Episode Transcript
[00:00:00] Speaker A: Hi, my name is Tim Cohen. Welcome to Vital Conversations presented by Focus Solutions. Here we talk to various leaders around all of healthcare and kind of take a deep dive into their corner of the world. And we're going to have a unique one of those today. With me is Mara Pritchard of Fresh Paint, which you'll learn about more in a moment. Mara, welcome to Vital Conversations.
[00:00:22] Speaker B: Hey Tim, thanks so much for having me.
[00:00:23] Speaker A: Awesome. So we're going to talk about what may sound like an obscure part of hipaa which I can just tell people getting excited about.
But this is far more important today than it was when HIPAA was originally conceptualized, long before there was social media as we know it today. So Mara, frame up for us kind of why we're talking and what is this issue that physician practices need to better understand have on their radar screen and more importantly have in how they execute their marketing toward patients?
[00:00:53] Speaker B: Yeah, it's a great question. So something that, that I get to talk about all the time. So I'm excited to be here and chat with you about it. I think what's important to understand is like you had said, HIPAA is kind of been around for a while. How does it impact digital marketing? How does it impact marketers within this healthcare space? And I think what's really important, if we take healthcare out of the picture, there's a lot of really cool digital marketing tools and frameworks and technologies that everybody gets to use in the digital marketing world except for these like highly regulated industries such as health care.
[00:01:31] Speaker A: Okay.
[00:01:32] Speaker B: Or areas that are confined by hipaa. And so what's interesting to think about is, and what we try to think about is how can we allow marketers within this regulated space to continue to do digital marketing, to do best by their patients. Right. And their privacy and while also drive forward the business objectives that that they've been hired to go do as marketers.
[00:01:57] Speaker A: Now some of our, some of our listeners might in their head be going wait, wait, wait, timeout. I thought, I thought HIPAA was my obligation to keep protected the electronic record of my patients. When you're talking about marketing, how does this apply? Because they're not my patients yet. I'm, I'm using Facebook or Google Ads or something like that to attract patients, make the connection for us on how the regulations affect folks before they're yet our patients.
[00:02:23] Speaker B: Yeah, Abs, absolutely. So I think if we think about how does, let's use Google Ads as an example.
[00:02:29] Speaker A: Okay.
[00:02:29] Speaker B: How has Google Ads been this juggernaut, multi billion dollar business? It's Because Google Ads and Google knows who you are regardless of you, you know, inputting information.
Right. And what HIPAA states is you cannot have a system that holds personal identifying information and personal health information in the same place without what's called a business associate agreement, a baa.
[00:02:58] Speaker A: Right.
[00:02:58] Speaker B: So what that means is if you are someone who is looking into a health care provider, you're on the Internet, you look something up, you click on a Google Ad. Well, Google already knows who you are, right? So they have your personal identifying information.
[00:03:11] Speaker A: We all know that. We had a conversation in the kitchen about new leather shoes. And the next thing you know, I'm seeing ads for. So yes, Google knows a lot about us, right?
[00:03:19] Speaker B: Google knows a ton. And there's that kind of like creepy factor that we talk about a lot. Okay, Nobody wants that with healthcare. Right, so you don't want Google to know I'm looking into this specific medical complication or a certain provider or a blog post. Because now Google has your health information and if that exploration happens on a provider's site. So your, you know, clients, websites, if they have a website, that means that Google has health information and identifying information and they have not signed a baa, nor would they want to sign a baa, because they've built this business by having the data.
[00:03:59] Speaker A: So you're saying, let me make sure I understand. So I am online at Google, Google knows all these things about me. And then I'm logging on to a provider's website and I'm exploring, let's say I'm a dermatology patient, I'm looking for, I'm looking at a dermatologist site and exploring skin cancer. Those types of things you're saying now those two things are connected about me and the. Does that create a liability for the provider?
[00:04:26] Speaker B: If so, yes. If you have things like Google Pixel Tracking or Google Tag Manager and you haven't removed the personal information from those events.
So there is legal risk there. And we've seen, you know, class action lawsuits happen because people are tracking or, you know, healthcare providers are tracking this information and giving it back to Google is basically what happens.
[00:04:51] Speaker A: All right, so this feels like really, really murky. I'm guessing a lot of physician practices have no idea. This feels deep in the weeds on hipaa, deep in the weeds on how Google works. I mean, is that the problem? Like we don't understand actually what the rules require of us and how we're inadvertently getting trapped here?
[00:05:12] Speaker B: I think that there, so there is an understanding of what hipaa, you know, there's precedent. There. There's guidance on this. But I think you're right. Like, if you're not in the weeds of HIPAA or digital marketing, necessarily, you're like, how do I balance those two things?
[00:05:29] Speaker A: Okay.
[00:05:29] Speaker B: And so there are cases where we. We talk with a lot of providers who have no.
How do you become compliant? Right. Is probably the next question. Well, some people take the approach of, I turn everything off.
I have no visibility. I don't give any data back to the ad platforms. I don't have any tracking on my website, and that just removes.
[00:05:50] Speaker A: So the downside of that approach is I'm spending this marketing money trying to attract patients, and I'm losing the value that all the other businesses in the world have, which is when I get you as a customer in the outside world, as a patient, in my world, I know. I know where I got you. I know what campaign it was. I can evaluate my marketing spend. So if I turn it all off, yes, I could easily become compliant, but I'm now spending marketing dollars in the dark. Is that.
[00:06:17] Speaker B: Exactly. And the platform doesn't perform as efficiently.
[00:06:23] Speaker A: Okay.
[00:06:23] Speaker B: As it would if you. It's like, it all works on a feedback loop. Right. You tell Google Ads what is working and not working, and it optimizes towards that.
[00:06:34] Speaker A: So it's Google's world, and we're. We're all living in it. If you don't play by their rules, life becomes a little less efficient, a little less valuable, or maybe a lot less valuable if you're trying to really understand your marketing spin. Okay.
[00:06:45] Speaker B: Understand a couple questions.
[00:06:47] Speaker A: All right, so this gets us to Fresh Paint. You guys solve this problem. How do you solve it? Other than, I'm assuming, you know, magic elves somewhere in the process?
[00:06:58] Speaker B: Yeah. So as we talked about, you know, this, like, this concept of tracking on your own entity is what puts you at risk. Right.
[00:07:05] Speaker A: Okay.
[00:07:06] Speaker B: So what freshpink does is we come in and we say, okay, you no longer have to use a Google tag manager, which puts you out of compliance.
We have. We have a tag manager. Freshbain has a tag manager. And the reason why Fresh Paint can do it and Google cannot is because Fresh Paint will sign the baa.
[00:07:26] Speaker A: Okay. So you essentially set between the practice and Google. You take the BAA responsibility, and then.
Okay, but you still got to talk back to Google. Google hasn't signed a baa. So how do you guys.
[00:07:38] Speaker B: Yeah, so from there, you. So let's consider a Google Tag manager or events. Right? These events occur on your website, and within those events, there are certain properties that exist. And so a lot of these kind of tag manager solutions or cdp, you will then can transform the data. Think of it as like a little workshop. You add stuff, you take stuff away and then you can send the data back to the ad platform or a destination. It could be Google Analytics, it could be Google Ads. But with Fresh Paint, we basically say we allow you to decide which data will get sent back. So by default we send nothing back.
And you as the user have to say like, I want to send back these various pieces of data to the platform. So you have these events that occur, there's the properties attached to the events and you basically say, I want to feed these things back. So I can either increase visibility through like a reporting tool or I can say, hey, this is a conversion event from an ad. So Google knows like, hey, this thing worked and didn't work. And so you can benefit from the optimization engine.
[00:08:52] Speaker A: So as a person who's proudly not in the weeds on either HIPAA or digital marketing tracking, if I were to try to translate that, you guys are something of a black box that can sit between my marketing campaigns and Google and give me more control as I decide how far up the benefit curve I want to be to be able to track my stuff and where do I want to be from a compliance standpoint. So at the end of the day, if I'm running Google Ads again, let's stay with our dermatology example. We're promoting skin cancer awareness. We want to know how many new patients we got from that. With the solution, I can get that information, stay in compliance and continue to take advantage of the beast and all the intelligence that is Google. Is that a fair summary?
[00:09:39] Speaker B: Yeah. And I think not only puts you in compliance, but allows you to take some of these digital marketing strategies that people outside of healthcare are doing, like multi channel. All right, Audience builder.
[00:09:52] Speaker A: Okay.
[00:09:53] Speaker B: Because Fresh Paint has that BAA and we give you the dials to be compliant.
[00:09:58] Speaker A: All right.
[00:09:59] Speaker B: It's like how do I get beyond just being compliant? How do I become a high performing marketing organization?
[00:10:05] Speaker A: So essentially the practice says now through the BAA that liability for compliance belongs to Fresh Paint. Right. We all understand what it means to be the associate, right? I've got, I've got a, got a solution that keeps me compliant through my relationship with somebody setting between me and Google.
[00:10:22] Speaker B: I mean the, without getting into the weeds of like who owns the compliance. I mean it's ultimately up to the business, correct to decide what their where they are structure is. But Fresh Paint enables. It's like a legally blessed. We work with your legal teams or whomever to continue to keep the lights on.
[00:10:45] Speaker A: All right, let me ask, let me ask maybe a final question as we start to end. Hipaa was conceptualized 100 years ago, right. Originally the worry was don't let paper records walk out. We digitized the emr. So we all think about HIPAA now related to, you know, protecting that sort of thing. There hasn't been a lot of changes in hipaa. One of the challenges, but surely there have been some level of update right around this world because there was no real understanding of social media, social media marketing when HIPAA was conceptualized. What has changed in the regulation over the last several years, either for good or for bad? On this issue of practices being able to market in a compliant way, I
[00:11:27] Speaker B: think probably what's like top of mind for folks is state regulation is actually coming up more.
[00:11:35] Speaker A: Okay.
[00:11:36] Speaker B: And that comes through way of, you know, wiretapping legislation by consent management.
And so where HIPAA is maybe not changing as often, given changes in administration, the states are actually now stepping up and saying, okay, we're gonna, we're gonna put our finger on, on the scale here and say, like, you, you cannot do behavioral based advertising. Which means, like, you can't infer someone's health information based on. Target them based on that. Which goes back to that. Like, I looked up shoes and now I keep getting shoe advertising.
[00:12:12] Speaker A: So say like if I was, for example, checking on skin cancer, looking at skin cancer providers, they can't then, oh, he's got skin cancer.
Is that the concept on some of these state wrecks?
[00:12:25] Speaker B: Okay, right. You couldn't then go make a, it's called an audience.
[00:12:29] Speaker A: Okay.
[00:12:30] Speaker B: On Google and say skin cancer.
Yeah, you know, people. And then go and start sending them skin cancer treatment.
[00:12:38] Speaker A: Got it.
[00:12:39] Speaker B: Plans.
[00:12:39] Speaker A: All right. And so for. As physician practices continue to consolidate, many of them are now operating in multiple states. So this just becomes even more complex. I think if I'm sitting in a practice executive's chair, I, I don't know if I feel better or worse. It feels like, oh my gosh, Mara, you've given me a can of worms to worry about. I didn't know I was supposed to worry about. I am trying to grow my practice. I do want to use digital marketing. What would be the one final takeaway? You would say, if you're leading a practice or leading a practice's marketing efforts and trying to educate your leadership on why this is important. What would be the 32nd elevator story that you would give.
[00:13:17] Speaker B: I would say that this actually doesn't have to be a massive blow to your marketing strategy. It can be thought of as a benefit. Right. Where you don't have to necessarily manage tag managers and events across all these ad platforms. You can do it in one place because of that constraint. Right?
[00:13:39] Speaker A: Okay.
[00:13:39] Speaker B: And so think of your constraint of legislation as an opportunity to do better performance marketing and do best by your patients and continue to grow the business. It doesn't need to be daunting.
[00:13:50] Speaker A: Awesome, Mara, thanks. We really appreciate you joining us today to help us better understand something double in the weeds. HIPAA weeds, digital marketing weeds. Probably not a place a lot of people live. So we really appreciate the tutorial today. Thanks a bunch and thanks for being on vital conversations.
[00:14:08] Speaker B: Yeah, thanks, Tim. Have a good one.
[00:14:10] Speaker A: Awesome.
For more conversations like this, subscribe wherever you listen to your podcast. We'll be back soon with another discussion focused on what really works in healthcare.
