As data becomes ever more accessible, data protection is a growing concern. In highly regulated fields like healthcare and pharma advertising, the penalties for poor data privacy practices can be costly. Health-related organizations, including Merck, UnityPoint Health, and the healthcare.gov website, have all been victims of data breaches, exposing lax data management risks.
Pharmaceutical marketers face more dangers than having their ads ignored. We also take on data privacy risks. To understand how to minimize them and what to do, we need to start with the landscape of data privacy.
Data privacy in the U.S. and beyond for healthcare
For 25 years, patient privacy has been protected in the United States by the Health Insurance Portability and Accountability Act (HIPAA) – enacted before Google was even founded. But as times change, oversight adapts. Now, the availability of patient data via electronic medical records, digital fitness devices, and more is leading to new legislation and regulatory actions.
Data protection is a renewed focus of the U.S. federal government. In 2019, the National Committee on Vital and Health Statistics at the Department of Health and Human Services advised legislators to focus on providing more types of HIPAA-style data protections, writing that “the range of use cases of health information beyond HIPAA is vast.”
Globally, the data privacy landscape is changing as well. The General Data Protection Regulation (GDPR) passed in Europe is just one example of broadening data privacy standards. There are now similar laws in Brazil, Australia, China, and Canada, with more in the legislative pipeline.
The U.S. states enacting laws on data privacy
Individual U.S. states are increasing their focus on data privacy as well. The California Consumer Privacy Act (CCPA) was passed in 2018, becoming the first data privacy law in the U.S. enacted by a state legislature. It affirms certain consumer rights found in the GDPR, greatly expands the definition of personal information, and requires an opt-out link on a company’s website if marketing to California residents.
Several U.S. states – including Maryland, Washington, and New York – have also proposed or enacted their own data protection laws, mostly GDPR-like consumer rights. More states are expected to follow with their own versions in the near future.
As the world of data privacy matures, what can your brand do to ensure your healthcare marketing practices are compliant? Let's look at what you should focus on as you’re building campaigns.
How to stay compliant with data privacy laws and regulations?
Data privacy regulations generally focus on three areas:
For pharma marketers, it’s data acquisition that can be problematic. If you are using data to either communicate or shape your messaging, and it was acquired without proper notification and consent, you can run into trouble.
3 steps to help you avoid privacy issues
Cover all your bases
Some laws about sharing data may conflict with each other. For example, HIPAA allows healthcare practitioners to share personal health information to contact providers and patients about treatment alternatives. But the CCPA prohibits any company from sharing without the patient's consent when doing business in California.
So, if you’re using personal data to target audiences, make sure your data acquisition policies comply with all pertinent laws.
Avoid data from non-reputable third-party sources
With so many privacy laws and regulations to keep up with, the last thing you want is to be out of compliance because of data issues from a third-party source. Consent and notification rules generally restrict sharing a person’s data without their knowledge and approval.
If you're unsure about your data sellers' data collection practices, avoid doing business with them. Instead, focus on bringing your first-party and partner data together in a native customer data platform. This provides you with more control and makes it easier to follow consent rules.
Stay vigilant for new rules
As mentioned, new laws and regulations are evolving around the world. Although many contain similar provisions, variations can affect the way you use data for healthcare marketing. Check with your compliance office routinely to ensure your team is up to date on anything new in your target markets.