Maciej Zawadziński: The Health Insurance Portability and Accountability Act (HIPAA) regulates how US patients’ healthcare information should be protected. Why are some healthcare organizations reluctant to adopt a data-driven approach to marketing? Is it hard to achieve compliance under HIPAA?
Joe Christopher, VP Analytics at Blast Analytics: HIPAA extends well beyond the digital experience and thus, at face value, it is complex and scary. This law has both repercussions of significant monetary fines and, even more importantly, the ability to erode external trust in healthcare organizations. There’s no handbook that explains the scope of HIPAA directly for the digital experience. Thus, the legal nature of HIPAA makes it difficult to navigate.
I find that there is agreement on the importance of HIPAA. But at the same time, there’s a lack of understanding that maintains the status quo, rather than exploring how protected health information (PHI) can be used to optimize the digital experience for the patient. Unfortunately, digital audits often reveal many areas in which organizations don’t comply with HIPAA, even if they understand its importance.
This low maturity is typically coupled with being out of compliance. On top of that, many healthcare organizations don’t have a strong data-driven approach to marketing and optimization, likely driven by fear of some of the more obvious parts of HIPAA. But with the right understanding of how HIPAA applies to the digital experience, compliance is achievable.
There’s no handbook that explains the scope of HIPAA directly for the digital experience. Thus, the legal nature of HIPAA makes it difficult to navigate.
– Joe Christopher
Maciej Zawadziński: What are the must-have features in HIPAA-compliant software?
Joe Christopher: Digital teams within healthcare organizations are often following the best practices that exist outside of healthcare and use non-compliant technologies, from an out-of-the-box perspective.
Furthermore, I often find that there’s a lack of partnership between the privacy and digital teams within healthcare organizations, resulting in rogue approaches that have not been reviewed for compliance with HIPAA. This is a two-way street, because many privacy teams lack a strong understanding of the technical concepts surrounding the digital experience.
Organizations need to carefully select and review technologies with their privacy or security teams. It is best to avoid workarounds to reach compliance, as those often result in a subpar outcome. Instead, it is better to work with experienced consultants to navigate compliance, and vendors that have direct experience with compliance.
The bad news is that many popular vendors in the digital analytics and digital marketing space won’t support PHI data collection or usage. There’s a limited set of viable options, and it is important to research the features. The options and features that are top-of-mind for me would be the ability to sign a business associate agreement, confirmation of third-party HIPAA/HITRUST audits, how data is stored (private cloud or in some cases an appropriate multi-tenant cloud) and how data is collected (especially around reducing client-side transmission as possible).
There are also some capabilities that will positively improve the digital experience of the patient such as customer data platform capabilities, audience segmentation, etc.
Maciej Zawadziński: What is the remedy for the lack of a data-driven mindset within healthcare organizations?
Joe Christopher: A significant focus of any organization, healthcare or not, needs to be on improving the digital experience of the user or patient. I see this focus across many brands that I interact with. Even the US White House recently declared its focus on improving the customer experience.
The way an organization will improve the digital experience is through a data-driven mindset. Every touchpoint within the end-to-end patient journey matters and brings opportunities for experience improvements. This data-driven mindset has, for too long, been hampered by the lack of the right compliant technologies and analytical maturity.
The remedy includes rethinking and challenging the status quo, soliciting the support of consultants that have the expertise in both healthcare organizations and digital experience, and embarking on a strategic roadmap prioritized by identifying maturity issues.
Maciej Zawadziński: Compliance is worth the effort though, because using patient data can be beneficial for the healthcare organizations, medical staff and ultimately patients. What are the top optimization actions that an organization can take with it?
Joe Christopher: Using patient data, including PHI, to improve the digital experience in compliance with HIPAA is one of the most significant opportunities of a healthcare organization. While they’re typically out of reach, there are optimization actions available to organizations that achieve compliance, implement the right technologies, and apply a data-driven mindset. This all leads to significant competitive advantages and differentiators.
The potential optimization actions include improved real-time personalization, increased insights and data accessibility that enhance customer service and digital marketing efforts, and the ability to gather qualitative and quantitative feedback from patients.
I’ll share a specific example that applies to healthcare insurance organizations that sell healthcare plans to individuals. By implementing a compliant customer data platform (CDP), your organization can build audiences based on the individual’s plan, the plan’s expiration date and other categories of data tied to the individual. These audience segments are shared for activation, without transmission of PHI, with other digital technologies that can personalize the customer’s digital experience within defined segment variations. These same segments can be leveraged for advanced analysis that leads to insights and actions.
Using patient data, including PHI, to improve the digital experience in compliance with HIPAA is one of the most significant opportunities of a healthcare organization.
– Joe Christopher
Maciej Zawadziński: Will more healthcare organizations be able to overcome compliance, technological and internal challenges and offer better services based on the data-driven decisions?
Joe Christopher: I’m both excited and optimistic about the future, as healthcare organizations begin to truly understand the opportunities and impacts of overcoming compliance, technological, and internal challenges. These are often significant challenges and my advice is to start today by auditing digital compliance with HIPAA and building the strategic roadmap that will fuel the necessary improvements to the patient’s digital experience. When this is done, I’m confident that organizational leaders will be pleasantly surprised with the opportunities and impacts that can be achieved.
Joe Christopher, VP Analytics at Blast Analytics
Joe is the VP of Analytics at Blast Analytics, leading a large team of strategists, technologists, and analysts that support leaders to evolve their organizations. He is a DAA-certified web analyst and a certified expert in multiple digital analytics platforms. Joe regularly shares his passion and knowledge of analytics through corporate trainings, blogging, and speaking engagements.