Our client is an internationally acclaimed health system recognized for its commitment to research, patient care, and multi-specialty education. With thousands of physicians, they excel at providing primary, multi-specialty, and ambulatory care to a diverse metropolitan population.
Learn More
Like many consumer-facing brands, our client leverages the massive audiences on the Google Ads platform to promote its services. However, like many healthcare providers, they face unique regulatory challenges in healthcare marketing that make many use cases of Google Ads non-compliant.
Google Ads and other ad platforms are not HIPAA-compliant by default
Preventing PHI from reaching Google Ads and third-party platforms while retaining first-party conversion information
HIPAA-compliant digital ads, Protected Patient Information, Optimized Ad Performance
It’s no secret that Google Ads collects massive amounts of demographic and behavioral data from its advertisers. For healthcare companies, this means that Google Ads sends page URLs, keywords, and other data that contains protected health information (PHI) – and pairs it with user identifiers. As a result of the OCR bulletin and the fact that Google Ads will not sign a BAA, it’s a clear HIPAA violation.
Our client faced a critical decision. They could either stop using Google Ads and severely limit the power of their marketing or risk facing massive non-compliance fines. Penrod proposed a third option – a healthcare-focused, enterprise-ready customer data platform built on the power of Salesforce that safeguards first-party PHI from reaching non-compliant platforms like Google Ads.
Penrod stepped in to implement Destinations for Data Cloud, an enterprise-grade, healthcare-first solution allowing our client to protect patient privacy without sacrificing powerful digital marketing strategies.
Penrod pointed out that much of the data sent to Google Ads by default is not necessary to use the service. Destinations lets our client pair conversion data with PHI in the first-party Data Cloud platform. They can then redact any PHI from this data before the conversion gets sent to Google Analytics.
Now that our client stores conversion data in a first-party, BAA-protected platform, they can build more powerful visitor profiles than ever before by combining marketing conversion data with information from other systems, including EHRs, clinical systems, and marketing platforms.
This allows our client to utilize Google Ad’s massive audiences, retain the conversion data, and comply with HIPAA regulations because they aren’t sending user identifiers paired with PHI to Google Ads.
Destinations for Data Cloud allows our client to continue leveraging the massive reach of Google Ads in a HIPAA-compliant manner. Because they store first-party conversion details in an enterprise-grade customer data platform, their marketing team can leverage actionable data to make better decisions and optimize ad performance.
As we learned from the recent AHA ruling, the legislative landscape continuously changes. Destinations for Data Cloud is built with growth in mind and ensures compliance with future legislation. As a result, our client will be able to use the same redaction engine that supports Google Ads for Meta, Facebook Ads, LinkedIn, and YouTube. This empowers them to remain compliant as their marketing strategies evolve – and as healthcare regulations change.
In an ever-evolving healthcare landscape, our client has successfully navigated the complexities of digital marketing while prioritizing patient privacy and compliance.
By implementing Destinations for Data Cloud, they protect sensitive health information while enhancing their marketing efforts with actionable data and granular visitor profiles. This strategic approach shows that healthcare organizations can harness the power of digital advertising without compromising compliance. As they continue to adapt and expand their marketing strategies, our client is a leader in achieving balance between privacy and performance in healthcare marketing.