Scroll Top
19th Ave New York, NY 95822, USA

Is Retargeting HIPAA Compliant?

Retargeting is one of the most effective strategies in digital advertising, but is it right for you? Your practice is subject to HIPAA compliance requirements, so the short answer is no. But please allow us to offer some workarounds.

What Is Retargeting?

Wouldn’t it be great if all the people who visit your website scheduled an appointment at the end of their first visit (assuming you had the capacity to see them all)? That’s not how it works, though; few website visitors will make an appointment, compared to your total number of visitors. It’s like that in other industries as well—according to software company Marketo, about 96 percent of website visitors aren’t ready to buy.

Companies want to stay top-of-mind with these web visitors and have them come back when they are ready to spend their money (or, in your case, when they need medical care). Retargeting is one possible solution.

Retargeting—also known as remarketing—uses little snippets of code called pixels that insert other pieces of code called cookies into a website visitor’s browser. When the visitor leaves the website, that cookie tells Google and other remarketing platforms to serve them ads from the website publisher.

What’s the Problem?

Retargeting is great for many industries, but healthcare is one of the exceptions. Why? Protected health information. It’s best illustrated with an example.

A man is having pain in the lower left quadrant of his abdomen. He searches for diverticulitis on Google and your practice’s condition page comes up. He clicks, reads it, leaves the website and gets up from his computer. Then his wife sits down and she’s served up a Google Ad about getting her gastrointestinal pain diagnosed with a colonoscopy from your medical practice.

What you’ve done is basically disclosed protected health information about a medical condition (one that necessitates a colonoscopy) to an unauthorized third party. You have no control over and no way of knowing who is using a given browser when you add that cookie and retarget your ad.

What Do the Ad Networks Say?

If that wasn’t a HIPAA violation, it would still be a violation of Google’s terms of service. Google generally errs on the side of caution, and says retargeting is prohibited for:

“Personal health conditions, health issues related to intimate body parts or functions, and invasive medical procedures. This also includes treatment for health conditions and intimate bodily health issues.”

Google defines health content as:

  • physical or mental health conditions, including diseases, chronic conditions, and sexual health
  • health condition-related services or procedures
  • products for treating or managing health conditions, including over-the-counter medications for health conditions and medical devices
  • long or short-term health issues associated with intimate body parts or functions, including genital, bowel, or urinary functions
  • invasive medical procedures, including cosmetic surgery
  • disabilities, even when content is oriented toward the user’s primary caretaker

So What Can I Do?

Is all that data collected by the pixel useless? No. There are some ways you can use that data.

First, you actually can retarget people who have visited your website, but you have to do it in a generic fashion. You can’t advertise a particular treatment or any specific conditions. The safest way is to send the people who click on the ad to your home page or a nonspecific landing page.

You can also use that data in other ways. One of our favorites is to create a lookalike audience and serve ads to them. Ad platforms like Google Ads and Facebook Ads take the data you’ve collected and use artificial intelligence to build an audience of people with many of the same characteristics as those website users whose data you’ve collected with your pixels.

Since this audience looks like the retargeting list you’d build if you could, it’s going to be very effective at targeting highly engaged prospects. And, since it’s not one-to-one retargeting it’s completely above-board.

Finally, although we don’t recommend it, you can try remarketing anyway. Use an ad platform rather than Google, and accept that you might need a lawyer instead of a marketing agency.

If you’re interested in running ads on the up-and-up, contact Points Group today. Our digital marketers are versed in both the cutting-edge and established pay-per-click technologies and tactics. We’ll even throw in a free website assessment. Call today.