With a global market share just north of 10%, Bing Ads can feel like an afterthought. However, Bing continues to grow – and with a captive audience of 100 million users, healthcare companies don't want to miss out on potential customers.
However, like Google Ads, healthcare companies hesitate to use Bing because it is not inherently HIPAA compliant. Bing Ads tracks conversions on landing pages that may include protected health information, such as health conditions, healthcare services, and more. Combining identifiable digital information with healthcare data is a recipe for disaster. Given the OCR ruling, healthcare companies face a dilemma: either they can't use Bing Ads' to reach new markets, or they must find a way to us the service in a HIPAA-complaint manner.
Preventing protected health information from reaching Bing Ads while maintaining conversion data
Salesforce Data Cloud, a HIPAA-compliant customer data platform (CDP)
HIPAA-compliant marketing, Safeguarded PHI
Covered entities aren't allowed to combine PHI with conversion events because Bing Ads won't enter into business associate agreement (BAA). In the realm of digital advertising, PHI is an incredibly broad term. PHI can involve anything on a landing page that reveals a visitor's intent to treat a health condition or ailment.
PHI isn't just about what users enter into a form. It may exist in the landing page title, URL, content, or wherever information is displayed.
Bing Ads drives visitor tracking with the "Universal Event Tracking" tool, or UET for short. UET records what customers are looking at on your website, helping you track conversions and create re-marketing audiences. To create a conversion, UET gathers user identifiers and content identifiers.
Bing Ads identifies users with the following data points:
Bing Ads identifies the content that led to a conversion with the following parameters:
Each of the UET parameters help Bing Ads determine who converted on which pages for specific ads. Retaining conversion data is crucial for measuring ad performance. However, combining sensitive information with identifiable information is a HIPAA violation. As a result, solving this use case – and ensuring that Bing Ads is HIPAA compliant – means that conversion data must be retained, and PHI from the p, r, and kl parameters must be redacted.
Here is a diagram of what we're trying to achieve:
Covered entities need an intermediary between themselves and non-compliant platforms like Bing Ads. According to recent additions to the OCR Bulletin, the HHS recommends that marketers safeguard PHI in a customer data platform (CDP). Salesforce Data Cloud, a leading CDP, will enter into a BAA with covered entities, granting them legal authority to handle healthcare data paired with user identifiers from Bing's UET tool.
To make Bing Ads HIPAA compliant, we set up a secure server side container to process data, and a CDP like Salesforce Data Cloud to store it.
The final platform topography for solving the HIPAA compliant Bing Ads use case looks something like this:
The platform ensures that user identifiers from Bing Ad's UET are never paired with PHI, allowing covered entities to create powerful marketing campaigns with Bing Ads.