Is the health data privacy union strong or broken?


Depending on how you see it — and who you ask — the state of the health data privacy union is either strong or hopelessly fragmented.

On the one hand, healthcare marketers fully understand the seriousness of the situation. Those who fail to protect sensitive health information will be held accountable by customers, healthcare professionals, technologists and regulators. At this point in the information revolution, protecting the sanctity of personal data is table stakes.

On the other hand, well, how long do you typically go without being notified that your personal information – medical, financial or otherwise – has been misused, whether by bad actors or for illicit purposes? According to the Department of Health and Human Services, there were more than 700 major health data breaches affecting more than 45 million people in 2021.

In the nearly five years since the Facebook/Cambridge Analytica data scandal woke those unaware of the potential for data abuse, the backlash is still being felt across the technology and marketing landscapes. Consumers aren’t just concerned about data privacy; they take proactive steps to regain control of their data from organizations they don’t trust.

And the tech giants are following suit. In April 2021, as part of an effort to limit the flow of user data to iPhones, Apple introduced a software update that allowed users to turn off data sharing and limit advertisers’ ability to track information about apps or websites.

In February 2022, Google announced that it was planning privacy changes for Android devices that essentially mirrored Apple’s actions. However, Google delayed implementing its decision to block third-party cookies in its Chrome browser until 2024.

Marketers who rely on access to user data to personalize their messages and advertising campaigns have not responded well to the changes, needless to say. According to a 2021 Innovid survey, over 80% of marketers said they use third-party cookies.

Medical marketers therefore wonder how data restriction technologies will affect relationships with patients and healthcare professionals, if any. Complicating the situation is the traditional status of healthcare as a technological laggard: even as the industry goes fully digital, it continues to catch up with other verticals in terms of data protection practices.

Most major industries have embraced the kind of data technologies, especially cloud-based computing, that help move away from highly siled operations, according to John Sculley, chairman of the board of NirvanaHealth and co-founder of ZetaGlobal. Sculley is also the former CEO of Apple.

Sculley believes that as consumerism empowers patients to take control of their data, security regulations such as the Health Insurance Portability and Accountability Act (HIPAA) of 1996 are increasingly relevant to marketers. . The same goes for blockchain and cloud computing, which he says gives people confidence in the privacy of their data while meeting high security standards set by regulators.

Behavioral change in healthcare is achievable, Sculley says, noting that other industries have adapted their practices to meet changing consumer preferences.

“At the beginning of the 21st century, people were still skeptical about the possibility of online banking. Obviously, this question has been answered,” he notes. “You don’t have to change the whole $4 trillion industry to be able to get giant success stories.”

Partly due to the COVID-19 pandemic limiting in-person care, healthcare as an industry has grown more comfortable with all things digital over the past 30 months. While many of the changes served to provide consumers with expanded access to care, they also introduced new concerns about privacy and data security.

Veeva Crossix CEO Asaf Evenhaim Says Industry Faces “Significant and Growing” Patient Data Privacy Risk, Urges Marketers to Understand that Privacy Must Be at the Foundation of Everything what theyre doing. Rather than striving to simply be HIPAA compliant, marketers should ask their vendors more questions and be wary of targeting schemes that sound too good to be true.

It’s no exaggeration to say that failure to perform data due diligence on behalf of patients could lead an industry to…
huge disaster.

“It’s important for marketers to think about the Cambridge Analytica scandal and what it might look like in our industry if it were to happen in a year or two,” says Evenhaim. “They must have the right answers.”

Meanwhile, the balance between privacy and personalization remains a headache for marketers who want to deliver unique customer experiences without overstepping their bounds. To that end, Michael Oleksiw, CEO of Pleio, says authorization and personalization must go hand in hand.

Oleksiw also thinks further changes to privacy controls over user data, whether driven by tech giants or lawmakers, are inevitable — and marketers need to respond accordingly. US tech companies have implemented greater privacy restrictions largely due to the influence of the General Data Protection Regulation (GDPR). EU data protection law was implemented following the Cambridge Analytica scandal.

As data-driven strategies will only come under greater scrutiny and regulation in the coming years, building relationships with consumers should be the top priority for marketers. .

“Health care is inherently human; it’s not going to go away,” says Oleksiw. “We see the human as the best possible precursor to a digital relationship, and that humans build stronger digital relationships.”

IQVIA Vice President and General Manager of Digital Media Solutions Frank Lin agrees, urging marketers to embrace relationship building over technological shortcuts. He points out that it takes an investment of time for marketers to understand their audience and warns that data abuse can undermine meaningful efforts to engage consumers.

“Personally, I’m tired of reading articles about how you should have a first-party data strategy. No, you should have a first-party relationship strategy,” Lin says. “When you start turning your audience into data, you realize why we got to where we are today.”

Even good actors sometimes find themselves on the wrong side of the data privacy line. Improved privacy and security policies are obviously welcome, but they’re far from foolproof. And then there are the frictions these updated policies can introduce into the patient journey.

It’s worth noting that when Apple or Google establish a consumer opt-in policy, they typically require the app or brand to ask consumers for permission to track their data. But Oleksiw thinks these self-selecting aspects of data privacy can create roadblocks in the patient experience.

For example, if a patient has recently been diagnosed or is starting a new medication for a mental health condition, such a prompt can be stigmatizing. That’s why, for medical marketers, data privacy issues are closely tied to patient outcomes.

“Balancing stigma and privacy is something we do every day. But when we talk about exceptions, one of the most important things about privacy is that we have to maintain a frictionless experience for patients,” says Oleksiw.

Lin notes that the changes to the privacy of data transmitted by tech companies are not intended to punish marketers, but rather to provide consumer protection and avoid further regulation by the federal government. Yet this puts tech companies in a difficult position: they must simultaneously juggle their own business needs (and the needs of their partners) with consumer protection and brands’ desire to better understand their audience.

When advising other organizations, Lin urges them to prioritize relationships based on preference and consent. Using the GDPR as a model, Lin says the only relationship that will matter in a more regulated future is one that incorporates consumer consent into the data equation.

“We continue to work with brands to focus on consent and building relationships, because it’s the human nature of the exchange of value, especially for brands that might not have done that. in the past,” he explains. “We ask them to go back to basics instead of taking shortcuts.”

Oleksiw thinks marketers need to recognize that they need to earn the right to claim customer data. In the post-GDPR era, he says they need to be able to answer three questions and share those answers transparently. What data do you collect? How are you going to use it? What are you doing to make sure consumers are aware?

“If we put it in that context, we’ll think you have to develop a relationship first before you take advantage of the relationship,” says Oleksiw. “Knowing that all of this change is coming, it’s important to work on that premise of a relationship first.”

Excerpt from the September 01, 2022 issue of MM+M – Medical Marketing and Media


Comments are closed.