HIPAA Compliant Pinterest Ads with Salesforce Data Cloud
See how healthcare companies can use Salesforce Data Cloud to make Pinterest Ads HIPAA-compliant
Read Full Use Case
See how healthcare companies can use Salesforce Data Cloud to make Pinterest Ads HIPAA-compliant
Read Full Use Case
With users connecting through inspiring content on a daily basis, Pinterest offers marketers a unique platform to share authentic stories. However, recent lawsuits in healthcare advertising have heightened concerns about HIPAA compliance – even when the marketing benefits are substantial.
Like Bing Ads, Google Ads, and other digital advertising platforms, Pinterest Ads can pose risks for healthcare organizations. The challenge arises from how the Pinterest Tag can pair user identifiers with protected health information (PHI).
The recent Health and Human Services ruling on tracking technologies gives healthcare advertises two choices with distinct risks. They can either discontinue their Pinterest Ad campaigns, or potentially expose themselves to the threat of substantial lawsuits.
Preventing the Pinterest Pixel from collecting and sending protected health information
Salesforce Data Cloud, a HIPAA-compliant customer data platform (CDP)
HIPAA-compliant marketing on Pinterest Ads and Safeguarded PHI
To our knowledge, most social networks like Pinterest do not sign Business Associate Agreements (BAAs). Consequently, healthcare companies should avoid associating Protected Health Information (PHI) with Pinterest conversion events. It’s important to understand that PHI encompasses far more than many realize. It can include any element on a landing page that indicates a visitor’s intent to seek information or services related to a health condition.
That means PHI is more than the what users submit on web forms; it's also included in page titles, web URLs, page content, and any visible data. Pinterest Ads enables visitor tracking through the "Pinterest Tag," a snippet of code that captures visitor behaviors on your website. The pixel gathers both user identifiers and content identifiers to help marketers monitor conversions on ad campaigns, products, and services.
The Pinterest Tag identifies users with the following data points:
The Pinterest Tag identifies the content that drives conversions using the following parameters:
Each Pinterest Tag parameter provides valuable insights into which pages drive conversions for specific advertisements, enabling precise performance tracking. Retaining Pinterest conversion data is essential for evaluating ad effectiveness. However, combining sensitive data with identifiable information can lead to potential HIPAA violations. To maintain HIPAA compliance while using Pinterest Ads, it is crucial to preserve conversion data while fully redacting any protected health information (PHI) from parameters such as loc, ref, and search_string.
Here is a diagram to explain:
Covered entities need a secure intermediary to bridge the gap between themselves and non-compliant platforms like Pinterest Ads. Recent updates to the OCR Bulletin advise marketers to safeguard PHI within a customer data platform (CDP). Salesforce Data Cloud, a leading CDP, is equipped to enter into a Business Associate Agreement (BAA) with covered entities, providing them with the legal framework to manage healthcare data alongside user identifiers collected from tools like the Pinterest Tag.
To ensure HIPAA compliance with Pinterest Ads, Penrod implements a secure server-side container for data processing, coupled with a Customer Data Platform (CDP) like Salesforce Data Cloud for compliant data storage.
The resulting platform architecture for addressing the HIPAA-compliant Pinterest Ads use case looks like this:
This ensures that identifiers are never paired with PHI, enabling healthcare companies to launch successful marketing campaigns on Pinterest.
We're here for you. Fill out the form on the right for a free consultation!