Is Your Healthcare Org Missing Out on Online Engagement Data?
Healthcare organizations have to be careful about how they handle website data, but a third-party solution can protect you.
Is your organization blind to the activities of website visitors?
Since the Office for Civil Rights’ July 2023 bulletin said that most analytics tools are not HIPAA compliant because they collect identifying information, many healthcare organizations have turned off their web analytics systems entirely. With the ruling, the analytics tools most healthcare organizations rely on — such as Google Analytics — became noncompliant. Tracking the content people view on a healthcare website can reveal information about their health conditions, and is therefore considered protected health information (PHI).
Without an active tracking tool, organizations lose visibility into how customers are interacting with their digital experience, including which links they’re clicking on, how much time they’re spending on a page, and which pages they’re looking at before leaving the site.
Many of Slalom’s healthcare clients have been seeking a solution to restore visibility to their website activity while remaining compliant. They basically have two options — the first being to collect, store, and manage the data themselves. This would require them to develop and maintain the infrastructure to manage their web analytics data according to HIPAA regulations, then build their web analytics reports on top of a database they maintain. This is a time-consuming project and is in most cases more expensive than relying on a vendor.
The other option is to turn to a tool like Adobe Customer Journey Analytics (CJA), and this is the path we’ve helped many of our clients pursue. CJA tells them what pages their customers are viewing and searching for and what actions they’re taking — all while remaining compliant with HIPAA regulations. But CJA is more than just a web analytics tool; it’s an omnichannel analytics platform offering powerful integrations with other solutions in the Adobe MarTech stack.
The first (and most important) step to HIPAA compliance
The first thing to note is that Adobe will sign a business associate agreement (BAA) contract with your organization. A BAA is a legally binding contract between a covered entity (such as a healthcare provider) and a business associate (such as a data platform provider) that outlines the responsibilities and safeguards regarding the handling of PHI. If a partner won’t sign a BAA, you can’t use their solution.
Adobe will sign BAAs with clients who use the Adobe Experience Platform (AEP) to store their data. Built using AEP, CJA can be covered by a BAA with Adobe. (It’s worth noting that not all Adobe tools are HIPAA compliant — for example, Adobe Analytics isn’t compliant, and Adobe won’t sign BAAs for it.)
Managing and protecting identifying information
By using Adobe Healthcare Shield, an add-on to AEP, you get powerful features for managing and protecting personally identifying information (PII) and PHI. Healthcare Shield allows you to designate which fields need to be blocked as an identifier and who can access the data. Some of Healthcare Shield’s features include:
- Data usage labels — Use either predefined or custom labels for each field of data stored in AEP. These labels govern how data can be used in accordance with privacy policies.
- Access control — Set policies to control access to data at the dataset and field level. An audit log is maintained, providing visibility into all usage and changes to data.
- Automated classification — Classify data based on predefined rules and metadata, allowing governance at scale.
- Patient-level data management — Easily query, export, and delete all data connected to a person.
- SIEM integration — Integrate Healthcare Shield with third-party security information and event management (SIEM) systems.
These features allow you to comply with regulations more easily, making Healthcare Shield an essential add-on for any healthcare organization.
Building an omnichannel journey with 360-degree customer views
CJA isn’t the only tracking solution that can be HIPAA compliant, but it brings a power that other analytics tools don’t bring. This is because CJA isn’t just a web analytics tool — it’s a customer journey analytics system that allows you to ingest data from any data source.
For example, you can import data from your call center and in-person visits at your clinic. In this way, you can tell the story of the entire patient journey, from what they did on the website and when they called in for an appointment to what happened during a visit. All that data is collected in one place for a more thorough patient view and analysis.
Data doesn’t do you any good if you can’t derive insights from it. Parsing data is simple with CJA. CJA uses Analysis Workspace, which is familiar to users of Adobe Analytics, for the creation of reports and dashboards. This drag-and-drop interface is speedy and powerful, allowing users to create tables and visualizations in seconds. Workspace is handy for data exploration, as users can define custom filters, create multilevel breakdowns, and change attribution models on the fly.
Meanwhile, CJA “views” — roughly analogous to report suites from Adobe Analytics — provide the ability to filter, clean up, and massage data before it’s made available to the Workspace interface. Removing unwanted values, deduplication, bucketing values, concatenation, and changing metrics into dimensions (and vice versa) are some of the transformations that can be applied. Better yet, changes made to views apply retroactively. Making these sorts of changes in Adobe Analytics would have required changes to data collection.
CJA also integrates with other tools in the Adobe marketing suite, such as Real-Time CDP, a customer data-management solution. Together, these tools provide a 360-degree view of individual customers with in-the-moment insights while meeting HIPAA requirements and enabling robust and granular data management. Then, Journey Optimizer lets you take your data and craft personalized, omnichannel journeys.
Insights while remaining compliant
The Office for Civil Rights’ bulletin changed how healthcare companies can track website visitors, but it didn’t eliminate the ability to do so. You can still get visibility into who is coming to your website, why, and what they’re doing. You can still gather the data you need to optimize the customer experience. And you can still uncover where your marketing efforts are most effective.
CJA isn’t the only web analytics tool to give you this visibility, but it offers the ability to combine data from different sources into a unified view of the customer — something a web analytics point solution can’t do.
