Last year, when the Federal Trade Commission started cracking down on digital health companies for sharing personal information with third parties (without permission), it sent the equivalent of an Arctic wind howling through the health care industry.
“That really was the temperature in the market,” said Ray Mina, head of marketing at Freshpaint, a data platform founded in 2019 that helps health care companies collect, protect and use customer data in their marketing or for web analytics while still being compliant with privacy laws.
Put another way: “It was effing chaos,” Mina told me.
Many of Freshpaint’s customers, which include health systems, hospitals and health care marketers, were at a loss about how to continue marketing without potentially opening themselves up to enforcement action.
“People were coming to us and saying, ‘We’ve spent the past however many years building a culture driven by data – and now legal and compliance have told us to shut everything off,’” Mina said.
Painting a privacy picture
But privacy compliance and data-driven healthcare marketing don’t necessarily have to create a baby/bathwater situation.
It is actually possible for businesses to use data for marketing and continue working with (most of) their existing third-party partners while also protecting privacy, staying off a regulator’s radar and not giving their lawyers stress-induced acid reflux.
Freshpaint’s approach is to provide what Mina calls “safety by default.”
Rather than marketers having to filter out sensitive information before sharing data with a partner (which is a recipe for data leakage to unauthorized third parties), Freshpaint’s technology automatically stops any private health information from flowing anywhere until the marketer makes a conscious decision about what and how much to share.
It’s a bit like storing all of a health care marketer’s data inside a castle surrounded by a moat and only putting the drawbridge down to send pixel data to Meta or Google Analytics (or whatever fiefdom) when the king, uh, opts in.
I know I lost a little steam on my metaphor, but I stand by the sentiment.
Tracking the trackers that track us
Most of Freshpaint’s tools are available à la carte.
There’s a tool, for example, to block the sharing of HIPAA identifiers with third parties (i.e., patient name, digital ID, street address and ZIP code). Another tool deidentifies user IDs and masks them with anonymous identifiers so health care marketers don’t have to share IDs with an analytics provider to track a visitor’s web session.
There’s also a feature that allows health care providers to embed YouTube and Vimeo videos on their website without sharing the visitor’s IP address. Another that scans and monitors a health care provider’s website for third-party trackers.
Keeping track of trackers can feel a bit like walking a mile in Sisyphus’s shoes (although he might have gone barefoot). Point is, new web trackers will often keep popping up even when you think you’ve found them all.
“You do all this work to remove trackers and to sign BAA agreements* where you need to – and then, all of a sudden, you realize there are, like, five to six trackers on your site that you didn’t approve or even know about,” Mina said.
*[Business associate agreements, by the way, are mandated contracts between HIPAA-covered companies and their partners to guarantee the privacy of personal health information. That asterisk gave me a flashback to writing papers in college.]
Cleaner bill of health
This week, Freshpaint is launching a health care privacy platform that brings all its tools into one access point.
“We think of it as, like, our answer to everything that’s wrong with a CDP,” said Mina, who jokingly referred to Freshpaint as a “recovering CDP.”
When Freshpaint first launched, it positioned itself as a general customer data platform. And the purpose of a CDP – its reason for being – is to combine first-party data from multiple sources to create a unified profile.
But when Freshpaint stumbled into health care early on after landing a few clients in the vertical, the company very quickly learned that, although the marketing departments wanted to jump in feet first, the legal and compliance teams immediately got cold feet.
That was when Freshpaint pivoted and decided to revamp its platform specifically for health care providers – because there was clearly a need, Mina said.
“I’ve had enough conversations with health care organizations over the past year where I can confidently say that it’s not a good time to be selling a CDP into health care,” he said. “But it is a good time to be a platform that’s only focused on health care and the regulated flow of data.”
Thanks for reading! If you’re feeling stressed out, allow me to prescribe a little cat ASMR. You’ll feel better in no time. And, as always, feel free to drop me a line at [email protected] with any comments or feedback.
