, healthcare marketers need an intermediary between themselves and the non-compliant ad platform, in this case Google Ads. According to updates made to the OCR Bulletin, the HHS recommends marketers can safeguard PHI in a customer data platform (CDP). CDP providers like Salesforce Data Cloud will sign a BAA with regulated entities, meaning that they have legal authority to handle PHI when paired with user identifiers.
To solve this use case, we configure a platform that contains a secure server side container, and a CDP like Salesforce Data Cloud.
The final platform topography for solving the HIPAA compliant Google Ads use case looks something like this:
The platform ensures that user identifiers during conversion events are never paired with PHI, allowing healthcare marketers to use Google Ads to create powerful marketing campaigns.