HIPAA Compliant Facebook Ads with Salesforce Data Cloud

Solving the Use Case

Healthcare companies are prohibited from combining Protected Health Information (PHI) with conversion events, as Facebook Ads does not engage in business associate agreements (BAA). In the realm of digital advertising, PHI encompasses a wide array of information. It includes any element on a landing page that suggests a visitor's intent to address a health condition or ailment.

PHI extends beyond just the data users provide in forms; it can also be reflected in landing page titles, URLs, content, and any visible information. Facebook Ads enables visitor tracking through the "Meta Pixel," a tool that captures customer interactions on your website. This allows you to monitor conversions and create remarketing audiences. To facilitate conversions, the Meta Pixel gathers both user identifiers and content identifiers.

The Meta Pixel identifies users with the following data points:

• em
  Represents the email address. Facebook requires this value to be hashed.
• ph
  Represents the phone number. Facebook requires this value to be hashed.
• fn
  Represents the first name. Facebook requires this value to be hashed.
• ln
  Represents the last name. Facebook requires this value to be hashed.
• db
  Data of birth. Facebook requires this value to be hashed.
• client_ip_address
  IP address of the user's browser.
• fb_login_id
  Issued when a user logs into the Facebook app.
• fbc
  Represents the Facebook click ID and tracks user journeys after clicking on an ad.

Facebook Ads identifies the content that drives conversions using the following parameters:

• content_type
  Designates the type of content.
• content_name
  Designates the name of the content.
• content_category
  Designates the category of the content.
• action_source
  Includes specific datapoints of where the conversion took place, such as email, website, chat, phone, or physical location.
• event_source_url
  URL of where the event took place.
• referral_url
  Previous URL that lead to the conversion page.

Each Meta Pixel parameter helps Facebook Ads pinpoint who converted on which pages for specific advertisements. Retaining Facebook conversion data is crucial for assessing ad performance. However, combining sensitive data with identifiable information risks violating HIPAA regulations. To ensure that Facebook Ads remains HIPAA compliant, it is essential to retain conversion data while completely redacting any protected health information (PHI) from parameters like action_source, event_source_url, and content_type.

Here is a diagram of what we're trying to achieve:

Covered entities require an intermediary to bridge the gap between themselves and non-compliant platforms like Facebook Ads. Recent updates to the OCR Bulletin indicate that the HHS advises marketers to protect PHI within a customer data platform (CDP). Salesforce Data Cloud, a leading CDP, is prepared to enter into a Business Associate Agreement (BAA) with covered entities, thereby granting them the legal authority to manage healthcare data alongside user identifiers collected from the Meta Pixel.

The Platform

To ensure Facebook Ads are HIPAA compliant, we implemented a secure server-side container for data processing, alongside a Customer Data Platform (CDP) like Salesforce Data Cloud for secure data storage.

• The BAA-compliant CDP collects sensitive information from web conversions.
• The BAA-compliant secure server-side container executes redaction scripts to eliminate any Protected Health Information (PHI) from page titles, content, user-provided data, and more, guaranteeing that sensitive data never reaches Facebook Ads.

The resulting platform architecture for addressing the HIPAA-compliant Facebook Ads use case is structured as follows:

This setup ensures that user identifiers from the Facebook Ads Pixel are never linked to PHI, enabling covered entities to launch effective marketing campaigns using Facebook Ads.