Executive Summary
A major US health system, with several facilities in the region, faced significant challenges when the Office for Civil Rights (OCR) issued new guidance on online tracking technologies in 2022. This case study examines how this healthcare organization partnered with Tealium to develop a HIPAA-compliant data collection and analytics solution that allowed them to maintain critical patient insights while adhering to stringent privacy regulations.
Challenge
- In 2022, the OCR issued a bulletin regarding online tracking technologies that forced the healthcare organization to reconsider their entire data strategy. The new guidance explicitly categorized several common tracking and analytics tools as non-compliant with HIPAA regulations, including Meta Pixel and Google Analytics.
These tools had been fundamental to the organization’s understanding of patient behavior across their digital properties. Without them, the organization faced a significant analytics gap that threatened their ability to measure the effectiveness of their digital initiatives and deliver optimal experiences to visitors across their digital properties.
As a nationally recognized healthcare organization serving a large patient population spread across a wide geographic area, they needed to find a solution that could:
- Restore visibility into consumer behavior on their digital properties
- Help them achieve and maintain HIPAA compliance when dealing with large volumes of patient data
- Provide actionable insights for improving the digital experience with minimal data wrangling, if possible
- Support their complex organizational structure
How the Organization Arrived at the Right Solution
Cross-functional Team Formation
In 2023, the healthcare organization formed a cross-functional team that brought together leaders, stakeholders, and analysts from Marketing, Technology, Security, Compliance, etc. This team was tasked with restoring tracking and regaining insights into consumer behavior across their digital properties.
Vendor Evaluation Process
The cross-functional team conducted a thorough evaluation of potential vendors in two critical categories:
- Data Collection
- Web Analytics
The goal was to identify vendors to help the organization create a secure first-party data strategy. Vendors were assessed based on:
- Functionality
- Cost
- Adoption by other healthcare institutions
The Selection
After careful consideration, the healthcare organization selected Tealium as their solution provider based on several factors:
- Tealium emerged as the clear leader in data collection capabilities
- The platform offered native analytics capability
- Tealium provided a Business Associate Agreement (BAA), critical for HIPAA compliance
- Tealium combined data collection and analytics in a single platform, offering:
- Streamlined data workflows
- Real-time analytics capabilities
- Cost savings compared to having separate solutions for secure data collection and analytics
- Potential for expanded analytics that go beyond web and mobile analytics (post-conversion patient analytics, call center analytics, etc.)
Results
Immediate Visitor Tracking and Analytics Restoration
The healthcare organization successfully implemented Tealium’s Event Data Framework and restored critical visitor tracking and analytics capabilities across their digital properties. The implementation allowed the organization to compliantly collect visitor data and gain insights into:
- Visitor traffic by device
- New versus returning visitor patterns
- Traffic sources by referrer
- Campaign tracking through various UTM parameters
These insights enabled them to make data-driven decisions in real-time at the point of data collection while maintaining HIPAA compliance.
Lessons Learned: CDP Implementation
While the initial implementation focused on an event data foundation for basic analytics restoration, the organization noted that they regretted not implementing the Customer Data Platform (CDP) capability from the start.
While their reasons for postponing the CDP implementation included their team being overwhelmed and timeline, in retrospect, they identified several disadvantages by not having a CDP:
- Limited insights into visitors across certain data sources
- Difficulty implementing consistent personalization over time due to the data persistence offered by a CDP being absent
- Inability to measure the lifetime value of visitors/patients.
For healthcare marketers and data leaders in similar situations, the organization recommends implementing the CDP together with the Event Data Framework from the beginning for a comprehensive data infrastructure that goes beyond analytics on digital properties.
Forward-Looking Roadmap
Based on their initial success, the healthcare organization has established a clear roadmap for expanding their use of Tealium:
Future Initiatives:
- Exploring Tealium Moments iQ to collect zero-party data from users on digital properties to:
- Understand user intent based on search patterns
- Offer assistance and resources based on user behavior
- CDP onboarding for visitor and patient data persistence
- User segmentation to achieve:
- Identification of different user personas (Patients, Providers, Employees, Job Applicants)
- Delivering in-the-moment experiences based on persona
- More accurate insights into user traffic
- Data Integrations between Tealium and additional data sources (Email, EHR, CRM, etc) for the following business goals:
- Gaining visibility into Patient Lifetime Value
- Enabling personalized engagement of patients, providers, donors, et al.
- Monitoring campaign success
- Measuring patient loyalty and retention within the health system
Key Takeaways for Healthcare Institutions
This organization’s experience offers valuable lessons for other healthcare organizations:
- Cross-functional collaboration is critical
- Privacy, patient data collection, and first-party analytics require diverse expertise
- Success depends on more than a few isolated experts
- Take a bottom-up approach to analytics
- Focus on business-critical insights first
- Invest time in identifying and collecting essential data points for your Minimum Viable Product (MVP)
- Future-proof your implementation
- Plan for adaptability and expansion
- Consider creating persistent visitor profiles (via CDP) earlier rather than later
- Be careful with vanity metrics
- Focus on metrics that deliver actual value to customers, rather than being distracted by metrics that merely seem impressive
- Ensure your analytics efforts align with customer value creation
- Establish strong governance
- Technology alone cannot solve human error and behavior
- Developers may bypass tracking frameworks
- Implement neutral, third-party audits
Final Thoughts
Through their partnership with Tealium, the healthcare organization successfully navigated the complex challenge of implementing HIPAA-compliant analytics in an evolving regulatory landscape, enabling them to continue delivering exceptional patient experiences while maintaining the highest standards of data privacy and security.
