The world of healthcare marketing is full of risk–improperly using tracking software can result in fines from regulators, state-level fines, class action lawsuits, and create negative brand trust if HIPAA regulations are breached. Yet, marketers know the value of attribution data–it can help build targeted campaigns and save on the cost of patient acquisition. Is there a safe way to track marketing activities while maintaining trust and compliance?
In a recent webinar, Chris Nelson, Senior Manager of Vertical Marketing at CallRail, James Corr, Head of Partnerships at Freshpaint and Ray Mina, Vice President of Marketing at Freshpaint, sat down to discuss patient privacy and how to navigate how to balance using valuable data and remaining HIPAA compliant.
Mina says that marketers have a decision to make.
“They can be perceived as just doing the bare minimum to protect patient privacy, or being viewed as doing the most,” Mina says. “People are choosing to get ahead of this and get to a place where they’re more selective about the data they share – and make sure they protect patient data.”
How to make patient privacy a priority without eliminating data
According to Corr, the only way to truly mitigate risk is to forgo the use of trackers of any kind. But without that data, marketers are guessing at the efficacy of their campaigns and spending more than necessary on patient acquisition. Instead, he advises four actions to be as compliant as possible.
- Move to a different analytics platform. Google Analytics and Facebook are not HIPAA compliant nor will they be in the future. Turn off Google signal, User ID collection, and unlink Google Ads, as the most recent guidance from HHS established all data, including before the patient is converted, is protected by HIPAA. That means that even informational viewing counts.
- Use a vendor that will sign a BAA. HHS also established that the only ‘safe’ partners for marketers are those that will sign a business associate agreement (BAA). A BAA obligates the vendor to support the provider’s HIPAA compliance. Google and Meta will not sign a BAA. Freshpaint and CallRail will.
- Clean data before exporting. Since it’s hard to avoid Google and Meta, use them as safely as possible by renaming all conversations to a generic interaction and strip all PHI from transcripts before exporting to Google Ads.
- Export data to other software platforms with extreme caution. Exporting to a platform that works to maintain HIPAA compliance on their own is the wisest thing to do.
- Don’t share credentials. Within your marketing team, make sure that employees aren’t sharing credentials. In the event of a HIPAA audit, every person with access should be logged using individual log-ins.
CallRail and Freshpaint offer peace of mind
CallRail and Freshpaint are a one-two punch for data and privacy with an all-in-one seamless integration. CallRail’s Healthcare Plan offers several tools to maintain HIPAA compliance, including auto redaction, detailed call logs, individual credentials, and a BAA. Once that data is collected through CallRail, the Freshpaint integration takes it to the next level, creating anonymized titling and eliminating PHI completely.
In addition to offering peace of mind for Call Tracking, integrating with Freshpaint offers CallRail clients access to non-native integrations.
“We had a customer tell us that by sending this conversion data from calls back to the ad platforms, which they now felt comfortable doing, they reduced their customer acquisition costs by 50%,” Corr says.
Patient privacy and effective marketing can go hand in hand. Find out how CallRail and Freshpaint can revolutionize your marketing.
