Text Decoration text decoration

Make Bing Ads HIPAA Compliant with Salesforce Data Cloud

Discover how covered entities are using Salesforce Data Cloud to make Bing Ads HIPAA compliant.

Read Full Use Case
Text Decoration text decoration
Text Decoration text decoration

Bing Ads is a growing platform for healthcare marketing.

With a global market share just north of 10%, Bing Ads can feel like an afterthought. However, Bing continues to grow – and with a captive audience of 100 million users, healthcare companies don't want to miss out on potential customers.

However, like Google Ads, healthcare companies hesitate to use Bing because it is not inherently HIPAA compliant. Bing Ads tracks conversions on landing pages that may include protected health information, such as health conditions, healthcare services, and more. Combining identifiable digital information with healthcare data is a recipe for disaster. Given the OCR ruling, healthcare companies face a dilemma: either they can't use Bing Ads' to reach new markets, or they must find a way to us the service in a HIPAA-complaint manner.

Challenge

Preventing protected health information from reaching Bing Ads while maintaining conversion data

Solution

Salesforce Data Cloud, a HIPAA-compliant customer data platform (CDP)

Results

HIPAA-compliant marketing, Safeguarded PHI

Solving the Use Case

Covered entities aren't allowed to combine PHI with conversion events because Bing Ads won't enter into business associate agreement (BAA). In the realm of digital advertising, PHI is an incredibly broad term. PHI can involve anything on a landing page that reveals a visitor's intent to treat a health condition or ailment.

PHI isn't just about what users enter into a form. It may exist in the landing page title, URL, content, or wherever information is displayed.

Bing Ads drives visitor tracking with the "Universal Event Tracking" tool, or UET for short. UET records what customers are looking at on your website, helping you track conversions and create re-marketing audiences. To create a conversion, UET gathers user identifiers and content identifiers.

Bing Ads identifies users with the following data points:

  • msclkid
    Msclkid is generated when a Bing user clicks your ad and is stored in a first party cookie. It helps Bing Ads track visitor behaviors after clicking your ad.
  • uid
    Uid is a customer-defined user ID and helps track users across different browsers and devices.

Bing Ads identifies the content that led to a conversion with the following parameters:

  • p
    "P" contains the URL of the page and may contain PHI.
  • r
    "R" contains the referring URL and may contain PHI.
  • kl
    "Kl" contains the page title and may contain PHI.

Each of the UET parameters help Bing Ads determine who converted on which pages for specific ads. Retaining conversion data is crucial for measuring ad performance. However, combining sensitive information with identifiable information is a HIPAA violation. As a result, solving this use case – and ensuring that Bing Ads is HIPAA compliant – means that conversion data must be retained, and PHI from the p, r, and kl parameters must be redacted.

Here is a diagram of what we're trying to achieve:

HIPAA Compliant Bing Ads

Covered entities need an intermediary between themselves and non-compliant platforms like Bing Ads. According to recent additions to the OCR Bulletin, the HHS recommends that marketers safeguard PHI in a customer data platform (CDP). Salesforce Data Cloud, a leading CDP, will enter into a BAA with covered entities, granting them legal authority to handle healthcare data paired with user identifiers from Bing's UET tool.

The Platform

To make Bing Ads HIPAA compliant, we set up a secure server side container to process data, and a CDP like Salesforce Data Cloud to store it.

  • The BAA-protected CDP receives sensitive data from web conversions.
  • The BAA-protected secure server side container runs redaction scripts to remove any PHI from page titles, page content, user provided data, and more – ensuing that sensitive data never reaches Bing Ads.

The final platform topography for solving the HIPAA compliant Bing Ads use case looks something like this:

HIPAA compliant Bing Ads with a Customer Data Platform

The platform ensures that user identifiers from Bing Ad's UET are never paired with PHI, allowing covered entities to create powerful marketing campaigns with Bing Ads.

Redacted PHI

Retained Conversion Data

Compliant Retargeting

Text Decoration text decoration
Text Decoration text decoration
Request Free Consultation

Need redacted phi, retained conversion data, compliant retargeting, and a partner who can help?

We're here for you. Fill out the form on the right for a free consultation!

By submitting this form, you confirm that you have read and agree to the Penrod privacy policy.

Trusted by the leaders in healthcare and life sciences.