Health Care Marketing: Personalization, PHI, and Preference Centers

Avatar Act-On
Email Marketing

Digital marketing in a highly regulated industry can be extremely challenging, and that’s especially true for the health insurance industry. Health insurers have a wealth of highly individualized data available to them about their members:

  • Demographic information is captured when people sign up to receive coverage.
  • Claims information is captured every time a member goes to see a doctor or visits a hospital, and it provides in-depth insight into past, present, and future health concerns.
  • Online behavior can show the topics members are interested in.

It’s a marketing goldmine for sending targeted, personalized email communications. Too bad much of it is unusable for email marketers.

health care marketingHealth Care Marketing Restrictions

As I mentioned in a previous post, healthcare, pharmaceuticals, and insurance companies must make sure their marketing communications conform to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Marketers targeting Medicare or Medicare-eligible populations must also remain in compliance with the Medicare Marketing Guidelines set out by the Centers for Medicare & Medicaid Services (CMS) in addition to HIPPA.

In my experience as an email marketer for a large health insurance company, I was constantly challenged to find ways to deliver relevant, personalized messaging without overstepping the boundaries of the law. For many marketers, including a person’s name in an email is standard operating procedure. But under HIPAA, private health information (PHI) that’s linked to personal identifiers must be treated with special care. And that includes:

  • Name
  • Address (anything smaller than state, including street address, city, county, zip code)
  • Any element (except years) of dates related to an individual
  • Telephone numbers
  • Fax number
  • Email address
  • Social Security number
  • Medical record number
  • Health plan beneficiary number
  • Account number
  • Certificate or license number
  • Any vehicle or other device serial number
  • Device identifiers or serial numbers
  • Web URL
  • Internet Protocol (IP) address numbers
  • Finger or voice prints
  • Photographic images
  • Any other characteristic that could uniquely identify the individual

As you can see, email addresses themselves can be considered personally identifying. If you send email messages that say or implies something about the health status or the health care that’s specific to an individual, then that would be considered PHI. If you’re sending generic marketing or informational materials to a wide audience, it’s not PHI.  So, sending an email marketing campaign with any kind of PHI through an unsecured channel could become a problem. Most health insurance organizations have secure online message centers with encryption in place to prevent PHI and confidential information from getting into the wrong hands. Using those channels for marketing messages isn’t practical.

Getting Personal, Not Pushy

However, just because an email campaign is compliant with regulations doesn’t mean it has to be impersonal. There are ways to deliver communications that people want without invading their privacy or breaking the rules.

For example, the company I worked for gave members a way to find health care providers such as doctors and hospitals, through an online, searchable directory. But they also had a really cool feature – if you went to a certain doctor and had a claim associated with your visit, you could go online and post a review of your experience. You could rate the overall visit and write about how long the wait was, how adequate parking was, how well the doctor listened to your concerns, and so on. It was like Yelp, only for health care consumers, and it was a really popular feature.

To promote it, I thought it would be a good idea to send an email about the feature and to include actual reviews that had been left on the site. And to make it even more interesting, I customized which review each person received based on the state they lived in. So if you lived in Oregon, you would see a review of a hospital in Salem, and if you lived in Utah, you’d see a medical center in Salt Lake City, and so on. It wasn’t ideal, since someone living in Portland would probably prefer to see a review of a Portland-based hospital, but it was compliant with the regulations while still providing personalization.

But what if you wanted to target people based on their particular health concerns? If you have members with diabetes, for example, or who are trying to quit smoking, it would be nice to send them information that could help them live a healthier life.

How a Preference Center Supports Personalization in Health Care Marketing

Since relying on PHI such as claims data isn’t an option for customizing content in this scenario, a preference center is the next logical choice. With a preference center, you can ask your email subscribers to sign up to receive information about the topics that interest them. For example, if you have an email newsletter, you can ask subscribers to choose the topics that they want to learn more about, such as diabetes, healthy cooking, and weight loss. In each newsletter, that member could receive the topic that’s relevant to them in addition to other, more general information.

Or if a smoker attended a healthy living event or used the web to research a wellness programs, and they then checked a box on a registration form permitting email follow-up, you could send that person a series of emails offering various types of smoking cessation support: classes, counseling, nicotine patches, and so on. With marketing automation, you could set the program up in steps and it would run in sequence for every person who enters that database segment.

Even if HIPPA regulations were not in place, health care organizations would be smart to tread lightly in the areas of personalization. I was once covered by a different health insurance company that asked me to provide my height, weight, and age as I registered for their website. (All I wanted to do was see my claims, but I was asked to share this information in order to get on board.) Then, because my BMI was slightly into the overweight territory, every time I signed on to the site, I was presented with weight loss tips, programs, articles, videos, and so on. Every time. It wasn’t just intrusive, it was really annoying.

I think retailers can get away with extensive personalization because what we buy isn’t who we are. When a store tells me what books or boots I might like based on my previous purchases, it’s helpful. A site that tells me I need to drop a few pounds every time I visit is the opposite of helpful. But whether you’re a retailer or a health insurance company, giving your audience the option to customize their own experiences is a great best practice. It puts the power in their hands – and it puts the power of personalization in yours.

Just getting started with email marketing? Get the jump on it with this free toolkit:

Getting Started with Email Marketing Toolkit