Google’s Policy Restrictions on Healthcare Advertising
Google’s internal rules heavily restrict healthcare players like pharmaceutical manufacturers. The search engine imposes strict policies to ensure that health-related ads are accurate, ethical, and compliant with legal standards. Some of the most important policy guidelines include the following.
1. Content Restrictions
Some of the outlawed ads include those promoting unapproved substances, weight loss programs with unrealistic results, and products claiming to cure serious medical conditions without scientific evidence. The prohibitions ensure that target readers are not exposed to deceptive content.
2. Location Restrictions
Google restricts certain advertisements targeted towards specific geographic areas. For instance, pharmaceutical manufacturers can only promote prescription medicine ads in Canada, the US, and New Zealand – not anywhere else. With this restriction, health marketers must be aware of the regulations in various target locations to avoid ad disapproval or account suspension.
3. Industry Restrictions
Pharmaceutical companies are in one of the most strictly regulated industries on the Google advertising platform. Google requires pharmaceutical companies to obtain a certification before advertising by filling out an application. The certification process ensures that only reputable companies promote services or products on the Google display network.
It’s important to note that even with a certification, Google prohibits pharmaceutical manufacturers from targeting locations where they are not licensed. Additionally, the search engine prohibits certified manufacturers from advertising prescription drugs for over-the-counter use.
4. Search Term Restrictions
In most countries, Google prohibits the use of prescription drug terms in ad text. However, certified online pharmacies and pharmaceutical manufacturers operating in Canada, the United States, and New Zealand are exempted from this restriction.
5. Prohibition on Certain Medical Services
Google prohibits advertisements for certain medical services in some locations. These restricted services include abortion, birth control, health insurance, home HIV tests, and addiction services. With these restrictions, Google ensures that providers of sensitive medical information and services promote their services following local regulations.
Google Ads and Regulatory Restrictions
Generally, HIPAA regulations require healthcare providers to sign a Business Associate Agreement with third-party service providers that handle protected health information. The agreement obliges the third party to safeguard PHI following HIPAA’s regulations.
That said, Google Ads are not HIPAA compliant out-of-the-box because Google Ads does not sign a BAA with health marketers. Besides the inability to sign a BAA, Google Ads are non-compliant with HIPAA for the following reasons.
1. Google Ads Relies on User Identifiers
HIPAA mandates strict protection of PHI, especially when combined with data that can identify individual users. This data is considered individually identifiable health information (IIHI). Because Google Ads relies heavily on user identifiers like location, IP address, device IDs, click IDs, and Google account information to deliver targeted advertisements, the data is specific enough to identify individuals.
2. Google Ads Uses Lookalike Audiences
Google Ads can be deemed noncompliant with HIPAA if an advertiser generates lookalike audiences using IIHI. During the process of creating look-alike audiences, non-compliant advertisers may inadvertently – or purposefully use – PHI to find new audiences.
The platform uses the information to target new customers with similar characteristics. The process of creating lookalike audiences isn’t HIPAA compliant because it discloses sensitive medical information to a partner without a business associate agreement (BAA) in place.
3. Google Ads Use Retargeting Audiences
Besides look-alike audiences, Google Ads is not HIPAA compliant due to its use of retargeting audiences. The reason? Retargeting often involves tracking sensitive PHI like a patient’s medical conditions and personal identifiers like device IDs, click IDs, IP Addresses, or emails.
Ways to Use Google Ads in a Compliant Way
Regardless of the strict policies from Google and government entities, healthcare companies can still take advantage of Google Ads without violating HIPAA.
1. Redact PHI From All Conversion Events
Disclosing PHI to unauthorized parties is one of the reasons Google Ads is not HIPAA compliant out-of-the-box. For this reason, when you want to use the ads in a compliant way, make sure you redact the PHI from page titles, page content, or page URLs in conversion events.
2. Refrain From Using Look-alike Audiences that Rely on IIHI
When using look-alike audiences in your Google Ads campaign, avoid tracking PHI like a patient’s medical conditions, treatments, or identifiers. PHI disclosures is what makes lookalike audiences non-compliant with HIPAA.
Instead of building your lookalike audiences around sensitive patient data, use broad targeting demographics. These include things like age range or a geographic location broader than ZIP code to identify audiences that resemble your existing customer base.
3. Avoid Retargeting Ads that Rely on PHI-related Visitor Behavior
When retargeting, refrain from tracking visitor behaviors that involve PHI information. These behaviors include visits to specific medical websites, searches related to sensitive health conditions, or interactions with health-related content.
Rather than focusing on PHI-related behavior, retarget based on broader website engagement metrics. Some of these metrics you’d consider here include general page visits, time spent on a website, or acquisition source.
Navigate Google Ads and Healthcare with Penrod
Using Google Ads in the healthcare industry is challenging and risky. It requires not only a deep knowledge of Google’s stringent internal policies, but quickly changing government regulations.