People don’t mind giving up their data to build human connection, that’s how we do it in real life conversation – like at a cocktail party. Trust is important, though, and it’s our job to protect personally identifiable information.
John Ours, Paragon CEO
In part one of our three-part blog series, Dynamic Personalization in Healthcare Websites, we discussed why personalization is valuable to consider. In our last blog, we shared some tips on the types of personalization tactics that can be deployed to actualize your plan. In this final blog of our series, we’ll let you know what to look out for to stay on the right side of your compliance department.
Understanding HIPAA and the Risks of Exposing PHI
According to Accenture, 83% of consumers are willing to share their data to enable a personalized experience, however, what data are you allowed to collect?
In the United States, a patient’s personal health information is federally protected and having a leak could lead to a fair bit of trouble. Healthcare marketers must know what is considered protected health information under HIPAA law. As written by HIPAA journal, “Protected health information (PHI) is individually identifiable information regarding the past, present, or future health status of an individual that is created, collected, or transmitted, or maintained by a HIPAA-covered entity in relation to the provision of healthcare, payment for healthcare services, or use in healthcare operations.”
This means health information such as diagnoses, treatment information, medical test results, and prescription information are considered protected health information under HIPAA, as are national identification numbers and demographic information such as birth dates, gender, ethnicity, and contact and emergency contact information.
As a rule of thumb, personal health information is considered protected when an individual could be identified from that information. If all identifiers are stripped from health data, it ceases to be PHI and the HIPAA Privacy Rule’s restrictions on uses and disclosures no longer apply.
Consider these actual risks of exposing PHI:
- Vulnerability of data in transit or storage
- Breach of web site or server software
- Accidental disclosure via shared workstation
- Inadvertent exposure to ad networks or remarketing
- Failures of encryption backups, auditing, access control
- Potential for vendor access without BAA
What Data is Safe (and Not Safe) to Collect
Healthcare compliance departments will have varying levels of risk tolerance for data collection and storage, and it’s important to consult your legal teams before embarking on the journey to dynamic personalization.
While we highly recommend consulting with your internal legal teams as you build your websites and applications, the following data is probably safe for you to collect:
- Browsing and search behavior
- Physician directory interaction
- Consumption of health information
- Campaign inclusion and response
- Requests for information
- Wellness classes, support groups
However, the following data is definitely Protected Health Information (PHI) and you should be very careful when collecting:
- All common identifiers
- All EMR data
- All insurance and billing data
- Physician relationships
- Appointment conversations
- Patient photographs (except when used within a healthcare organization for teaching and treatment purposes or when explicit informed consent is granted by the patient that accurately defines the intended use of the photographs)
While the former list is likely “inbounds”, remember to use finesse with how you use this data to present personalized experiences on your website. Profiling can be very powerful and can often accurately infer diseases and conditions and look like you’re leaking PHI, even when you’re not. Consider careful verbiage such as “Recommended Provider” instead of “Your Provider” or “Suggested Location” instead of “Your Location”. This helps to alleviate perceived PHI concerns.
Data and Risk Management Strategies
There are four options as you begin collecting data, with varying complexity. Consider the amount of work you’re willing to do and risk you’re willing to take. Please note that risk increases with each option presented below.
- Personalization data only (Lowest risk): No individually identifiable data.
This is the most secure option to completely avoid any pitfalls involving PHI. If you collect the same data that most retailers would, you can be in the clear. However, you won’t be able to provide the customer as personalized of an experience as you could if you were collecting a certain amount of individually identifiable data.
- Personalization data SEPARATED FROM individually identifiable data: Segregated = complex.
This option collects both personalized data and individually identifiable data, then keeps them separated. Having more information is great, although this will need an increased bandwidth and resources to run well.
- Personalization data PLUS individually identifiable data: Combined.
Having collected both kinds of data is fantastic and having them together saves on resources. However, this may lead to less security.
- Personalized Data PLUS PHI (Highest risk and should be avoided)
Do not do this. Be very careful when presenting protected health information. You do not want your customer to feel like you are selling to them based off information gathered from a very confidential and privileged encounter.
Talk to your compliance officer about personalization
The next step before deploying any personalization or engagement plan is to talk to your compliance officer. Here are a few Important questions to ask.
“As a user progresses from anonymous to conversion, will we gather at least their email address…”
- Can we store email addresses with behavioral data (page views, clicks, searches) if we acquire it during marketing activities?
- Can we store other identifiable data (e.g. wellness class sign up) in the same fashion?
- Do we, or will we, share marketing data with partners, affiliates, subsidiaries, or other organizations?
- Is there organizational interest in behavioral data outside of the DXP that collects it? Do we, or will we, personalize marketing emails?
Ready to get started with personalization?
We’re here to help you learn more about your audience, understand their journey, and implement the most effective, thoughtful systems to deliver a personalized message.