I almost had to change the name of this week’s newsletter to the Freshpaint 6 because it might take longer than 5 minutes to read -- it's a little longer than average. But, I tested it and you can still read it in 5 minutes...youjustgottareadfast. And I'll keep the intro short to help even more.
Let’s get right into it.
(Oh, but, if you only read one thing in this week’s Freshpaint 5, scroll down to the news section…there’s a lot that you may have missed.)
Product Update
New integration alert! Embedded videos on your website can cause HIPAA violations. That’s why we already built integrations for YouTube and Vimeo embeds. And, good news. We just added another integration option for embedded video: Wistia.
And while I’ve got you here, we’re working on building integrations with Google Translate, and podcast embedding tools. Either of those appeal to you? Reply to this email and let me know. Our Head of Product may want to chat with you about it.
Virtual: 5 Episodes We're nearing the end of Freshpaint's Healthcare Marketing Privacy Webinar Series! Four episodes are available on-demand, with one to go. Dive into each episode packed with tips and tricks to stay HIPAA compliant while turbocharging your marketing efforts!
Freshpaint is coming to a city near you! Meet Marketing leaders at other healthcare organizations IRL and learn best practices for creating high performing campaigns in a world driven by privacy. Sign up for more info!
TODAY in Las Vegas: Golden Knights vs. Anaheim Ducks Hockey Game
April 25 in Seattle: Dinner at Goldfinch Tavern @ Four Seasons
MoreVisibility's Matt Crowley and Freshpaint's Ray Mina explain more about the latest HHS guidance updates and how using a Customer Data Platform, like Freshpaint, can help healthcare marketers protect their data and stay HIPAA compliant.
With the increasing number of state and federal level privacy regulations, healthcare marketers are feeling like this moment is blocking them from doing great marketing. But savvy marketers are using this moment as a catalyst to rethink their strategies and drive positive change. Click the play button and learn how these trailblazers are redefining high-performance marketing in 2024.
Check out the rest of our on-demand webinars and in-person events on the new Freshpaint events page. Let's hang out online or in-person soon!
Freshpaint's Compliant Corner
We recently sat down with a healthcare privacy lawyer, Dori Cain, to ask her every possible legal question we could think of relating to HIPAA-compliant marketing. Dori's answers were extremely insightful. Here are a few of the questions we asked and her answers:
Is an IP address considered Protected Health Information (PHI)? According to Dori, for a piece of data to be considered PHI, you must have two pieces: an identifier and health context. On their own, IP addresses are just identifiers. There is no health context associated with them. So, IP addresses are not PHI.
Who is responsible for ensuring PHI is not sent to a non-covered entity?Dori explains that responsibility sits with the covered entity. They need to be aware of who's a business associate. So, if you're a covered entity, you are responsible for your PHI, even if you're using a web tracker that automatically collects it.
Who bears the liability for data collection when a healthcare organization bids on keywords? In Dori’s view, the liability doesn't sit with the healthcare organization because using a search engine does not tie the searcher to one specific healthcare organization. It's essentially an all inclusive type of search where the searcher could go to any healthcare organization that may be connected to those keywords. The information is not stemming from the covered entity.
Yikes. Expensive week for healthcare organizations who haven’t figured out the importance of privacy-first marketing. Let’s do a quick rundown:
VillageMD, a primary care provider, just got hit with a class action lawsuit for improperly disclosing data to Facebook through the Meta Pixel.
That’s not the only Meta news…Children’s Healthcare of Atlanta is also facing a lawsuit over their use of the Meta Pixel. They even had the tracking pixel on their patient portal. That’s a big no-no.
Addiction treatment provider, Monument, is facing FTC enforcement for improperly disclosing PHI to Meta and Google. Their penalties? A ban on sharing data to ad platforms and a $2.5 million fine.
Telehealth company, Cerebral, is also in the FTC’s crosshairs for…a lot of things. But most notably they’re under fire for sharing PHI to third parties such as LinkedIn, Snapchat, and TikTok by using tracking tools on their website. Like Monument, Cerebral is also banned from sharing data with advertising tools, and they were hit with a $7 million fine.
But I really want to highlight the penalties from the FTC. In both cases, Cerebral and Monument, the FTC is banning those organizations from disclosing consumer information for most marketing and advertising purposes. Marketing and ad platforms need data to optimize performance. Without data, marketing costs will skyrocket.
That’s a massive penalty. It could end up costing those companies more than their actual fines.
Loving our newsletter? Connect with our team and learn how Freshpaint can help support your marketing efforts while upholding current regulations and guidelines.You can book a meeting with our team here.
“By using Freshpaint we get to replace the native pixels from Google and Meta to fully govern what data gets shared with those platforms.” - WebMD Ignite's Andy Waldrop
Freshpaint, 5214F Diamond Heights Blvd #3502, San Francisco, California 94131