Safeguarding patient data without sacrificing the power of Google Ads.

Like many consumer-facing brands, our client leverages the massive audiences on the Google Ads platform to promote its services. However, like many healthcare providers, they face unique regulatory challenges in healthcare marketing that make many use cases of Google Ads non-compliant.

Challenge

Google Ads and other ad platforms are not HIPAA-compliant by default

Solution

Preventing PHI from reaching Google Ads and third-party platforms while retaining first-party conversion information

Results

HIPAA-compliant digital ads, Protected Patient Information, Optimized Ad Performance

The Problem

It’s no secret that Google Ads collects massive amounts of demographic and behavioral data from its advertisers. For healthcare companies, this means that Google Ads sends page URLs, keywords, and other data that contains protected health information (PHI) – and pairs it with user identifiers. As a result of the OCR bulletin and the fact that Google Ads will not sign a BAA, it’s a clear HIPAA violation.

Our client faced a critical decision. They could either stop using Google Ads and severely limit the power of their marketing or risk facing massive non-compliance fines. Penrod proposed a third option – a healthcare-focused, enterprise-ready customer data platform built on the power of Salesforce that safeguards first-party PHI from reaching non-compliant platforms like Google Ads.

The Solution

Penrod stepped in to implement Destinations for Data Cloud, an enterprise-grade, healthcare-first solution allowing our client to protect patient privacy without sacrificing powerful digital marketing strategies.

Penrod pointed out that much of the data sent to Google Ads by default is not necessary to use the service. Destinations lets our client pair conversion data with PHI in the first-party Data Cloud platform. They can then redact any PHI from this data before the conversion gets sent to Google Analytics.

Now that our client stores conversion data in a first-party, BAA-protected platform, they can build more powerful visitor profiles than ever before by combining marketing conversion data with information from other systems, including EHRs, clinical systems, and marketing platforms.

This allows our client to utilize Google Ad’s massive audiences, retain the conversion data, and comply with HIPAA regulations because they aren’t sending user identifiers paired with PHI to Google Ads.

The Results

Destinations for Data Cloud allows our client to continue leveraging the massive reach of Google Ads in a HIPAA-compliant manner. Because they store first-party conversion details in an enterprise-grade customer data platform, their marketing team can leverage actionable data to make better decisions and optimize ad performance.

The Future

As we learned from the recent AHA ruling, the legislative landscape continuously changes. Destinations for Data Cloud is built with growth in mind and ensures compliance with future legislation. As a result, our client will be able to use the same redaction engine that supports Google Ads for Meta, Facebook Ads, LinkedIn, and YouTube. This empowers them to remain compliant as their marketing strategies evolve – and as healthcare regulations change.

Conclusion

In an ever-evolving healthcare landscape, our client has successfully navigated the complexities of digital marketing while prioritizing patient privacy and compliance.

By implementing Destinations for Data Cloud, they protect sensitive health information while enhancing their marketing efforts with actionable data and granular visitor profiles. This strategic approach shows that healthcare organizations can harness the power of digital advertising without compromising compliance. As they continue to adapt and expand their marketing strategies, our client is a leader in achieving balance between privacy and performance in healthcare marketing.

Compliant Google Ads

Granular Reporting

Future-Proofed Compliance

Request Free Consultation

Need compliant google ads, granular reporting, future-proofed compliance, and a partner who can help?

We're here for you. Fill out the form on the right for a free consultation!

 
By submitting this form, you confirm that you have read and agree to the Penrod privacy policy.