The ability for healthcare providers to deliver personalized content across digital platforms has been a challenge since before digital personalization was a thing. HIPAA outlines what data is considered Protected Health Information (PHI), including name, address and more. (For further information on PHI, check out this article from the HIPAA Journal).
HIPAA requires covered entities to anticipate threats against the security of PHI. Although there isn’t a suggested technology outline regarding the safeguards that need to be implemented, the entities must ensure the confidentiality of any PHI data stored on any platform. For full details, we recommend consulting with a HIPAA security consultant.
The reasons healthcare doesn’t personalize
Over the years of working with healthcare providers, there have been two common blockers for personalization with most clients I’ve worked with throughout the years.
1. Legal won’t approve storing PHI
In an abundance of caution, the legal teams have determined that storing any PHI outside patient systems (like Epic) is a security risk. Conversely, legal teams determine that storing PHI within marketing solutions (like a content management system) is not allowed by HIPAA.
Optimizely’s partner Blast Analytics has a white paper: Healthcare Analytics and HIPAA: Ways to Minimize Risk and Ensure Compliance
- The value and benefits of leveraging digital data in healthcare organizations
- HIPAA and associated risks of non-compliance
- Ways to assess your risk and ensure you have a compliance roadmap in place
- How proper data usage, with testing and personalization, can optimize the patient experience
2. Concerns about cross personalization with multiple users
Families sharing a computer can be a risk for information to be inadvertently shared with others. Per a U.S. Census report from 2016, 89% of U.S. households had at least one computer, with 77% of households having smartphones. Although many homes have multiple devices, it’s still common to have a shared laptop within a household.
The concern about personalization is that individuals in the household may research a medical condition that they aren’t ready to discuss with a family member. With persistent personalization using an IP address, information can be surfaced to the following user that visits the site. You may be asking yourself, “How likely is that?” Using my family as an example, we all use the same clinic for multiple areas of healthcare. Cross-personalization confusion is more likely than you may think.
Today’s research may not match tomorrow's needs
There’s another inherent issue with personalization in healthcare, today’s needs may not align with tomorrow. Someone researching providers for a sprained ankle this week will not likely need the same services in two weeks. The deprecation of data must align with the changing needs of a patient.
Establishing research timelines based on the services being viewed could be beneficial when using persistent personalization.
An example of data deprecation may look something like this (no data was harmed with these non-scientific suggested timelines):
- Sprain - 2 days
- Pregnancy - 1 month
- Long-term care - 2 months
That’s a very oversimplified list. You can imagine the number of permutations you’d need to consider using a binary personalization strategy like this. Attempting to do personalization this way adds another layer of complexity to the ability for an organization to personalize for an individual, not to mention the complication of the potential challenges of a shared family computer.
So what? These are tough challenges. Do you just give up? There has to be a better way to deliver a personalized experience while avoiding these pitfalls.
In an effort to remedy the situation, medical professionals can leverage intent data, in session engagement and content recommendations via machine learning/artificial intelligence (ML/AI).
Content Recommendations solve the issues via the following:
Storing of PHI - With in-session personalization, no PHI is needed to personalize the content.
Cross personalization - With in-session personalization, personalization stops when the session times out. In session solves for continued personalization if the individual leaves the site open on a family computer.
First-party intent data - Currently, you have a huge data gap. Likely, just 5% of your audience is known. Thirty-five percent can be identified to an account based on reverse IP lookup. But what are you doing about the remaining 60% who may be target patients? You just don’t know what they are interested in or how to engage.
Episerver Content Intelligence gives you first-party intent data on every visitor to your site so you can scale the impact of your engagement.
Scaling personalization - Rules can’t keep up with the changing landscape of your patients and medical advancements. Let the machine learning algorithm do the heavy lifting of choosing who gets what content without bogging your team down with endless "if/else" rules.
As you can see, a potential solution to the challenges from HIPPA, cross personalization and the dynamic nature of a patient’s lifestyle can be solved using Content Recommendations. Our team is available to discuss the options that are best fit for you. Reach out to Optimizely, or connect with me on LinkedIn, Twitter or email.
To learn more about how Optimizely can assist with operating intent data, check out this 45-minute webinar on how to:
- Bridge the gap between first-party intent insights and execution
- Practical examples of first-party intent usage for 1:1 personalization
- Best practice on stitching first-party intent data to other datasets
Disclaimer: I’m not a lawyer, and this blog post is based on my own research and interpretation of the Healthcare Insurance Portability and Accountability Act (HIPAA). You’re advised to seek legal counsel that specializes in HIPAA to ensure that your organization conforms to this law.