Enhance Patient Experiences and Ensure HIPAA Compliance with Adobe Customer Journey Analytics
The mounting pressure of HIPAA compliance necessitates heightened privacy and security throughout the patient journey. New guidelines have specifically addressed the use of online patient tracking technologies. Notable instances include:
- In December 2022, the OCR (Office for Civil Rights) at HHS (Health & Human Services) issued clarifying guidance on the use of online tracking technologies, like Digital Analytics platforms, in accordance with HIPAA Rules. This bulletin shed light on their application in diverse scenarios, including user-authenticated web pages, unauthenticated web pages, and mobile apps.
- In July 2023, a joint effort by HHS and FTC (Federal Trade Commission) entailed cautionary letters sent to 130 hospital systems and telehealth providers, stressing the risks and concerns associated with online tracking technologies. The letter explicitly highlighted Google Analytics as a significant concern, along with the Meta/Facebook pixel.
Why is this a concern? Striking a balance between privacy and personalization is a challenge. Patients desire both, but achieving both isn’t easy. Not all technology adheres to HIPAA guidance. Meeting HIPAA guidelines poses a puzzle for healthcare organizations, as they’re obliged to comply with these regulations while still personalizing patient journeys.
This raises the question of how healthcare organizations can leverage technology to deliver personalized patient experiences while maintaining HIPAA compliance. The truth is, not all patient journey and personalization technologies are equal. This article aims to separate fact from fiction and present a viable path for creating superior patient experiences that ensure HIPAA compliance.
The Problem with Google Analytics and HIPAA
The fundamental issue with Google Analytics is that the platform isn’t compliant with HIPAA. This was true with GA (Google Analytics) Universal and it’s still true with GA4 and GA4 360. In fact, Google refuses to sign a BAA (Business Associates Agreement) and explicitly states that no PHI (Personal Health Information) data should be shared with their platform.
Google’s refusal to sign a BAA means the platform vendor takes no responsibility in ensuring complete protection of PHI. That’s a problem for every provider, payer, and healthcare vendor that deals with PHI and uses a version of Google Analytics as part of its personalization Martech efforts. Here’s Google’s stated position on the matter:
“Customers must refrain from using Google Analytics in any way that may create obligations under HIPAA for Google. HIPAA-regulated entities using Google Analytics must refrain from exposing to Google any data that may be considered Protected Health Information (PHI), even if not expressly described as PII in Google’s contracts and policies. Google makes no representations that Google Analytics satisfies HIPAA requirements and does not offer Business Associate Agreements in connection with this service.”
Google’s documentation is clear on the matter. They reference a July 2022 HHS bulletin concerning unauthenticated pages and HIPAA compliance obligations. The bulletin provides examples of situations where HIPAA compliance is required, such as searching for doctors or scheduling appointments, even in inauthenticated states. While one could argue for data deidentification in a non-compliant framework like Google Analytics, we consider this strategy shortsighted and inadequate when it comes to enhancing patient experiences.
Further, the FTC/OTC/HHS July 2023 letter states:
“To the extent you are using the tracking technologies described in this letter on your website or app, we strongly encourage you to review the laws cited in this letter and take actions to protect the privacy and security of individuals’ health information.”
Translation: Immediately adjust your current Google Analytics data collection and switch to a compliant platform. The advice is spot on.
Adobe Customer Journey Analytics + Healthcare Shield – A HIPAA-Compliant Patient Experience Platform
Healthcare marketers and analysts have choices other than Google Analytics. One of the best is Adobe Customer Journey Analytics, a part of the Adobe Experience Cloud platform. Adobe Customer Journey Analytics operates both as an independent solution and in concert with other Adobe offerings.
Adobe Customer Journey Analytics represents the next generation of analytics platforms, taking all the exceptional features of Adobe Analytics and opening the door to true customer journey analysis.
This latter scenario provides some powerful ways to do things like create audience segments in Customer Journey Analytics and push them to a Customer Data Platform. It’s important to note that while Adobe Customer Journey Analytics is HIPAA compliant and can provide a BAA (Business Associate Agreement), Adobe Analytics doesn’t possess the same compliance.
The good news is that Adobe Customer Journey Analytics represents the next generation of analytics platforms, taking all the exceptional features of Adobe Analytics and opening the door to true customer journey analysis. Thankfully, Adobe has decided to support healthcare organizations from a HIPAA perspective.
From a HIPAA standpoint, it’s essential to adhere to compliance regulations and obtain a signed BAA. In order to achieve this, the utilization of Adobe Customer Journey Analytics with the Adobe Healthcare Shield add-on is necessary. This add-on is accessible across various Adobe Experience Cloud products, including Adobe Customer Journey Analytics, Adobe Real-Time Customer Data Platform, and Adobe Journey Optimizer.
Adobe Customer Journey Analytics: HIPAA Compliance in a Feature-Rich Solution
The Adobe Customer Journey Analytics platform natively includes many key features and with the addition of the Healthcare Shield add-on, boasts key features such as:
- Access Controls – Only authorized users can access PHI (Personal Health Information)
- User Activity Audits – User activity is accessible and logged in real-time
- Data Hygiene – Ability to update or delete data at a set or row level and configure retention
- Customer Managed Keys & Enhanced Encryption – End-to-end encryption including password protection for report downloads
- Policy Enforcement – Robust data labels with enhanced policy enforcement for usage and distribution
- SSO/MFA/User Sync – Enterprise security enforcement of user authentication and the ability to sync with Active Directory (or similar)
- Business Associate Agreement – Critical to allow for ingestion of PHI
When migrating from platforms like Google Analytics 360, you have the option to ingest historical data directly into Adobe Customer Journey Analytics! This greatly helps with the continuity of data during the first year of transition to a new platform.
Using Adobe Customer Journey Analytics to Enhance Your HIPAA-Compliant Patient Journey
Digital analytics has progressed far beyond the days when web/app behavioral data could only be viewed in isolation. More mature organizations moved beyond this rudimentary approach years ago by combining their Google Analytics data with various online/offline data sets, which are typically stored in data warehouses. Adobe Customer Journey Analytics recognizes this and allows for its Adobe Experience Platform data lake to serve as a central hub to merge any data set together. It then presents the combined data within a unified reporting interface, which promotes self-service usability and reduces the burden on technical analysts who would traditionally build complex SQL queries to answer your business questions.
Adobe Customer Journey Analytics allows for its Adobe Experience Platform data lake to serve as a central hub to merge any data set together.
Here are three use cases that yield insights and drive actions that improve the patient’s experience.
- Call Deflection Journey Analysis – Your analysts can make use of Adobe’s robust Workspace interface to analyze how online behaviors lead to calls or chat engagements by merging call center data with web/app behavioral data. This enables them to optimize self-service content and enhance the overall experience, resulting in a measurable decrease in agent-assisted interactions.
- Voice of Customer Journey Analysis – Leveraging integration with VoC (Voice of Customer) tools such as Qualtrics, your analysts can segment and understand how the journey of the user leads to specific qualitative results. This segmentation can be enhanced by incorporating other Adobe Experience Cloud solutions to optimize the journey (Adobe Journey Optimizer) or reach patients on other channels (Adobe Real-Time Customer Data Platform).
- On-site Personalization – By utilizing behavioral web data from Adobe Customer Journey Analytics and supplementing it with relevant ERP (Enterprise Resource Planning) data, healthcare providers can enhance the patient experience by tailoring it to their specific journey. For instance, if a patient has a scheduled appointment for a particular condition, this information can be utilized through Adobe Journey Optimizer to deliver informative content that is beneficial to their needs.
Protect Your Organization while Maintaining Patient Experiences That Foster Trust and Loyalty
Healthcare providers, payers, and vendors must ensure HIPAA compliance. They also need to understand their users and meet their evolving demands in a digital world. Adobe Customer Journey Analytics and the broader Adobe Experience Cloud offer HIPAA-compliant solutions that empower healthcare organizations to leverage data in the way patients expect in today’s world.
Ready to uplevel your organization’s HIPAA-compliant patient journeys? Find out how you can leverage Adobe Customer Journey Analytics to meet your patient experience goals in 2024. Watch the replay of our recent webinar with Adobe and get accompanying resources: Unlocking Powerful Insights with HIPAA Ready Analytics.
BlastX Consulting works with leading healthcare providers and payers. Together with you, we can build your HIPAA-compliant patient experience strategic roadmap, develop a secure and agile place for analytics and insights, and enable the actions that activate and advance the patient experience within your organization.