Resources / Salesforce Case Studies / HIPAA Compliant Marketing with Platform + Partner

HIPAA Compliant Marketing with Platform + Partner

Are Google Ads, Facebook, and other ad platforms HIPAA compliant? Our client, a large hospital system in the southern US, faced that question after the OCR bulletin rocked the healthcare industry in 2023. In response, they played it safe by removing web trackers from their website, but marketing programs started to suffer. Did compliance really mean that performance had to take a back seat?

Key Industry

Provider

Key Pains

HIPAA Compliance, HIPAA Compliant Digital Ads, Patient Privacy

Product Mix

Destinations

Balancing patient privacy with performance.

Marketing compliance has gotten more complicated since our client opened its doors in the 1960’s. Strategies evolved from newspaper placements, to direct mail, and now towards sophisticated digital ads with a massive caveat…they can potentially breach HIPAA by revealing sensitive healthcare information.

So what’s compliant and what’s not? In the past couple of years alone, guidance from the government and the threat of class action lawsuits have created more questions than answers. For our client, patient privacy is non-negotiable, and their marketing strategies reflect that commitment. In a sea of regulatory uncertainty, they were playing it safe by shutting off third-party trackers. But, they continued searching for answers.

Our client realized it needed a patient privacy platform to continue using digital ad platforms responsibly. However, regulations are constantly changing. Our client also needed a partner to keep its marketing programs compliant.

Platform and partner? They found both in Penrod. Let’s dive in.

Challenge

Keeping digital marketing campaigns HIPAA-compliant in a rapidly changing regulatory environment

Solution

Penrod Destinations

Results

HIPAA-compliant marketing campaigns that don’t sacrifice marketing performance

The Problem

The issue with digital ad compliance? Third-party trackers linking patient identities with sensitive health information (PHI). These trackers gather vast amounts of data about website visitors, including URLs, titles, page content, and user-submitted information. To make matters worse, big players like Google Analytics, Google Ads, LinkedIn Ads, and Meta refuse to sign business associate agreements. These platforms were central to our client’s marketing efforts. Shutting them down was the right move for patient privacy, but it came at a price. Marketing performance took a serious hit.

And then came the rulings. One after another, including the first (and second) OCR bulletins and the AHA lawsuit, the compliance landscape seemed to be shifting daily. Keeping up was exhausting, and compliance killed creativity for our client’s marketing team.

The truth is that marketing compliance has two sides—an “if” and a “how.” On one side, you need to determine if something is compliant. On the other, you need to decide how to make it compliant. Our client’s team struggled to execute campaigns and meet goals without a partner who could navigate both.

The Solution

The first goal? Get Google Analytics, Google Ads, Meta Ads, and Linked Ads back up and running with a HIPAA-compliant privacy platform. The second? Keep them that way with the power of partnership.

HIPAA Compliant Privacy Platform

Penrod implemented its patient privacy platform, Destinations, to make our client’s ad platforms HIPAA compliant. The result? Marketing programs that ensure patient privacy without compromising marketing performance. Here’s how it works.

Redaction Engine
A PHI redaction engine ensures that sensitive data never reaches Google Analytics, Google Ads, LinkedIn Ads, or Meta. Destinations quickly makes these ad platforms compliant by blocking PHI at the source.

Retention Without Risk
Destinations keeps marketing conversion data secure in a BAA-supported environment, allowing our client’s marketing team to optimize campaigns. Even with Meta’s recent restrictions on bottom-of-funnel conversions for health and wellness brands, we ensure performance marketing is still possible.

Multi-Website Support
Our client runs multiple domains and websites, but with Destinations, that’s no problem. The platform keeps PHI secure across every website, with no exceptions.

HIPAA Compliant Privacy Partner
As regulations change, so does marketing strategy. With Penrod, the future stays compliant. Our experts work with our client’s internal and external marketing teams to answer the ifs and hows of compliance. We focus on compliance so that their marketing team can focus on what they do best – keeping the community healthy by creating awareness about their health services.

The Results

Compliance didn’t mean that marketing had to take a back seat. Instead, the Destinations platform and Penrod’s partnership protect patient privacy, even in an evolving regulatory environment.

You deserve a privacy solution that works for you. If your organization is navigating challenges around HIPAA compliance and marketing performance, we'd love to help. Click here to book a demo of Penrod's Destinations platform today.

Full HIPAA Compliance

Compliant Conversion Tracking

Automatic PHI Protection

Request Free Consultation

Need full HIPAA compliance, compliant conversion tracking, automatic PHI protection, and a partner who can help?

We're here for you. Fill out the form on the right for a free consultation!

By submitting this form, you confirm that you have read and agree to the Penrod privacy policy.

What can we help you find?