If you operate under the HIPAA framework, you may already be aware of the recent letter jointly issued by the Federal Trade Commission (FTC) and the Department of Health and Human Services’ Office for Civil Rights (OCR) to 130 healthcare organizations. This correspondence highlights the potential risks associated with utilizing tracking technologies from Meta and Google, specifically in relation to the collection of health data (PHI/PII) from consumers. The letter emphasizes the regulators’ concerns regarding tracking pixels, which can extract “identifiable information about users as they interact with a website or mobile app, often in ways which are not avoidable by and largely unknown to users.”
In simpler terms, relying on these tracking technologies to gain insights into patient behavior on your website or within your app, with the goal of optimizing the overall patient experience or for purposes like remarketing, may expose you to potential HIPAA noncompliance risks.
Navigating HIPAA compliance is already a complex undertaking. The recent crackdown on the use of tracking technologies by these widely-used healthcare web analytics platforms, along with the intensifying scrutiny on data collection practices, further complicates matters. So, how can HCOs effectively approach patient experience optimization while adhering to HIPAA regulations? Before we delve into practical strategies, let’s first explore why prioritizing patient experience is crucial for HCOs.
The Significance of Prioritizing Patient Experience for HCOs
Digital customer engagement plays a pivotal role in the growth of healthcare organizations. From booking appointments to completing check-ins and consultations, an increasing number of healthcare interactions are taking place in a digital-first environment. Furthermore, as patients increasingly adopt a consumer mindset, healthcare experiences are becoming more personalized. It is no wonder, then, that 76% of HCOs consider digital customer engagement to be central to their growth. Additionally, given that most HCOs offer “experiences” rather than tangible “products,” prioritizing patient experience is a logical strategic objective.
The Link Between Optimized Patient Experience and Business Growth
Patient experience optimization directly contributes to an HCO’s profitability. HCOs that leverage customer insights to enhance the patient experience are five times more likely to achieve revenue growth of over 20% year-over-year.
When it comes to real-world healthcare organizations (HCOs), a digital transformation holds tremendous potential. To understand this, let’s explore a fascinating example cited by McKinsey. They highlighted a healthcare provider that embarked on a digital transformation journey and devised over 300 test ideas, each tailored to achieve specific business objectives.
Their hypotheses were intriguing, encompassing improvements in online scheduling, enhancing digital experiences, and optimizing content on targeted pages. With careful selection, the team launched 150 of these hypothesized ideas over a span of 12 months. The outcome? An impressive test success rate of approximately 50%.
The impact of scaling successful tests was remarkable as it tripled their number of new patients from digital channels compared to the pre-transformation period. This concrete evidence underscores the power of customer experience optimization, which not only enhances patient satisfaction but also leads to cost savings.
Speaking of cost savings, the digitization of healthcare services, including administrative tasks like appointment scheduling, can be optimized through enhanced customer experience. McKinsey discovered that HCOs that prioritized customer experience saw a remarkable decrease of up to 30% in costs to serve.
Now, let’s turn our attention to a key challenge faced by patient optimization programs in HCOs – the reliance on data. This is where HIPAA comes into play.
HIPAA, which stands for Health Insurance Portability and Accountability Act, serves a crucial purpose – safeguarding a user’s sensitive healthcare data from unauthorized use or any purpose that they didn’t consent to. HIPAA ensures that patients’ privacy is respected and their data is protected throughout the optimization process.
By adhering to HIPAA regulations, HCOs can confidently navigate the landscape of data-driven optimization programs, delivering improved healthcare experiences while maintaining the utmost respect for patient privacy.
HIPAA’s handling of patient data and why it’s crucial to healthcare marketers
Rather than delving into the technical jargon of classified information under HIPAA, let’s uncover the unfortunate reality that affects millions of people – their data.
In an eye-opening investigation called the Pixel Hunt series, The Markup, a renowned nonprofit newsroom monitoring major tech companies, turned its attention to 100 of the United States’ top hospitals. Shockingly, their findings revealed that 33 of these hospitals were unknowingly transmitting patient data to Facebook using Meta’s widely-used tracking tool – the pixel.
Believe it or not, when visitors clicked on the online appointment scheduling button on doctors’ pages, Facebook would gain access to a wealth of information: the exact search keywords that led patients to the doctor’s profile (such as “pregnancy termination”), the doctor’s name, and even the specific call-to-action button that piqued their interest. But it doesn’t stop there – some hospitals went as far as sharing patients’ first and last names, which Facebook could effortlessly retrieve through hash cracking.
Imagine this: all the data tied to a patient’s IP address, essentially telling Facebook the complete picture of a patient’s appointment journey. Experts who reviewed the report flagged this as potential HIPAA violations since personal health information was being shared with a third party (Facebook) without explicit user consent.
As if that weren’t enough, The Markup also discovered that Facebook utilizes this pixel data to enhance patients’ Facebook profiles. Shockingly, the team even managed to identify patients through Meta’s tracking pixels.
The implications are clear – regardless of your role in the healthcare industry, whether as a payer, provider, or pharmaceutical company, using such tracking technologies puts you at risk.
HIPAA was put in place to ensure that incidents like these never happen and that sensitive patient data remains secure. With all of this in mind, it’s no wonder that healthcare organizations feel cautious about their customer optimization programs.
Enhancing Patient Experience while Safeguarding PII/PHI
Discovering ways to optimize patient experience can be achieved while ensuring complete compliance with HIPAA regulations. Here’s a step-by-step guide to help you on your journey:
- Collecting Data in a Secure Manner:
Gaining insights into healthcare experiences requires data; however, using popular analytics solutions, like Meta’s pixel or those offered by mainstream tech giants, may expose sensitive information. The solution lies in selecting a first-party data analytics vendor that prioritizes privacy and offers granular control over data collection on your website or app, following HIPAA-compliant guidelines.
- Partnering with HIPAA-Compliant Vendors:
When working with these vendors, who have access to the data passed on to them or collected through their tools, they must commit to safeguarding any patient health information (PHI) involved. To ensure this, a Business Associate Agreement (BAA) is required as per HIPAA regulations. By signing a BAA, these vendors guarantee the protection of PHI and restrict its usage beyond intended boundaries, reinforcing essential PHI safeguards.
- Tailored PHI Protection with HIPAA-Compliant Analytics:
Unlike other platforms that lack strict boundaries, HIPAA-compliant data analytics solutions allow you to specify how your data will be utilized. They offer customized options to declare specific data usage limitations, ensuring your patients’ sensitive information is handled responsibly.
By following these engaging and informative steps, you can prioritize patient experience optimization while upholding data privacy in a HIPAA-compliant manner.
Conducting PHI/PII-friendly experiments
Many healthcare organizations (HCOs) face challenges when it comes to leveraging customer experience (CX) data for optimization. Surprisingly, the issue lies not in data collection, with eight out of ten HCOs gathering valuable customer insights in HIPAA-compliant ways. Rather, the real obstacles revolve around the sheer volume and velocity of data, posing dilemmas for six out of ten HCOs struggling to make sense of it all.
Privacy concerns further complicate matters, inhibiting HCOs from fully harnessing the potential of their collected data for CX optimization. Even utilizing anonymized or first-party data, which can be securely used, raises hesitations among these organizations.
Contrary to popular belief, successful patient optimization experiments or experiences do not necessarily require Personally Identifiable Information (PII) or Protected Health Information (PHI). In fact, leveraging first-party data, such as fully anonymous behavioral data collected from your website, can yield remarkable insights to power your customer experimentation programs.
For instance, consider a scenario where a significant drop-off occurs after offering a virtual check-in option. This may indicate room for improvement in the check-in process itself — the form’s length, field arrangement, functionality, or overall user experience might be to blame.
Engaging in qualitative research with your customers or commissioning independent studies on common friction points along digital healthcare journeys can unlock opportunities for optimizing patient experiences. Neilsen’s research on patient journeys highlights patient portals as the most frequently used digital interaction channel, responsible for 32 out of 93 recorded interactions. Patients frequently log in to their portals for various purposes, including appointment scheduling, video consultations, and accessing lab reports. Unquestionably, patient portals present multiple avenues for enhancing digital patient experiences.
A persistent frustration in the digital healthcare journey is appointment scheduling, an area ripe for optimization without the need for PHI or PII data. Another way to elevate the patient experience is through the delivery of personalized content, which also does not require PHI data. In essence, it is crucial for stakeholders to recognize that experiments yielding significant and tangible results for HCOs can be conducted without relying on so-called “risky” data.
Now, let’s dive into the world of experimentation. If you’re aiming for experience-led growth, experiments should be your go-to strategy. Despite the immense benefits that experimentation brings to HCOs, it’s surprising to learn that they’re not yet mainstream when it comes to optimizing digital experiences for healthcare consumers. In fact, only 33% of HCOs currently utilize A/B tests to enhance their patient experience, and even fewer – just three out of ten – implement targeting and personalizations.
Don’t let data apprehensions hold you back! By embracing experimentation and implementing an experimentation program for CX enhancement, you’ll pave the way for breakthrough success. But here’s a crucial aspect to consider: HIPAA compliance. Just as you would prioritize HIPAA compliance when selecting a data analytics solution, the same diligence should apply when vetting experimentation solution vendors. Fortunately, there are optimization solutions specifically designed for heavily regulated industries like healthcare, offering full compliance with HIPAA. With these systems, you can confidently run a HIPAA-compliant CX optimization program within your HCO. Plus, we even execute BAA, which is required under HIPAA.
Here’s the inside scoop – when it comes to your CX optimization program, your experimentation solution sits right at the heart of it all. So, make sure that HIPAA compliance is one of the first criteria on your checklist while choosing an experimentation solution vendor. You’d be surprised to know that even some of the leading optimization solution providers aren’t fully compliant with HIPAA. Don’t settle for less when it comes to the compliance and success of your experimentation endeavors.