Healthcare organizations can now prevent protected health information collected by their marketing channels from reaching destinations where organizations do not have a business associate agreement, according to WebMD Ignite and Freshpaint.

WHY IT MATTERS

For healthcare organizations, the use of cookies, tracking technologies, digital advertising and analytics tools that other industries use to drive growth presents serious privacy risks and technical challenges. 

To better navigate the regulatory guidance governing tracking technologies and ensure the PHI of patients and prospective patients stays safe, WebMD Ignite said Tuesday that it can help healthcare organizations ensure they're not sharing protected data with tools that aren’t HIPAA-compliant. 

The collaboration with the Freshpaint privacy platform aims to balance healthcare outreach efforts with consumer privacy requirements, according to Ann Bilyew, senior vice president and health and group general manager for WebMD's growth partner for healthcare professionals, providers, payers and other healthcare organizations.

"Getting the right information to the right people is critical in a healthcare setting," she said. 

"That takes understanding a consumer’s unique circumstances and needs. At the same time, protecting privacy and security are also paramount. In the face of constantly evolving regulations, doing both can be exceedingly difficult."

Partnering with a healthcare privacy platform, WebMD Ignite said it can:

• Remove noncompliant tracking technologies.
• De-identify and mask individual visitors.
• Control data flow across the entire marketing tech stack.

After a number of acquisitions, including Krames, Mercury Healthcare and the Wellness Network, WebMD Ignite launched in April. The company said that its platforms and services for marketing, clinical efficiency, analytics, identity management and content can inform and personalize patient journeys.

THE LARGER TREND

In December, after a number of class action lawsuits alleging healthcare organizations shared patient data with Meta, Google and others, the U.S. Health and Human Services Office for Civil Rights issued a bulletin clarifying that a notice of pixel use does not permit PHI disclosure and articulated a number of measures for HIPAA-covered entities to adhere to.

In July, OCR and the Federal Trade Commission sent a letter to 130 healthcare organizations warning them about the consumer privacy and security risks related to the use of online tracking technologies that might be present on their websites and mobile applications and "impermissibly disclosing consumers’ sensitive personal health information to third parties."

"When consumers visit a hospital’s website or seek telehealth services, they should not have to worry that their most private and sensitive health information may be disclosed to advertisers and other unnamed, hidden third parties," said Samuel Levine, director of the FTC’s Bureau of Consumer Protection, in a statement about the agency's communication. 

However, the American Hospital Association, in a September 28 letter response to a request for insights on potential changes that could be needed for HIPAA by the Senate Committee on Health, Education, Labor and Pensions, said OCR's new online tracking rules are at odds with existing HIPAA rules, and could thwart interoperability. 

AHA noted that HCOs can no longer rely on third-party technologies like Google Analytics, YouTube and other video applications and that could result in meaningful harm to patients and public health.

For example, without analytics, organizations cannot judge which areas of a website patients are having trouble navigating or community concerns. They can't use location services to help patients get to appointments, AHA said.

"Hospitals and health systems cannot risk the serious consequences that flow from OCR’s unlawful rule, including HIPAA enforcement actions, class action lawsuits or the loss of significant investments in existing websites," AHA said in its request to have OCR's online tracking tool rules thrown out.

ON THE RECORD

"The partnership will give healthcare organizations of all sizes a privacy-first approach to using the tools and services they need to do high-performance marketing, while helping to maintain HIPAA compliance," said Steven Fitzsimmons, cofounder of Freshpaint, in a statement. "Freshpaint offers the right healthcare privacy platform to integrate into our product ecosystem, as well as offering it to healthcare organizations who want to layer on their own product stack," Bilyew added.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.