443: #443: Building a HIPAA-compliant martech stack with Ray Mina, Freshpaint

In December of 2022, digital marketers in the healthcare industry were impacted by an expanded definition of PHI or personal health information in the HIPAA, or the health insurance portability and accountability act regulations, which are the the federal law in the United States that protects sensitive patient health incormation from being disclosed.

While this impacts healthcare companies in the US most specifically, and our conversation today is going to center around healthcare marketers, there are lessons to be learned here for marketers in any industry or locale where consumer data privacy is under increased scrutiny and regulations

Today we’re going to talk about creating a HIPAA-compliance marketing technology stack, and how to not sacrifice marketing effectiveness while still protecting consumer data, in this case personal health information.

To help me discuss this topic, I’d like to welcome Ray Mina, Head of Marketing at Freshpaint.


PartnerHero: to waive set up fees, go to https://partnerhero.com/agile and mention “The Agile Brand” during onboarding!

Freshpaint website: https://www.freshpaint.com

Privacy First Framework Article: https://www.freshpaint.io/blog/privacy-first-framework-for-hipaa-compliance

The Agile Brand podcast website: https://www.gregkihlstrom.com/theagilebrandpodcast

Sign up for The Agile Brand newsletter here: https://www.gregkihlstrom.com

Get the latest news and updates on LinkedIn here: https://www.linkedin.com/company/the-agile-brand/

For consulting on marketing technology, customer experience, and more visit GK5A: https://www.gk5a.com

Check out The Agile Brand Guide website with articles, insights, and Martechipedia, the wiki for marketing technology: https://www.agilebrandguide.com

The Agile Brand podcast is brought to you by TEKsystems. Learn more here: https://www.teksystems.com/versionnextnow

The Agile Brand is produced by Missing Link—a Latina-owned strategy-driven, creatively fueled production co-op. From ideation to creation, they craft human connections through intelligent, engaging and informative content. https://www.missinglink.company


n this episode, the speaker discusses the challenges faced by healthcare organizations in highly regulated industries, such as healthcare, where a compliance-driven mindset often hinders progress. This mindset is characterized by a tendency to avoid taking risks and halt all activities when problems arise. However, the speaker emphasizes that this approach is ineffective for achieving patient-focused outcomes. Instead, they suggest adopting a mindset shift that focuses on finding effective ways to address issues while still complying with regulations.

To navigate the compliance landscape more effectively, the speaker mentions the availability of tools like Fresh Paint for healthcare organizations. They emphasize that although this approach may differ from traditional methods, it is not necessarily more difficult. The key is to embrace a mindset shift that prioritizes patient outcomes and adapts to the changing regulatory environment.

The concept of “compliance by design” is also discussed in the episode, which involves incorporating compliance considerations from the start of any project or initiative. By integrating compliance into the operational side of healthcare organizations, they can avoid losing sight of patients and other important aspects, such as marketing. This approach allows organizations to use the tools that work best for them while still ensuring compliance.

For organizations that have made some progress in addressing compliance but have not fully shifted their mindset, the speaker advises assembling the right team and having conversations about consumer privacy and data management. They stress the importance of understanding the content on their website and where the data is being sent. This proactive approach is seen as a best practice in healthcare, as consumer privacy concerns continue to grow and gain attention in politics.

The episode emphasizes the importance of having the right team in place to address data privacy and compliance issues. The speaker suggests including individuals such as chief compliance officers, senior general counsel, and IT professionals to ensure that these concerns are effectively addressed.

The first step in addressing data privacy and compliance is to build a team that can handle these issues effectively. This team should consist of individuals from legal, compliance, and IT departments, as well as any third-party auditors that can assist in the process. By bringing together a diverse group of experts, organizations can ensure that all aspects of data privacy and compliance are addressed.

The speaker also highlights the importance of understanding the data practices of the organization. This includes conducting an audit of the website and its subdomains to identify all web trackers and tools being used. By understanding what data is being collected and how it is being used, organizations can better assess their compliance needs and identify any potential risks.

Furthermore, the Ray Mina from Freshpaint mentions the need for organizations to assess whether they are sharing protected health information (PHI) with third-party tools. In cases where PHI is being shared, organizations must ensure that appropriate legal frameworks, such as business associate agreements (BAA), are in place to protect the privacy and security of the data.

Overall, the episode emphasizes the importance of having a knowledgeable and diverse team in place to address data privacy and compliance issues. This team should conduct audits, assess data practices, and ensure that appropriate legal frameworks are in place to protect sensitive information.

Learn more about your ad choices. Visit megaphone.fm/adchoices