Pop quiz: Should patients take aspirin to prevent a first heart attack or stroke? Is it a good idea to get a screening for carotid artery stenosis? What age should most people start getting colorectal cancer screenings?

The answers, according to the U.S. Preventive Services Task Force (USPSTF) as of October 2023: It depends, no, and 45 years old.

Did you get all those questions right? If so, congratulations! If not, you could hardly be blamed. The USPSTF updated all those guidelines within the last three years—when health systems were focusing on the COVID-19 pandemic. Many people likely still have in mind the preventive care advice they got in the previous decade.

The good news: As a healthcare marketer, you still have plenty of opportunities to get the word out about the changes. By updating your website content, publishing a blog post, or reaching out on social media, you’ll not only reinforce your authority as a trustworthy partner in your audiences’ health. You’ll also encourage visits to your health system.

Let’s review those previously mentioned recommendations in detail and explore a few other changes that might need more attention.

Some Preventive Care Guidelines That Have Changed Since 2020

If your organization’s website includes information about the following topics, take a moment to make sure the content is up to date—if you haven’t already.

Starting Aspirin Use to Prevent a First Heart Attack or Stroke

In April 2022, the USPSTF published a final recommendation on aspirin use [PDF] to prevent heart disease and stroke, also known as cardiovascular disease (CVD). People ages 40 to 59 who are at higher risk for CVD and don’t have a history of CVD should decide with their healthcare professional whether to start taking aspirin to prevent a first heart attack or stroke. People aged 60 or older shouldn’t start taking aspirin to prevent a first heart attack or stroke.

Colorectal Cancer Screening Starting Age

In May 2021, the USPSTF published a final recommendation on screening for colorectal cancer [PDF]. The Task Force now recommends that screenings start at age 45. (See how one health system found a funny, effective way to get the word out about this age change.) The Task Force continues to strongly recommend screening people who are 50 to 75 years old. For adults 76 to 85, the Task Force continues to recommend that the decision to screen be made on an individual basis.

These final recommendations all apply to adults who don’t have:

•  Symptoms of colorectal cancer
•  Personal history of colorectal polyps
• Personal or family health history of genetic disorders that increase the risk of colorectal cancer

Lung Cancer Screening

People ages 50 to 80 should get a yearly screening using a low-dose computed tomography (CT) scan if they’re at high risk for lung cancer due to their smoking history.

In this final recommendation issued March 2021 [PDF], the Task Force made two changes that nearly doubled the number of people eligible for lung cancer screening:

1. The Task Force now recommends that people start screening at age 50, rather than 55.
2. This recommendation reduces the pack-years of smoking history that make someone eligible for screening from 30 pack years to 20. (Twenty pack years could mean one pack of cigarettes per day for 20 years or two packs per day for 10 years.)

Carotid Artery Stenosis Screening

Screening for carotid artery stenosis isn’t recommended in people without signs of a blocked artery in the neck, the USPSTF said in February 2021.

This final recommendation [PDF] applies to adults without a history of stroke, a transient ischemic attack, or other stroke symptoms. The screenings don’t prevent strokes for these adults, but healthy lifestyle choices do. So, advise your audiences to:

• Control high blood pressure and cholesterol
• Maintain a healthy weight
•  Stay physically active
• Eat a healthy diet
• Avoid smoking

Cervical Cancer Screening

In July 2020, the American Cancer Society made two major changes to its cervical cancer screening guidelines for people at average risk of the disease. One is to start screening at a slightly older age, and the other is to preferentially recommend a type of screening called an HPV test. The society now says:

• Cervical cancer testing (screening) should begin at age 25.
• Those aged 25 to 65 should have a primary HPV test every five years. If primary HPV testing is not available, screening may be done with either a co-test that combines an HPV test with a Pap test every five years or a Pap test alone every three years.

(The USPSTF is in in the process of updating its cervical cancer screening recommendations.)

Hepatitis C Screening

In March 2020, the USPSTF announced it recommends screening all adults ages 18 to 79 for hepatitis C [PDF]. Hepatitis C is a viral infection of the liver and is associated with more deaths than the top 60 other reportable infectious diseases combined. Yet many people who have hepatitis C don’t know they have it. Screening is key to finding this infection early when it’s easier to treat and cure.

Advise patients to ask their doctors about this simple blood test at their next checkup.

Want Help Raising Awareness?

Geonetric’s content marketing specialists and SEO experts can help you plan, create, and optimize content to keep your audiences informed. Connect with our team to get started today.

The healthcare sector is a competitive landscape where providers vie for patients’ attention and loyalty. It’s important to take a multifaceted approach to patient acquisition that will direct potential clients to your services in an ethical, long-lasting way. 

This means, you’re not just looking for new patients, you’re looking to build new relationships based on mutual trust. But how can a patient recruitment strategy help? Let’s find out. 

Why is a Patient Recruitment Strategy Crucial?

Having a robust patient recruitment strategy is not just an added bonus; it’s a necessity. The longevity and success of healthcare organizations heavily depend on a steady inflow of new patients, as well as the retention of existing ones. Given the countless options available to consumers for healthcare services, standing out in a crowded marketplace has never been more challenging.

Patient recruitment is more than just filling immediate vacancies in appointment slots; it’s about building a sustainable, long-term business model. A well-thought-out recruitment strategy can help healthcare organizations to:

✓ Identify Target Audiences: Understand who needs your services and how best to reach them.

✓ Allocate Resources Efficiently: Direct your marketing and operational efforts where they will have the most impact.

✓ Build Brand Awareness: Increase the visibility of your organization within both local and broader communities.

✓ Measure Success: A strategy provides a framework for setting measurable goals and KPIs, helping organizations to continually refine their efforts.

Relationship-Building is Key

Remember, in healthcare, it’s not just about providing a service; it’s about building a connection. Patients are on the lookout for more than just medical expertise— they want to feel understood, valued, and cared for. So when we talk about crafting an effective patient recruitment strategy, it’s essential to center it around these relational touchpoints. 

When patients feel like they’re more than just a name on a chart, they’re not only more likely to stick with you, but they’re also more inclined to sing your praises to friends and family. Word-of-mouth and positive reviews are gold in any business, healthcare included.

Here are a few more reasons why relationship-building should take precedence in your patient recruitment strategy:

✓ Patient Retention: It’s generally more cost-effective to retain an existing patient than to acquire a new one. Long-term relationships lead to repeat visits and sustained revenue.

✓ Word-of-Mouth Referrals: Satisfied patients who have built a strong relationship with a healthcare provider are more likely to recommend the service to friends and family.

✓ Improved Patient Experience: When healthcare organizations focus on relationships, they are more attuned to patients’ needs, leading to better services and improved patient experiences.

✓ Trust and Credibility: Building a relationship fosters trust. In healthcare, trust is crucial—not just for patient satisfaction but also for effective diagnosis and treatment.

✓ Ethical Considerations: Healthcare is an ethically-driven field. Focusing on long-term patient well-being aligns with the ethical responsibility of healthcare providers to do no harm and provide the best possible care.

✓ Community Engagement: A relationship-centric approach often involves engaging with the broader community, which not only brings in new patients but also establishes the healthcare organization as a pillar in the community.

Therefore, while immediate revenue generation is important for survival, the aim should be to cultivate relationships that yield long-term dividends, both for the organization and its patients. Investing in a robust patient recruitment strategy and focusing on relationship-building can offer healthcare organizations a competitive advantage that pays off far into the future.

15 Best Practices to Attract New Patients

Whether you are a solo practitioner, a specialized medical clinic, or a part of a broader healthcare system, these strategies can be tailored to fit your needs.

1. Build a Robust Content Library: Develop a rich variety of healthcare-related content that informs, educates, and engages potential patients. Whether it’s blog posts, eBooks, or webinars, quality content can help establish your organization as a thought leader in the healthcare sector.
2. Community Partnerships and Sponsorships: Collaborate with local organizations or events to sponsor activities, such as health fairs, charity runs, or blood drives. This increases your visibility in the community and can lead to organic patient referrals.
3. Create Educational Videos: Implement a video marketing strategy to offer educational content. Options include patient testimonials, introductory videos featuring staff, or videos that help people understand common health conditions.
4. Deploy Targeted Social Media Campaigns: Harness the power of social media platforms to reach potential patients. Create posts that are a mix of promotional and educational, emphasizing your expertise in the field.
5. Design Engaging Display Ads: Invest in display ads that appear as banners or sidebars on relevant websites. These ads can be tailored to target specific demographics or behaviors, ensuring they reach the right audience.
6. Enable Streamlined Online Appointment Scheduling: Incorporate easy-to-use forms for self-scheduling appointments, and make sure your contact information is clearly visible.
7. Enhance In-Clinic Experience: An exceptional in-clinic experience can make a significant impact. Satisfied patients are more likely to refer friends and family, serving as an offline lead generation tool.
8. Host Community Health Forums: Organize health forums or informational sessions in your local community. These sessions provide an opportunity for community members to meet healthcare providers and receive valuable information, while you get to showcase your services.
9. Implement a Chatbot for 24/7 Customer Support: Incorporate a chatbot on your website to provide real-time support. This can answer common questions, guide visitors, and simplify the appointment scheduling process.
10. Leverage Paid Search Campaigns: Paid search puts your name at the top of search engine result pages, helping you bypass the organic search competition. This can be an effective way to capture potential patient attention.
11. Opt for Guaranteed Patient Leads: Consider buying pre-qualified patient leads from reliable providers. This strategy allows you to allocate your internal resources to other activities, such as patient retention.
12. Optimize for Local SEO: Make sure your practice shows up in local search results by optimizing for local SEO. This ensures that when people search for healthcare services near them, your practice is one of the first they see.
13. Regularly Update Online Reviews: Encourage satisfied patients to leave positive online reviews. This enhances your digital reputation, as a majority of patients check online reviews before choosing a healthcare provider.
14. Traditional Media Outreach: Don’t neglect traditional offline marketing channels like TV, radio, and print ads. These methods are still effective for certain target demographics.
15. Utilize Email Marketing: An effective email marketing strategy can help you stay on top of mind with potential and existing patients. Send out newsletters, updates, and special offers to engage with your audience.

Lastly, healthcare decisions often involve significant emotional and physical stakes; hence, the trust built through a strong relationship is crucial for both patient satisfaction and effective treatment.

Choose Partners Carefully 

Even with an in-house marketing team, achieving your patient acquisition targets can be an uphill battle. In such cases, external expertise can be invaluable. Specialized service providers in healthcare marketing bring with them a wealth of industry-specific knowledge and tools that can give your strategies the edge they need.

For example, advanced analytics can offer insights into patient demographics and behavior, data-driven targeting can optimize your ad spend, and specialized healthcare CRM systems can improve patient engagement. Specialized providers can serve as an extension of your own team, bringing in complementary skills that boost the effectiveness of your patient acquisition efforts.

As the digital engine behind 500+ healthcare websites and intranets, Geonetric understands the importance of building relationships with patients and communities. We’re here to help you build the most effective patient recruitment strategy for your organization’s needs. 

Telemedicine has simply exploded in the last few years, no doubt due in large part to the COVID-19 pandemic and the resulting boom in home-based commerce. No matter if your organization is opting for telemedicine out of necessity or as a matter of convenience— or even if your team depends on specialists via telemedicine equipment to deliver specific healthcare services—the way you market this service line directly influences its value to your patients.

So, what’s the best approach for your organization to harness telemedicine marketing to improve your patient’s experience? Before we get into the particulars, let’s go over the basics first. 

What is Telemedicine?

Telemedicine is more than a technological tool; it’s a bridge connecting patients to accessible, cost-effective, and engaging healthcare. Since it first emerged on the scene in the 1950s, telemedicine has continually grown and evolved, opening the doors to virtual visits for people almost everywhere.

To simplify things, essentially, there are three main kinds of telemedicine:

• Interactive Medicine: Sometimes known as “live telemedicine,” this is when you chat with your healthcare provider in real-time, much like a virtual house call.
• Remote Patient Monitoring: This form of telemedicine empowers healthcare providers to keep tabs on your health remotely. By using handy medical devices, you can gather essential data like blood pressure and blood sugar levels and share it with your provider.
• Store and Forward: This type involves inputting your health information, which is then shared with a provider and reviewed at their convenience, not necessarily in real-time.

With telemedicine, healthcare providers and patients share information in real-time through video chats that take place on the screens of internet-enabled devices. This setup lets healthcare professionals collect readings from medical devices, even if they’re not in the same location. This data can then be used to diagnose and treat patients, no matter where they happen to be. It’s healthcare that goes where you go.

How Does Telemedicine Work?

Telemedicine lets patients converse in real-time with a healthcare provider about their symptoms, health concerns, and more. Be it through video calls, online portals, or emails, patients can receive diagnoses and discuss their treatment options. And when it comes to prescriptions, they’re just a click away with electronic delivery. Moreover, if needed, providers can remotely monitor data from medical devices, ensuring a steady hand on the pulse of a patient’s health.

Telemedicine isn’t some futuristic concept; its origins can be traced back to the humble landline telephone. As technology has raced forward, telemedicine has kept pace, blossoming into a myriad of services delivered in diverse ways. Today, this includes online portals, video software for remote check-ups, and handy apps offered by telemedicine service providers like PlushCare, MDLive, and Teledoc. 

What’s the Difference Between Telemedicine and Telehealth?

While the terms “telemedicine” and “telehealth” may seem identical at first glance, they carry unique meanings in the context of healthcare delivery.

Telemedicine leverages technology to forge a virtual bridge between healthcare providers and individuals seeking medical services. It provides the flexibility for patients to receive care without the need for an in-person visit to a medical facility.

In contrast, telehealth is more of a supportive instrument, rather than a standalone service. It’s an approach designed to enhance patient care and physician education. Telehealth’s reach extends beyond the realm of telemedicine to encompass nonclinical aspects of care. This broader spectrum includes scheduling appointments, ongoing medical education, and the training of physicians. Telehealth, therefore, offers a comprehensive solution, connecting various dots in the healthcare landscape.

Now that we’ve covered the basics, let’s discuss the benefits of telemedicine and how to market your services effectively?

The Top 10 Benefits of Telemedicine for Healthcare

Telemedicine is emerging as a key player in the modern healthcare scene, knitting together the best of technology with medical care. It’s transforming the way healthcare providers and organizations operate, forging a new path that’s more patient-centric and efficient. 

Here are 10 compelling benefits that telemedicine brings to healthcare providers and organizations:

1. Reaching Beyond Borders: No longer restricted by geography, healthcare providers can now reach patients in remote locations. Whether in rural communities or busy urban centers, telemedicine makes healthcare accessible and timely, even for specialized services.
2. Building Patient Relationships: Simplifying the appointment process, telemedicine encourages patients to engage more with their healthcare. This ease of access strengthens patient-provider relationships and ensures a more committed adherence to treatment plans.
3. Economical Approach: Telemedicine helps in cutting down on unnecessary expenses like travel costs for regular check-ups or non-urgent ER visits. For healthcare providers, it translates to reduced overhead and better management of resources.
4. Work-Life Harmony: Healthcare providers can now find a balance between professional commitments and personal life, thanks to telemedicine. The flexibility to consult from anywhere enables a more relaxed approach to daily schedules.
5. Revenue Growth: Fewer missed appointments and the ability to reach more patients amplify revenue opportunities for healthcare organizations. It also helps in attracting a broader patient base, drawn to the convenience of virtual consultations.
6. Uninterrupted Care: The continuity of care is vital, and telemedicine ensures that patients can have regular follow-ups without any hindrance. This is particularly crucial for ongoing treatments like chronic disease management.
7. Enhanced Patient Health: The ease of regular virtual check-ins means that health issues can be detected and managed promptly. This proactive approach leads to healthier patients and more satisfactory outcomes.
8. Streamlined Data Management: Telemedicine easily meshes with existing healthcare data systems, allowing for more intelligent and effective use of patient information. This integration aids decision-making and enhances the overall treatment process.
9. Satisfied Patients: Telemedicine’s ability to provide care at a patient’s convenience can significantly boost satisfaction levels. It offers the luxury of quality healthcare without the need to travel or adjust daily routines.
10. Public Health Insights: Beyond individual care, telemedicine provides valuable insights into broader health trends. It’s like a pulse-check on the community’s health, offering real-time data that can guide public health policies and interventions.

Ultimately, patients looking for services in the post-pandemic healthcare landscape have already become accustomed to in-home consultations and appointments. This is why meeting that increasing demand is absolutely critical for many healthcare organizations. After all, if your organization fails to meet consumer demand, a competitor likely will. 

That said, in order to ethically and effectively market telemedicine services to your patients, transparency is key. 

10 Potential Challenges for Marketing Telemedicine

No matter how ethical, secure, or innovative telemedicine can be, every organization has its own specific needs and concerns. What works for one healthcare entity might not work for another, and so on.

Here are 10 hurdles that healthcare organizations might encounter:

1. Mastering the Technology: The first step to telemedicine is often the biggest hurdle. Learning to use the technology can be daunting for both providers and patients. It’s crucial to ensure user-friendly platforms and provide adequate training.
2. Building Online Trust: Healthcare is a matter of trust. Shifting from in-person to virtual consultations might cause apprehension among patients. Emphasizing the privacy and security measures is key to building trust in this new medium.
3. Navigating Legal Landscape: Telemedicine is subject to local and national regulations, such as HIPAA, which can be complex and variable. Adhering to these rules while marketing and providing services requires an in-depth understanding of the legal landscape.
4. Dealing with Insurance Coverage: It’s not always black and white whether telemedicine services are covered by insurance providers. Clear communication about insurance coverage is necessary to prevent confusion and frustration among patients.
5. Standing Out in the Crowd: As more healthcare organizations offer telemedicine services, differentiating your services becomes a challenge. Crafting a unique selling proposition and conveying it effectively is vital to attracting patients.
6. Marketing Quality Care: There might be a perception that virtual consultations compromise care quality. Healthcare organizations need to highlight their commitment to delivering high-quality care, irrespective of the medium.
7. Setting the Boundaries: While telemedicine is a great advancement, it isn’t a cure-all solution. Organizations need to set clear expectations about when telemedicine is appropriate to prevent its misuse or overuse.
8. Identifying the Target Audience: Not every patient demographic may benefit from or adapt to telemedicine. Recognizing and reaching out to the population segments that will most benefit from telemedicine is a considerable challenge.
9. Overcoming Connectivity Barriers: Reliable internet is the lifeline of telemedicine. In regions with poor connectivity, especially rural or underserved areas, the effectiveness of telemedicine can be severely hampered, despite these regions being the ones who need it the most.
10. Maintaining a Personal Touch: In the shift to virtual care, maintaining a personal connection with patients can be a tough task. Healthcare organizations must demonstrate that empathy and personal care are integral to their telemedicine services.

Implementing and marketing telemedicine is a demanding task, but it’s a journey worth undertaking. It’s essential to use this information to hone in on your company’s priorities to promote the best possible telemed platform for your organization.  

10 Steps for Successful Telemedicine Marketing

Breaking into the world of telemedicine is a lot like venturing into uncharted territory, full of opportunities and challenges. It calls for a well-thought-out strategy and meticulous implementation. 

To that end, here is a 10-step blueprint to steer your healthcare organization towards the successful marketing of your telemedicine services:

1. Identify Your Target Audience: Understand who would benefit most from your telemedicine services. It could be patients from rural areas, the elderly, working professionals, or others. Tailor your marketing strategies to resonate with your audience’s unique needs and preferences.
2. Craft a Value Proposition: Clearly articulate what sets your telemedicine services apart from others. Focus on the unique benefits your services provide, such as special features, outstanding provider expertise, or exceptional patient experience.
3. Build a Robust Online Presence: Invest in a user-friendly website and engage actively on social media platforms. Regularly share informative content about telemedicine and its benefits to educate and attract potential users.
4. Leverage SEO and PPC: Use search engine optimization (SEO) and pay-per-click (PPC) advertising to boost your visibility on search engines. Optimize your content with relevant keywords to reach people looking for telemedicine services.
5. Use Email Marketing: Send regular newsletters and updates about your telemedicine services to your existing patient base. Highlight patient testimonials and positive experiences to build trust and encourage adoption.
6. Partner with Influencers: Collaborate with healthcare influencers who can endorse your telemedicine services. Their audience trusts their opinions, making it an effective way to gain visibility and credibility.
7. Hold Webinars and Virtual Events: Organize online events to inform patients and other stakeholders about your telemedicine services. Use these platforms to address concerns, answer questions, and showcase how your services work.
8. Offer Video Tutorials: A video tour of your telemedicine services can take the mystery out of what to expect, making patients more comfortable with the idea of remote healthcare, and familiarizing them with the technology, products, and services you provide without asking them to commit all at once. This is an effective way to show patients that they can get care at their convenience, with the same level of care and service they’ve come to expect from your organization.
9. Track and Analyze Performance: Monitor your marketing efforts regularly using analytics tools. This can help you understand what’s working, what’s not, and how you can improve your strategies for better results.
10. Iterate and Improve: The world of telemedicine is dynamic and fast-paced. Continuously update your marketing strategies based on changes in technology, patient behavior, regulations, and competitive landscape to stay ahead of the curve.

Remember, the key to a successful telemedicine marketing strategy lies in understanding your audience, communicating your value effectively, and continuously optimizing your strategies based on insights and industry trends.

Need Help With Your Organization’s Marketing Plan?

Ready to embark on your telemedicine journey but not sure where to start? Look no further than Geonetric! Connect with our team of expert digital marketers, content professionals, designers, and more to kickstart the creation of your exceptional telemedicine experience.

Adopting Telemedicine & Telehealth

Telemedicine uses advanced, secure technology (telehealth) to give patients virtual access to health care services, including diagnosis and treatment, regardless of where they’re located. The benefits are clear: it’s convenient for patients and providers, it expands and improves access to health care (especially for people who live in rural areas or have other barriers to getting timely attention), and it has the potential to save U.S. patients and health systems billions of dollars annually.

Why Content is Critical

Promoting your telemedicine services should take a well-rounded approach, and part of that is optimizing your website copy. Comprehensive content helps your users understand the benefits of using telemedicine services and underscores your organization’s commitment to providing high-quality care to all patients where and when they need it.

Develop content about telemedicine services that guides and educates your users. That means if you offer e-visits, explain how and when to use the service, or if your providers can remotely access specialists for their guidance, explain what that looks like in terms of what the patient will experience. When patients know what to expect, it increases:

• Adoption/use of the services
• Comfort level with their experience
• Overall satisfaction and engagement with their care
• Trust of and loyalty to your brand and providers

What to Include

Increase user understanding (and boost SEO with keyword-rich copy) by listing:

• Benefits of telemedicine
  • Increased patient convenience and comfort
  • Cost savings of no travel time
  • Access to experts
  • Secure technology that supports patient privacy
• Most common conditions and symptoms you treat through telemedicine
• Services you’re able to offer through a telemedicine visit
  • Diagnosing a health concern
  • Prescription filling and refilling
  • Providing answers to a medical question
  • Follow-up visits
  • Monitoring and management of chronic conditions
  • Referrals to or guidance from a specialist or other health care providers

Answer common questions you receive from patients about your telemedicine services, such as “is my personal health information kept safe?,” “how do I schedule an appointment?”, and “what does it cost?”

Writing About E-Visits

If your organization provides urgent care e-visit services, patients want to know:

• Availability and scheduling of the e-visit service (evenings/after hours, weekends, holidays, etc.)
• Technology needed to access the service, including internet connection
• Who is able to access e-visits (current/existing patients, or if the service is available to anyone)
• How to register or sign in, and what patient information is needed
• Cost and insurance information
• Terms and conditions, including privacy and security information

When to Choose an E-Visit

Make sure your content helps your target audience understand when a telemedicine appointment is the right choice to meet their health care needs, saving them time and money. Ensure your content describes the proper use of those services versus when in-person visits for urgent or emergency care are the better choice. Your telemedicine content can cross-link to these services on your website if your organization offers them.

Get Help from Healthcare Writers

Turn to Geonetric’s team of content strategists and writers for assistance to write SEO-friendly content about your telemedicine services, weaving your competitive differentiators and brand messaging into your copy.

Patients as Customers? Hear Us Out

The thought of viewing patients as customers might give you pause. After all, healthcare is a life-changing service, not a product. However, it’s worth noting that today’s patients are expecting a convenience factor similar to what they find in other industries. Adopting a customer-centric mindset doesn’t compromise our mission of specialized, compassionate care; it actually underscores it.

Let’s Get Mapping: A Practical Guide

To create more meaningful interactions, take a good look at your operational and marketing landscape. The goal is to make the patient experience as streamlined, human, and tailored as possible.

To get started:

1. Choose a particular service you offer.
2. Lay out the patient journey, from the moment they realize they need care to the time they leave a review after their appointment.
3. Pinpoint the rough patches and think about smoothing them over with improved services.

Case in Point: Navigating Urgent Care

Imagine Peter, who wakes up feeling sick and knows it’s time to consult a healthcare professional. How does he go from identifying symptoms to finally receiving treatment?

In essence, his urgent care journey might look like:

• He Googles “urgent care for sore throat” and clicks on your website
• He reviews the conditions you treat
• Notices you have a location nearby that’s open now and allows online booking
• Checks that his insurance is compatible
• Consults your website for pre-visit guidelines and then heads to your clinic
• Checks in with ease and has his insurance details sorted
• Receives a diagnosis and gets a prescription
• Picks up his medication from your on-site pharmacy
• Leaves the facility with a clear understanding of his aftercare

Questions to Guide Your Mapping

When you sketch out this journey, ask yourself:

• Are there moments where patients might feel confused or stuck?
• How can you highlight what sets you apart from others?

Things to Mull Over

Once your journey map is in place, ponder on:

• Is there a way to minimize repetitive interactions a patient has during their journey?
• What support is readily available if a patient hits a snag?
• How can you use targeted content to stay top-of-mind for patients seeking healthcare?

Don’t Forget Empathy

Keep in mind that the average patient is not a healthcare expert. Our role is to guide them as clearly and compassionately as possible. So, identify those stages where they might struggle and work on delivering better online solutions.

Ready to Take the Next Step?

If you’re eager to refine your patient experience, consider reaching out to us at Geonetric. We specialize in healthcare marketing and are committed to helping you optimize the patient journey. 

Artificial intelligence (AI) is everywhere—it touches your everyday life in ways you don’t even think about. Public awareness and opinions are still forming on how to use it and how comfortable people feel with it.

One thing is certain: AI will continue to seep into your personal and professional life. There are many AI content-creation tools, such as ChatGPT, Google Bard, and Bing Chat, to name a few. We recommend you start planning if, when and how your healthcare organization will allow it to affect your website’s content. It’s tricky once you begin.

Use a Human Approach to Ensure Accuracy & Trust

When taking advantage of AI to help develop your healthcare website content, you must use a careful approach to steer clear of pitfalls and make sure your users get accurate, reliable information. You’ll still need to do discovery and background work to use AI-generated content because AI has limitations. Right now, AI doesn’t:

• Know your organization’s unique brand voice or competitive differentiators
• Know your specific website audiences
• Perceive human emotions and respond with empathetic, tailored content
• Possess human creativity (it generates content based on patterns and data)
• Understand and interpret complex medical topics as humans do

Successful web writers must foremost use their human characteristics and talent while considering the best way to benefit from AI strengths.

AI-Generated Content Dos & Don’ts

To use AI responsibly and guide your efforts, follow our dos and don’ts.

Do:

• Do use AI to enhance the user experience – Engage with users and enhance loyalty by allowing AI to help you identify and produce valuable content that answers your users’ healthcare questions. This topic could be its own blog. For example, AI tools can help you create more personalized, valuable content that aligns with your user’s interests and needs. It can help ensure your content is well-written and user-friendly. AI can suggest content formats based on your user’s content consumption patterns, and much more.
• Do confirm stakeholder buy-in – Get agreement from organizational, marketing or service-line leaders if you’re considering using AI-generated content as a starting point for your website.
• Do ensure content is helpful, reliable and focuses on people first – Evaluate your AI-generated content using Google Search’s helpful content success qualities: experience, expertise, authoritativeness, and trustworthiness (E-E-A-T)
• Do analyze and edit the language – Edit the voice, tone, style and structure of the AI-generated content to represent your organization’s brand. AI-generated content won’t sound like your organization unless you give very specific and detailed prompts.
• Do verify facts and information – Check the credibility of the AI source and look for gaps, errors or biases in the content. Ask your medical subject matter experts to review any AI-generated content to ensure accuracy.
• Do adhere to evidence-based medical practices and guidelines – Align AI-generated content with established clinical guidelines and avoid advancing unproven treatments or misleading claims.
• Do ensure strong content governance practices – Reduce the risks of using AI-generated content by creating policies that establish who’s responsible and accountable for AI output and which rules and regulations determine legal liability.

Don’t:

• Don’t offer medical diagnoses – Direct website users to seek medical care from healthcare professionals for their symptoms rather than publishing AI-generated content that attempts to diagnose a medical condition and recommend treatment.
• Don’t replace human experts – Complement your medical experts’ knowledge; don’t replace them with AI-generated content. Human experts are more credible than AI. Use their skills, experience and perspective to create unique content for your website.
• Don’t engage in discriminatory practices – Ensure that AI-generated content avoids bias based on gender, race, ethnicity, or other protected characteristics.
• Don’t ignore legal requirements – Comply with all applicable laws and regulations concerning healthcare, data privacy, and marketing to avoid legal liabilities and safeguard user data.
• Don’t promote unproven treatments – Confirm AI-generated content complies with your organization’s ethical guidelines and standards. Avoid sharing medical content that’s vague, unverified or potentially harmful.

Use AI as a Tool

AI is a tool, not a solution to create website content you don’t have time to write. It can be helpful to streamline your work by generating ideas to begin the creative process, creating outlines and providing insight into questions users ask.

AI-driven healthcare website content requires a balance between innovation and accuracy to provide users with trustworthy and valuable information. Don’t take your responsibilities lightly. There are many pitfalls to relying solely on AI for your content strategy. Creating high quality content remains crucial to use the power and reach of these generative platforms, whether you use AI for a first draft or it’s human-created from start to finish.

If you’re already suffering from AI fatigue, contact the content strategists with the form below to learn how we develop user-focused, optimized website content that’s engaging, easy to read and aligns with your organizational strategy.

User Experience (UX) refers to the overall experience a person has when interacting with a product, system, or service, particularly in terms of how easy or pleasing it is to use. This includes emotions, perceptions, responses, and behaviors before, during, and after their interaction. 

UX in healthcare is picking up steam, as organizations are starting to realize just how big of a difference it can make to patient outcomes. In healthcare, the goal of good UX design is about making tech easier and more intuitive to use. Patients able to easily access medical information on your site are more likely to seek timely care, and providers and administrators able to easily access information on your intranet are more efficient. 

By ramping up communication, making complex processes easier, and taking full advantage of cutting-edge tech like artificial intelligence (AI) and chatbots, healthcare organizations can deliver solutions that really hit the mark, leading to happier and more satisfied users.

How Does Healthcare UX Work?

UI/UX in a healthcare website focuses on creating an interface that is easy to navigate, intuitive, and user-friendly for various stakeholders, such as patients, healthcare providers, and administrators.

Think of the User Interface (UI) as the look and feel of a website. It’s all about the layout, colors, fonts, buttons, images – basically, anything you can see. A good UI design should be a feast for the eyes, with clear, easy-to-read info and a consistent style that just works.

User Experience (UX), on the other hand, is all about interaction. It’s how the information flows, how easy the website is to navigate, how simple tasks are (like making an appointment or looking at medical records), and whether users walk away feeling satisfied.

In healthcare, having a top-notch UI/UX is absolutely key. It allows patients to quickly find doctors or services, book appointments without a hitch, securely access their health records, and get answers fast. For healthcare providers and admins, it means streamlined patient management, hassle-free data entry, and reporting that’s a breeze.

How Does Good UX Benefit Healthcare?

As described above, good UX is about designing and putting into action digital systems and interfaces that make things easier to use, more efficient, and satisfying for users. On that note, when it comes to healthcare, users should feel comfortable, engaged, and guided when interacting with your site. 

After all, a healthcare website doesn’t have the same goal as a social media site— we’re not trying to endlessly engage users, we want to make it easy for them to get information, make decisions, and take action. Healthcare website users are largely patients and providers that need to interact with each other quickly, simply, and efficiently— while being mindful of the patient’s needs throughout. This is why prioritizing the user experience is absolutely essential for healthcare organizations. 

To illustrate this, here’s what a top-notch healthcare UX can do:

Elevate the Patient Experience

UX is a key player when it comes to how patients engage with healthcare systems online, whether it’s a hospital’s website, appointment scheduling platforms, electronic health records (EHRs), or telemedicine services. By making things easy to use and access, we can really boost patient satisfaction and engagement.

Ideally, patients should be able to:

• Find information about healthcare providers without a hitch
• Easily access their health records
• Book or change appointments with ease
• Have remote medical consultations
• Receive reminders for upcoming check-ups or medications

Simplify Tools for Healthcare Providers

When the system is easier to use, healthcare providers can focus more on taking care of patients and less on wrestling with clunky digital platforms. Good UX can streamline several processes for providers through their organization intranet, including:

• Telemedicine platforms
• Digital tools
• Administrative tasks
• Data analysis and visualization
• Patient management, and help reduce burnout

Optimize Tasks for Administrators

Administrators often juggle a ton of daily operations, which can get overwhelming. A healthcare intranet defined with good UX can help cut down on backlogs and keep things running smoothly.

For administrators, streamlined intranet UX can help:

• Manage scheduling, billing, and reporting more efficiently
• Cut down on data backlogs
• Save costs
• Boost operational efficiency

In a nutshell, UX in healthcare is all about making things simpler, boosting user satisfaction, and ramping up efficiency. All this leads to better health outcomes and improved patient care. The end goal? A smooth, positive interaction between users and the healthcare system for increased conversions. In this way, it’s the healthcare organization that ultimately benefits most. 

Potential Downsides of Healthcare UX

While there are many benefits to designing user-focused sites, creating a strategy that meets both user expectations as well as organizational goals and objectives isn’t an easy task. Every organization is unique. That’s why it’s imperative that you understand your needs and limitations as you build your UX strategy. 

Here are just a few items for you to consider:

• One-Size-Fits-All Approach: Each healthcare provider, patient, and administrator has unique needs and ways of interacting with digital systems. A UX that doesn’t adapt to these varied needs might not deliver the expected results.

  For example, elderly patients on your website might need larger fonts and simpler navigation, while younger users might prefer a more feature-rich interface. The key is to create a UX design that can adapt to serve diverse user groups.

• Overcomplication: In a bid to make a UX strategy all-encompassing, sometimes the design becomes overcomplicated, leading to confusion rather than simplification. Let’s take appointment booking, for instance. A system that requires users to navigate through multiple pages or fill out extensive forms to book an appointment might make your administrators happy, but might deter users from using the service. A good UX design should always aim to make tasks simpler and more intuitive.
• Neglecting User Feedback: Failing to incorporate user feedback into the design and implementation stages can be a significant pitfall. Users provide firsthand insights into usability, so neglecting their input can result in a UX that doesn’t truly serve their needs. Continuous user feedback should be an integral part of UX development, helping designers make necessary tweaks and improvements.
• Poor Integration: A website or intranet that does not integrate well with existing systems can create headaches for users. For example, if an EHR system doesn’t effectively integrate with a hospital’s existing billing system, it might result in inconsistent data or increased manual work. So, it’s vital to your UX strategy that you choose systems that seamlessly integrate with your current tech infrastructure.
• Failing to Update: With rapid tech advancements, a healthcare design that isn’t regularly updated can quickly become obsolete. Staying on top of the trends ensures your UX strategy stays on par with technological advancements and evolving user needs. For instance, a design that doesn’t adapt to integrate newer technologies like AI-driven chatbots might lose its effectiveness over time.

Keep in mind, your organization may have entirely different needs than another, or even entirely different goals from previous years! Either way, this information is intended to help you determine which solutions and strategies will work best for your organization. 

10 Ways to Elevate Your Healthcare UX Strategy

Now that we’ve gone over all the finer details you’ll need to consider, let’s discuss the next most important topic— how to get started. 

Implementing a good UX strategy in healthcare is like piecing together a puzzle; each piece must fit perfectly to create a seamless picture. Here are 10 ways a healthcare organization can craft and implement a user-centric approach:

1. Conduct User Research: Start by talking to the actual users – patients, medical staff, administrators. Hold interviews, surveys, or focus groups to understand their needs, preferences, and pain points. This information becomes the foundation of your strategy, ensuring that you build a design that resonates with the people who will use it.
2. Create User Personas: Based on your research, create detailed user personas representing different user types. Think of them as fictional characters that embody real-world users’ characteristics. They’ll guide design decisions by keeping you focused on the people behind the screens.
3. Map the User Journey: Sketch out the various paths that users might take through the system. It’s like mapping a hiking trail, showing the twists and turns that lead to the final destination. This visualization helps in designing intuitive and logical flows that guide users effortlessly.
4. Ensure HIPAA Compliance: In healthcare, protecting patient privacy is not just ethical; it’s the law. Ensuring that your UX design complies with the Health Insurance Portability and Accountability Act (HIPAA) means building robust security measures into the user experience. Think of it as constructing a fortress that guards precious treasures— in this case, the sensitive personal and medical information of patients. 

   Collaborate with legal and security experts to understand the specific regulations, and weave them into every layer of design, from data collection forms to information display. Regular audits and ongoing education for the team can further bolster compliance. It’s not just about avoiding legal hassles; it’s about building trust and confidence that the information shared within the system is treated with the utmost care and respect.

5. Ensure Accessibility and Inclusiveness: Design for everyone, including those with disabilities. Implement standards like high contrast text and easy-to-read fonts. Test with various assistive technologies. Think of it as building ramps along with stairs; it makes sure everyone can get where they need to go.
6. Incorporate Health Literacy Principles: Use language and visuals that are easy to understand, especially for those without medical backgrounds. Provide explanations for medical terms, use simple language, and break down complex ideas. It’s like translating a scientific paper into a magazine article – more accessible and engaging.
7. Test with Real Users: Invite users to test prototypes. Watch how they interact, ask for their feedback, and make necessary adjustments. Think of it as a dress rehearsal before the big show; it helps you iron out the wrinkles and put on a flawless performance.
8. Implement Iteratively Build and launch in stages, regularly revisiting and updating based on user feedback. This continuous improvement cycle ensures that the UX stays fresh and aligned with users’ evolving needs. It’s gardening rather than architecture; continual care and cultivation make things flourish.
9. Provide Omnichannel Support: Offer assistance through various channels like chatbots, email support, or phone lines. It ensures users have help when they need it, no matter their preferred method of communication. It’s like having a friendly neighbor who’s always there when you need a hand.
10. Measure and Analyze: Implement analytics tools to track user behavior, satisfaction, and other key metrics. Regularly review and interpret this data to make informed decisions. It’s the compass guiding you on the journey, making sure you’re heading in the right direction.

By taking these steps, a healthcare organization can create a UX strategy that feels less like a trip to the DMV and more like a visit to a favorite local cafe. It’s warm, inviting, and centered around the needs of those it serves. A user-centric approach isn’t just good practice; it’s the right thing to do. Because when it comes down to it, healthcare UX isn’t about pixels and code; it’s about people and care.

Have Questions?

Whether you’re just after a general resource for healthcare UX or you think your organization’s UX could use an update, Geonetric can help!

As the digital engine behind 500+ websites and intranets, we’re uniquely placed to help your organization walk through the digital front door. 

Click Here, to learn how we can take your website from ‘meh’ to marvelous, today!

In December, the Department of Health and Human Services (HHS) issued guidance relating to marketing trackers by HIPAA Covered Entities which is the cause for research and introspection on how and where these technologies are appropriate to use within healthcare digital properties. While many healthcare organizations are adapting to the new guidance, many are still struggling to understand its implications and what they need to do to adapt.

The recent joint letter from HHC and the Federal Trade Commission (FTC) sent to 130 organizations appears reflect their frustration at the slow pace of change resulting from the December guidance and clarifies their expectation that Covered Entities and others dealing with similar sensitive health information are expected to act now to in response to the guidance rather than wait for greater clarity.

This post is the first in a series explaining the guidance, challenges, options, and the areas of uncertainty that have been introduced by HHS.

Interpretations of the December HIPAA guidance vary widely and there is no single agreed standard for compliance. Every organization should seek to establish its own understanding of what is and isn’t acceptable given HIPAA rules today and likely redefinition and expansion of privacy laws inside and outside of healthcare in the future.

Defining PHI in a Digital Marketing Context

HIPAA defines Protected Health Information (PHI) as a subset of health information that (1) Is created or received by a healthcare provider, health plan, employer, or healthcare clearinghouse; and (2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present, or future payment for the provision of healthcare to an individual; and (i) That identifies the individual; or (ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual.

In addition, the information needs to be stored electronically at some point during its lifecycle. PHI cannot be shared with organizations or individuals unless they are part of the covered entity or a business associate and only if they have a valid business reason. In addition, PHI can only be used for health promotion purposes, not for marketing.

This definition of PHI is very clear for something like a patient history in an electronic medical record but has always been pretty abstract for most of what we deal with in the realm of digital marketing. When one person sends another a “get well soon” eCard through a covered entity’s website, is that disclosing PHI? If someone interacts with an online banner ad that you’ve created, have you disclosed something by virtue of the information’s capture in an online ad network? If you allow a “schedule appointment” link on a Google My Business (GMB) page, is that a breach?

Can a meaningless ID be used to associate the activity of an anonymous user across sessions? Is a visitor looking at a page of content on your website sufficient to imply the person has that condition? – and so on.

Just as I asked in this blog post from 2016, we still are in need of a better definition of PHI! Where Guidance Fits into the Broader Privacy Conversation

Where Guidance Fits into the Broader Privacy Conversation

This new guidance highlights the changing conversation around privacy, including recent investigative reporting relating to Facebook’s Meta Pixel and new and proposed laws relating to privacy in Europe, California, Utah, and elsewhere. The result is a web of increasingly disjointed, inconsistent privacy laws that are becoming more and more difficult for organizations to navigate.

We are entering an environment where the perception of privacy is changing, leading to greater scrutiny of privacy practices. Things that have always been acceptable in the past need to be reexamined in light of a tighter privacy climate. And there is no single approach that is likely to adequately address all the different philosophies and approaches that may emerge in the future.

Every healthcare organization should be thinking about how, going forward, it will use marketing trackers or other technologies that act in a similar manner to what we traditionally think of as marketing trackers.

The guidance states that it is not changing anything in the law but, rather, seeks to clarify how regulated entities should view these technologies within the lens of HIPAA.

An analysis from the University of Pennsylvania tells a different story, with 98.6% of healthcare organizations sharing data with third-party trackers, it’s clear that the standards presented in the guidance vary meaningfully from the working definitions that the industry has been using for what is and isn’t in context for HIPAA! The guidance does not have the force of law and, unfortunately, by issuing this guidance in the way that they have, HHS has introduced as many questions as they’ve answered.

The new guidance looks at the question in three contexts – mobile apps, authenticated web pages (most commonly within patient portals), and unauthenticated web pages. I will focus on unauthenticated web pages here, as that’s the scope of consumer web properties that we work with at Geonetric and is the area with the greatest confusion and difference of opinion.

What the Guidance Changes

The guidance changes several items from the working definition that the industry has been using for PHI in the context of digital marketing:

IP address is an identifying attribute:

– There are several factors that clearly identify the individual and these must be handled with caution. These include email, name, address, phone number, SSN, medical record number, and others. While IP address has always been one of the “18 HIPAA Identifiers” there are technical reasons why an IP address is often not sufficient to connect an online interaction to an individual, so most organizations haven’t traditionally treated it as such. The guidance clarifies that the IP should be an identifying attribute for the purposes of HIPAA.

All website visitors are presumed to be patients:

– The guidance goes on to share that we must presume that any search or action on a regulated entity’s website “relates to the individual’s past, present, or future health or health care or payment for care”. While this should be a fun argument to pull out next time you’re debating the ROI of web operations with your CFO, we know that the reality is that people visit our online properties for many reasons, and many are not currently and likely never will be patients of our organizations. Nevertheless, the guidance is clear that we must treat them as if they were.

A Range of Reactions

Through our own analysis along with my conversations with dozens of healthcare organizations and their compliance and legal teams, I’ve found a wide range of interpretations of the new rules. The most restrictive interpretations of the new guidance take the position that any user engaging with your digital properties must be assumed to be someone who has received or will receive healthcare services from the covered entity.

It is also stipulated that almost any situation involving an IP address and the URL of a page that a consumer is visiting constitutes PHI, even when viewing an unauthenticated web page.

Other experts latch on to the guidance’s insistence that tracking technologies generally do not have access to PHI from users browsing activities on unauthenticated web pages. It suggests that there is some threshold at which this browsing activity becomes high risk. In the absence of clear direction on where that threshold is, it remains unclear when this data would constitute PHI and, therefore, that we need not consider it to be covered by HIPAA.

It’s my hope that we’ll eventually get clearer, more actionable guidance in the future, either from HHS itself, or as the result of one of the many lawsuits currently facing healthcare organizations in relation to these issues. Even though the guidance doesn’t carry the force of law, it seems prudent to act today to mitigate these risks.

Assessing Risk

Some digital marketing tactics represent a level of risk that nearly every healthcare organization would view as unacceptable. For example, issues with marketing tracking technologies came to light through an investigative report from The Markup in 2022.

Facebook’s tracking technology has an option that improves its ability to connect online interactions back to the individuals engaging with your site for better measurement and to optimize ad performance on Facebook/Meta’s family of websites and apps. With the Attribution Option enabled, the tracking code collected additional information from form submissions and sent that information to Facebook which could include sensitive identification or health-related information.

Likewise, the use of many of these technologies within patient portals or other authenticated online experiences applications presents a high degree of risk in the absence of additional privacy steps.

The guidance gets more confusing when looking at the use of tracking technologies on Covered Entities’ unauthenticated web pages, stating that these “…generally do not have access to individuals’ PHI”.

However, it goes on to suggest that there are some situations where such interactions may include PHI, such as viewing information on a specific condition or symptom, searching for a provider, or making an appointment. Since this is what most healthcare websites are focused on, it’s unclear what threshold must be cleared to present this risk.

Moreover, it is still unclear when the act of reading a page of information or looking at a service or provider page meets the definition of PHI, but this certainly represents more risk today than it did previously. Many healthcare organizations now consider data to be PHI when only a consumer’s IP address and URL are known. That said, any tools that touch live consumer or patient traffic or receive information about such interactions must be carefully considered.

What to Do from Here

Every healthcare organization needs to engage in a risk assessment process related to these issues. Some best practices might include:

• Catalogue every element of your marketing technology stack and review the information that it has access to, if you have a BAA in place with that vendor, and what risk mitigation steps you need to take with them.
• Catalogue every point in your websites, patient portals, apps, and other digital properties where information is sent to third parties. Review each of these as you do the other parts of the marketing tech stack, above.
• Look at each of your marketing tools and partners as your organization does for other software vendors. Most healthcare organizations have a governance process for software vendors used by the IT organization, but many have avoided using that same process for their marketing vendors.
• Review and update the privacy policies on your websites, patient portals, apps, and other digital properties.

If you need assistance with this process regarding your compliance goals and Geonetric Privacy Filter, Geonetric can help. Contact us for a personalized compliance assessment today!

Learn More

When Health and Human Services dropped new guidance for healthcare organizations’ use of marketing tracking technologies in December 2022, many organizations first thought about their use of advertising tracking pixels like those provided by Facebook/Meta or Google ads. The new guidance radically changed the working definitions that healthcare organizations across the country used to determine what was in or out of scope for HIPAA. As a result, the guidance changes the rules for many commonly used marketing technologies. That includes web and digital analytics platforms including the nearly ubiquitous Google Analytics (GA).

This post is part of a series. For more information about the changes proposed in the HHS guidance, see HIPAA Guidance Overview.

Why Analytics?

As we discussed in the first installment in this series, the December guidance makes significant changes to terminology the healthcare industry uses to determine what’s in and out of context for HIPAA. These definition changes go far beyond tracking pixels for marketing purposes.

Essentially, anytime that we have health consumers involved, something as simple as an IP address and URL can be problematic from a HIPAA perspective. Web analytics certainly checks those boxes. Although many analytics platforms like GA don’t allow you to see the data on an identified individual level, the platforms do receive and typically store the data in this way.

What About GA4?

Google Analytics has been the most popular web analytics solution both inside and outside healthcare for many years.

Google has recently started sunsetting its Universal Analytics product in favor of its new GA4 platform. The investment in GA4 was made for several reasons but the urgency of moving users to the new platform and ending support for UA all comes down to General Data Protection Regulation (“GDPR”) — the European Union’s comprehensive privacy legislation.

You might think a GDPR-compliant platform would cover the bases for almost any privacy laws out there. Unfortunately, a complex patchwork of laws from different countries and US states interpret privacy differently, creating a messy mix of rules that make it far harder for vendors to provide solutions that are compliant for all variations.

GDPR and HIPAA approach the problem of securing and protecting sensitive personal data from very different places. GDPR looks at how data is stored and processed. HIPAA is more focused on how data is transmitted or disclosed. For GDPR compliance, GA4 has a sophisticated toolset for de-identifying the information that it receives before it’s stored or processed.

Unfortunately, that approach won’t work under HIPAA.

The December guidance makes that clear:

“… it is insufficient for a tracking technology vendor to agree to remove PHI from the information it receives or de-identify the PHI before the vendor saves the information. Any disclosure of PHI to the vendor without individuals’ authorizations requires the vendor to have a signed BAA in place and requires that there is an applicable Privacy Rule permission for disclosure.”

What Options Does That Leave Us?

The good news is that there are a few alternatives for how to deliver web analytics securely:

• Host it yourself — There are a few commercial products out there that will allow you to host the analytics solution yourself either on your own physical servers or in a HIPAA-compliant cloud environment. The good news is that these are full-featured analytics solutions with no compromises. The bad news is that, in addition to licensing fees for the platform, you (or your IT department) have the costs and headaches of licensing and hosting of these solutions yourself, so few organizations are opting to go this way.
• Use a hosted analytics platform that will sign a BAA — most web analytics platforms these days are only available as software as a service (SAAS). A few will sign a Business Associate Agreement (BAA). The cons here are cost (as these solutions can be quite spendy), and you’ll need to recreate all the triggers, events, and conversions that you previously had in Google Analytics. It’s a lot of work, but Geonetric can help you work through this approach.
• Use a privacy screen with Google Analytics — There are a few options for platforms that will intercept the requests from the end-user’s browser before they go on to GA4. The privacy screen lives in a HIPAA-compliant hosting environment and anonymizes the information before sending it on to GA4.

When Does This Change Need to Happen?

By positioning these changes as guidance rather than acknowledging the significant changes that are presented here, the Department of Health and Human Services (HHS) bypassed the normal process by which regulatory changes occur such as open comment periods and implementation deadlines. HHS is essentially saying that these have always been the rules and those not following these rules should do so as soon as possible!

In fact, a recent joint memo from HHS and the Federal Trade Commission (“FTC”) seems intended to urge organizations to move more quickly to change their approach to tracking in light of the new guidance. While many healthcare organizations have been unsure of how to proceed due to the vagueness of the guidance and have been hoping for additional details following the original guidance in December, it seems likely that enforcement actions will be coming before additional clarity.

If you need assistance with this process regarding your compliance goals and Geonetric Privacy Filter, Geonetric can help. Contact us for a personalized compliance assessment today!

Learn More

Healthcare organizations understand that there are steps that they need to take in response to the HHS guidance regarding marketing tracking technologies in December 2022. Unfortunately, for some organizations, their compliance issues may be far larger than they realize.

This post is part of a series. For more information about the changes proposed in the HHS guidance, see HIPPA Guidance Overview

Interpretations of the December HIPAA guidance vary widely and there is no single agreed standard for compliance. Every organization should seek to establish its own understanding of what is and isn’t acceptable given HIPAA rules today and likely redefinition and expansion of privacy laws inside and outside of healthcare in the future.

What’s the Trouble?

As we discussed in our previous installments, the December guidance makes significant changes to definitions the healthcare industry uses to determine what’s in and out of context for HIPAA. Essentially, anytime that we have health consumers involved, something as simple as an IP address and URL can be problematic from a HIPAA perspective.

As you can imagine, this can include a lot of moving pieces. The guidance calls out advertising tracking pixels from companies like Google Ads and Facebook/Meta (although we’ll talk more about these later in the series), and we’ve already talked about the challenges of web analytics but there’s more to consider: hosting providers, firewall vendors, load balancers, audit logging tools, backup and recovery tools, email marketing tools, marketing automation platforms, call tracking vendors, advertising agencies…the list goes on and on.

And at the center of the marketing technology stack are web content management systems (CMS) and digital experience platforms (DXP). Some tools will offer easy answers. Maybe the tool is only used with donors or providers and isn’t used with patients or health consumers. Perhaps the vendor in question has a compliance program in place and will sign a BAA for the solutions that you are using. In many cases, however, the reality of the new guidance is that some common platforms and tools simply aren’t going to be options for healthcare organizations or their partners moving forward.

The CMS and DXP Challenge

The new guidance means that any system touching live health consumer traffic is in context for HIPAA.  The platform that your websites run on is on the top of that list. Unfortunately, many of the common platforms in use by healthcare organizations today aren’t compliant and won’t sign a BAA. While that may have been appropriate when you first licensed that platform, this is no longer the case today.

The simplest strategy, then, is to work with a HIPAA-compliant solution that will sign a Business Associate Agreement, like Geonetric’s VitalSite™ CMS.

At the time of this writing, many of the most common web management platforms in use by hospitals today including SiteCore, Acquia, and Optimizely won’t sign a Business Associate Agreement (BAA).

SAAS Challenges

One way to use some of these tools in a complaint manner is to host them yourself on servers you own or through a HIPAA-compliant hosting solution (or work with a partner who is willing to do this for you). Unfortunately, since the industry seems to favor multi-tenant Software as a Service (SAAS) or other similar architectural models, many popular components of these software suites are only available in some sort of vendor-hosted option.

That said, even if you generally trust the vendor that you use, the law says that they need to sign a BAA if they have a chance of encountering PHI through the work that they’re building with you. In addition, many of the vendors that they work with (cloud platforms, firewalls, etc.) then need to sign subcontractor BAAs as well. This may involve different versions of those platforms, special installations, or other changes from their normal solutions. If your vendor isn’t committing to a BAA with you then odds are they haven’t secured those subcontractor BAAs with all the other tools and partners that they work with.

The Open-Source Conundrum

Compliance challenges for organizations utilizing open-source platforms can be even more complicated.  One of the great benefits of open-source platforms like Drupal and WordPress is the large number of easily available components, plug-ins, templates, and code that are available for little or no cost. As another bonus, there are HIPAA-compliant hosting options for these tools. Like any of component of your marketing technology stack, it’s critically important that any code or components that are created by third parties are closely scrutinized to understand what data is captured, where it’s stored, where it might be sent, and who has access. Unfortunately, many of these free or inexpensive components are difficult to assess from a HIPAA compliance standpoint which may make these solutions far less appealing in the future.

It’s Time for Vendor Management

Every Covered Entity and Business Associate needs to run a risk assessment for their organization and part of that process is looking at the entire marketing technology stack. For each tool, platform, and vendor on that list, you need to look critically at the data that it touches, where and how it’s being used, if you have (or can get) a BAA in place with that vendor, and then make some decisions about how (or if) you’ll work with them in the future. It’s a lot of work, but it’s necessary to address the changes in the new HHS guidance.

It is important to understand all the components that you’re utilizing from a particular vendor and then scrutinize each. It may be possible to self-host your web CMS, but the search function for your website be through a third-party service. Many advanced DXP capabilities such as Customer Data Platforms, personalization tools, and shiny new AI-powered capabilities may not be available in a HIPAA-safe manner.

If you need assistance with this process regarding your compliance goals and Geonetric Privacy Filter, Geonetric can help. Contact us for a personalized compliance assessment today!

Learn More