Maybe it's your legal team, understandably worried about where the "line" is. Maybe it's a fear of website trackers capturing and sending PHI. Healthcare marketers need data to do their jobs, but legal teams need compliance to keep theirs. It often feels like marketers have to choose between effective tactics and following rules that get stricter by the day.
If marketers shut off analytics and trackers completely, they lose visibility into key campaign moments. They don't know what worked, what didn't, or how to improve. And ultimately, "going dark" hurts the patient experience because we can't effectively reach them. The answer isn't to stop using data. The answer is to optimize it, collect it responsibly, and activate it in a way that is governed and HIPAA-safe.
The Conflict: Marketing Needs vs. Legal Rules
For years, we’ve been talking about the changes in HIPAA, especially for digital marketers. The landscape keeps evolving with new administrations and new guidance from Health and Human Services.
One of our partners, Ben Seyden from Salesforce, was the Executive Director of Digital Strategy at a 15-hospital system in the Midwest where he faced this exact scenario. According to Ben, "Our legal team was very much concerned that we not go over any lines that could be blurred."
Privacy is a friction point. Marketing is built on a foundation of moments. We need to know what happens before someone chooses a provider, before they schedule an appointment, and before they engage with our brand. That's all data. Then, these "moments of truth" are where optimization happens. And that creates the full patient lifecycle.
If we let fear of compliance shut down our access to insights, we aren't just hurting our campaigns. We're hurting our ability to help patients navigate their health.
And despite the friction caused by compliance, Ben ran an incredibly successful marketing function at the Midwest provider, delivering a 32:1 return on marketing spend.
How did he do it? It comes down to responsible data.
The Solution is Responsible Data
So, how do we solve this? We work with legal, not against them. The goal is to optimize the data, collect it responsibly, connect it across channels, and activate it safely.
When we do this, we can still influence critical decisions. We can still identify:
- Planned moments: When a patient is researching a specific procedure.
- Real-time moments: When a patient is actively looking for care right now.
- Predictive moments: When data suggests a patient might need care soon.
And, we can capture all of this while protecting Protected Health Information (PHI) and maintaining trust.
Why "going dark" is safe, but a bad strategy
Some health systems react to privacy concerns by stripping away all tracking. But data without action is just trivia.
30% of global data is healthcare data. We are sitting on a mountain of information. If that data isn't allowing us to improve our engagement with our patients, it's useless.
An omnichannel strategy isn't about being everywhere at once. It's about being in the right place, at the right time, in the right way.
Building Trust Between Care
Did you know that the average lifetime value of a patient is roughly $1.5 million, according to the US Census Bureau?
Your job as a healthcare marketer is to drive the biggest share of that wallet into your health system. But you don't do that by just being present when they have an acute condition. You do it by building a relationship over time.
The healthcare journey happens outside your four walls. Trust is built (or broken) in the time between episodes of care.
Engagement is a covenant, not a campaign
If we aren't present in those in-between moments, we aren't really present at all. A physician can't deliver incredible care if we haven't built the trust needed for that individual to choose us in the first place.
Meaningful engagement is essential. It's not just a marketing campaign, it's a covenant. It's us saying, "Hey, we know you are living a full, messy, beautiful life that our doctors don't see very often. We want to meet you where you are."
How to Deliver Personalization with Privacy
There is a great quote from a Forbes article that sums this up perfectly: "Patients want Netflix-level personalization, but Fort Knox-level privacy."
Trust isn't a box to check. It is the foundation of brand loyalty. To earn that credibility, we have to understand who the person is so we can deliver the right message.
Going beyond the EMR
We need to engage beyond the Electronic Medical Record (EMR). EMRs are great for clinical data, but they don't tell the whole story. We need demographic-enhanced data.
- Who are they?
- What is their income level?
- Are they insured?
- How can we help meet them where they are?
There are so many places where data sits that EMRs just don't track.
For example, some healthcare teams are now ingesting transcription data from call center interactions. Let’s say a person calls about a colonoscopy but hangs up without scheduling.
Using that data responsibly, you can identify that gap. You can then put them into a journey, by using digital ads or email, engaging them about the importance of screening. It could save their life.
That isn't just a marketing tactic. That is how we make patients feel seen, known, and respected.
Moving Forward
It is possible to navigate the world of healthcare compliance without sacrificing the data you need to grow. By respecting privacy while leveraging insights, you can build a patient acquisition engine that drives ROI.
We steadfastly reject the idea that you have to choose between compliance and performance. You can have both.
Consultation
Looking for personalization and privacy?
We can help. Learn how Penrod Destinations ensures PHI never reaches the digital marketing tools you rely on.
Learn More →