Menu

Category Archives: Healthcare

Server Side Tag Management & HIPAA Compliance

Posted on February 27, 2024 - 4:35 PM by

A recent statement issued by the Office of Civil Rights (OCR) at the Department of Health & Human Services, significantly expanded what’s considered Protected health Information (PHI). 

Most importantly, this directive puts direct onus on a covered entity under HIPAA to take measures to protect PHI from getting shared with third-party analytics and marketing platforms by way of on-line tracking codes commonly added to healthcare websites.

What are these expanded PHIs and how does server side tag management help support compliance while simultaneously making useful data available to marketing platforms that are essential for healthcare organizations’ growth?

Simply put, according to the new directive:

  • OCR now extends HIPAA protections to any online visitor who visits a healthcare website, not just a patient or a person known to your healthcare organization. 
  • If this visitor conducts any website pages that contain healthcare conditions, treatments or provider research, that signal could be included in the website’s URL.
  • The URL with health specific data along with the visitors’ IP address could now point to a past, current or future health concern of a potentially identifiable individual.

So any data that may link an individual with a past, present or future health or healthcare or health payment is now PHI. Importantly, this PHI is most likely being shared unencrypted with your third party analytics or marketing providers, such as Google, Meta, LinkedIn, DoubleClick and more, unless measures are taken to prevent it.

Server-Side Tag Management as a Solution to HIPAA Requirements

Server side tag management has emerged as a robust solution that can create a HIPAA compliant solution when implemented correctly. 

To reiterate this important point, server side tag management is not HIPAA compliant out-of-the box. It needs customizations to make it compliant while also passing on useful data events to third party analytics and marketing platforms.

What is server side tag management?

To explain in simple terms, most data collected by your healthcare website is sent directly to analytics and marketing platforms via online tracking code installed on your website. For instance, ePHI is probably being sent directly to Google Analytics servers or Meta servers or any other analytics or marketing platforms you are currently using.

By setting up an a server side container on your cloud provider of choice, you now become an intermediary between your website (often referred to as a client) and your third party analytics and marketing platforms.

Since you own this container and the server, you can now to three things to keep your ePHI data out of unwanted places:

  1. You control all data streams that originate from your website.
  2. You can cleanse and de-identify any ePHI that originates from your website
  3. You can send clean data to third party analytics and marketing platforms while keeping it useful enough to allow for campaigns and attributions to continue being useful.

Customizations in Server Side Tag Management to Allow for HIPAA Compliance

First-Party Data Collection & Data Control – Data collected by your server side setup allows for “first-party” data collection, making it more secure and efficient. 

Since your website visitors’ sessions-specific data is now sent to your own server, as opposed to third-party vendors’ servers, it provides more protection against data leaks, compared to client side tracking.

With the phasing out of third-party cookies by most major browsers, data collection will need to be rearchitected to depend on first party data collection. Server-side tagging provisions for more secure first-party data collection by enabling server-managed cookies and client identification that are less prone to hacks.

Finally, because all data streams are not collected by your server endpoint, you can have total control over data tracking, transformations and enrichment before it is sent to your analytics and marketing vendors.

Data Transformations & Enrichments – Let’s consider the HIPAA identifiers that are the greatest causes of concern for HIPAA compliance purposes. 

There are two types of identifiers, when mapped together, have the potential to connect an individual website visitor with a past, current or future health condition:

  1. A personal identifier, such as an IP address which technically can map to a specific network (it is not a device identifier but for HIPAA compliance purposes, IP is considered an identifier). Other personal identifiers could be a user id (if your website allows for patients to login, for instance, and you have enabled the collection of logged in users via ‘user_id’), device ID, especially when paired with an IP address, and sometimes geographical location, including city, state, latitude and longitude.
  2. Health information – The second type of identifiers are URLs that may contain static components of healthcare condition, treatment or payment for healthcare. As an example, if the url has the following structure: https://www.domainname.com/type2-diabetes-treatment-plans, technically, the URL has health information attached and when linked with a personally identifiable information, such as an IP address, violates HIPAA as it links a health condition (past, present or future) with a potentially identifiable individual.

In addition to static components of URLs, there may be dynamic components that may be passed from your web browser to your server container (in a server side setup) that may contain very transparent individual identifiable information, such as email addresses, names, etc. 

A server side setup allows for encryption for both components of PHI identifiers. However, complete encryption of this data may make your analytics and marketing campaigns unattributable and useless.

For instance, if you hash (a type of data encryption) the IP address of your website visitor, you lose all tracking of city or regional level data. Thus, you will be unable to analyze where your website visits, events and conversions are coming from – and that’s a big hit when it comes to geo-specific marketing campaigns.

Similarly, if you are running a retargeting campaign based on an audience profile that shows interest in a specific healthcare service, by hashing the page location, page path and page title of the page visited, you have rendered the retargeting campaign useless.

Server-side tagging however, allows for data transformations and enrichments that extend beyond simple hashing. 

Custom Activations – We create advanced custom audience insights based on PHI data streams received from web browsers. The custom data insights are then stripped of PHI and activated to be sent to third party vendors that allow us to continue marketing campaigns as envisioned but still keep ePHI out of outbound data streams.

For instance, to enable Facebook conversions tracking in a compliant fashion, we create custom conversion events on our client server container with non health specific conversion names. These conversion data events are sent to our secure server container, where we strip the event data of any ePHI by hashing all health information identifiers, such as page location, page title and page path. We then forward this stream to Facebook with a Facebook id, ip address and the conversion event but without any associated health information.

Similar solutions can be designed for other commonly-used marketing platforms, including Google Ads, and analytics platforms such as Google Analytics 4. 

Based on need, server side containers also allow for parsing information into database warehousing tools, such as Big Query, where data can be cleansed of PHI and sent as outward streams to third party platforms for marketing purposes.

A data warehouse can also be utilized for internal retention of data for custom data insights and enrichments. 

Conclusion

The Federal Trade Commission (FTC) along with the Office of Civil Rights (OCR) at the Department of Health & Human Services has issued warnings to several health care systems over the use of online tracking technologies in 2023. The healthcare analytics & compliance community expects the first set of enforcement actions related to online tracking to begin in 2024. This will intensify a series of class action lawsuits and settlements around sharing of protected health information with advertising platforms, such as Meta & Google, by at least 21 hospital, health systems and technology companies.

In light of rising concerns about privacy, in general, and protection of health information, in particular, server-side tagging offers a robust solution.

Contact our analytics team at Webtage to start a conversation about making your MarTech HIPAA compliant.

How to Make GA4 Web Analytics HIPAA Compliant

Posted on February 22, 2024 - 3:17 PM by

How to Make GA4 Web Analytics HIPAA Compliant 

In today’s digital landscape, privacy and data protection are of utmost importance. Covered entities under HIPAA (Health Insurance Portability and Accountability Act) need to ensure that they are taking the necessary steps to protect electronic protected health information (ePHI) while still gaining valuable insights from analytics. 

What are these identifiable ePHIs that may be collected from your website that may be introduced by third-party tracking code and may implicate you of HIPAA violations, according to the new HIPAA guidelines?

“When consumers visit a hospital’s website or seek telehealth services, they should not have to worry that their most private and sensitive health information may be disclosed to advertisers and other unnamed, hidden third parties,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. 

This article will deal specifically with ePHIs that may now make you non-compliant based on new risks introduced by online tracking technologies, as the Office of Civil Rights (OCR) at the Department of Human & Health Services (HHS).  In this article we will discuss ways to make Google Analytics 4 (GA4) compliant, considering that GA4 commands close to 89% of web analytics platform market share. 

After covering how to make analytics platforms HIPAA compliant, we will then move to HIPAA compliance for third-party marketing platforms, such as Facebook Ads and Google Ads in our next blog post.

Google Analytics 4 Settings

GA4 collects a vast range of user data to provide insights into user behavior on your website or app. Web URLs and IP addresses, for instance, contain valuable information about an individual’s online activities, including their browsing history and potentially sensitive healthcare searches that may link individuals with past, current or future health conditions, now considered protected health information.

While GA4, a positive upgrade for privacy concerns, compared to the earlier Google’s Universal Analytics (UA), makes it closer to being HIPAA compliant, there are additional steps that you need to take to ensure full compliance. 

We are mostly concerned with two identifiers recently added to the new list of 18 HIPAA identifiers: unique identifiers (such as IP address and client ids) and page URLs (such as page location, page path, page title, and query parameters that may contain health specific queris and/or unique identifiers). When the latter is combined with a unique identifier, it has the potential to link individuals to a health condition, treatment or payment.

There are a few steps you need to take to ensure compliance:

  • Redact email & query parameters – GA4 allows you to prevent sending email and any personally identifiable information (PII) to Google. This is a good practice in general because you do not want to send any personally identifiable information that can easily be mapped to their health-specific page visits and clearly violate HIPAA. Once you redact any PII that you might be collecting via query parameters, make sure you preview redacted data to ensure, GA4 does not contain any PII in the URLs tracked and stored by GA4.
  • Turn off user-id and user-provided data collection – If your website visitors can login to your website, you may be generating user IDs that may then be a personal identifier that can again be linked to health-specific services, conditions, treatment or payment pages to violate HIPAA.

If you do have the ability for visitors to login to your website, ensure user-ID and user provided data collection is turned off for your website. 

Note: Interested to learn more about user IDs? Here’s a great article that walks through ways to enable user-IDs so you learn how to disable it for your healthcare website.

  • Turn off Google Signals – If user data is not available, Google will map signed-in Google customers who have opted in for ad personalization with third-party data for rich user, cross-device and cross-browser tracking. This allows reporting identities to be linked to individuals and will therefore result in a HIPAA violation. 

 

  • IP anonymization – We know that Google Analytics collects IP information (though temporarily now under the revamped Google Analytics 4 (GA4)) when a visitor visits your website. The good news? GA4 automatically truncates the last 4 octets of your IP address so if your ip can not really be traced back to your network location. The bad news? Well even though your IP address is never really logged or stored, it is transmitted to allow for location data before it is discarded. To redact IP addresses completely, you will have to rely on server side Google Tag Manager setup. 

However, if you do not want to go through a server side setup, but want to be extra cautious, you may want to mask city-level data by turning off granular location and device data collection for regions you want to be compliant in. For HIPAA, it would make sense to turn off granular location off for all US states in order to make users’ locations even less identifiable. 

Note – As an aside, remember that IP addresses cannot track an individual device, only a network connection. However, other device specific data (referred to as a ‘user-agent’   variable, collected by GA4 may allow you to connect IP and ‘user-agent’ data to a specific device though.

  • Minimum Period for Data Retention – Ensure your data retention for events and users is set to its minimum possible of 2 months. This allows for your GA4 data collection to adhere to the HIPAA minimum necessary rule, which states that under “the HIPAA minimum necessary rule, HIPAA-covered entities are required to make reasonable efforts to ensure that uses and disclosures of PHI is limited to the minimum necessary information to accomplish the intended purpose of a particular uses or disclosure.”

  • Reporting Identity – Finally, for reporting identity under data display settings in your GA4 admin panel, ensure that you select device ID as the reporting identity, instead of the default Blended or Observed. 

Note that device ID combined with IP can still be a personal identifier, which when linked to health conditions, treatments or payment page location can lead to a HIPAA violation. However, with granular location turned off and IP addresses automatically truncated, this is less of a concern unless your legal department advises a stricter adherence to HIPAA, in which case, you should consider a server-side tag management setup (see below).

Server Side Tag Management

While the above settings will allow for some safeguarding against HIPAA violations, these measures are not absolute and fool proof in protecting your against non-compliance. More importantly, redacting data means that you might lose important elements from your attribution analysis or reporting. 

Instead, we strongly recommend a server-side tag management setup to provide you with greater control over your data streams, while also allowing you to safely navigate the third-party cookie free era that we are now entering. Most importantly, server side tag management can help you balance data anonymization (which inevitably leads to data being made less usable for marketing purposes) with usefulness of data. 

Learn more about server-side tag management security and control for HIPAA-compliance in our next blog post.

Alternatives to Server-Side Tag Management

A final word on alternatives for server side tag management. There are HIPAA-compliant analytics platforms, such as those provided by Adobe or Matomo that can be configured for HIPAA compliance. However, migrations to these platforms will require a cost assessment and additionally will require some ongoing management to keep your web & app data analytics HIPAA compliant.

There are also customer data protection (CDP) platforms, such as Freshpaint, Rudderstock, and PikWikPro, that allow for secure data storage, custom audience insights, customer data exports and custom activations and other advanced integrations that are required to keep customer data useful for marketing while keeping ePHI safe from third-party (and presumably HIPAA non compliant) platforms. While most offer a freemium service, HIPAA compliance usually comes with a price tag.

Conclusion

GA4 Settings adjustments, server side tag management, HIPAA-compliant analytics platforms and CDPs are all viable options for healthcare organizations and price points will differ based on number of applications or websites being managed, integrations with third-party marketing platforms, need for data warehousing, analysis & visualization capabilities, hosting provider, privacy & security needs, consent management needs and management.

At the end of the day, the difference between the solutions will depend on your risk tolerance and resulting comfort level with the tradeoff between anonymizing ePHI and usefulness of customer data for marketing purposes.

At Webtage, we take HIPAA requirements, along with technology stack, into account to determine the best HIPAA-compliant MarkTech solutions for your organization. Talk to us to discuss your healthcare MarTech compliance needs

Is Your Healthcare Marketing HIPAA Compliant – What to Know in 2024?

Posted on February 21, 2024 - 2:34 PM by

As medical practice owners, you understand the significance of protecting patient data and maintaining legal compliance while providing top-notch care. In this digital era, where information flows seamlessly across platforms, ensuring HIPAA compliance is paramount. 

HIPAA is not just limited to your IT and office operations. It also applies to your healthcare marketing operations. As HIPAA requirements evolve, so must your marketing efforts.

Most recently, the Office of Civil rights (OCR) at the US Department of Health & Human Services (HHS) issued a statement that warned of HIPAA violations with regards to online tracking technologies that are commonly used by healthcare websites & apps. According to the new HIPAA guidelines, identifiable electronic protected health information (ePHIs) may be collected from your website that are introduced by third-party tracking code and may implicate you of HIPAA violations. 

Online tracking may not be the only technology that may be exposing you to HIPAA violations. Here is a list of things your marketing team should be doing to keep your digital tech stack compliant in 2024.

HIPAA Checklist for Marketing in 2024

Website & HTTPS Protocol – The use of HTTPS (Hypertext Transfer Protocol Secure) protocol strengthens your website’s security by encrypting data transmitted between the client and the web server by using Secure Sockets Layer or Transport Layer Security (SSL/TLS) convention. This ensures that patient information  submitted on your website browser remains confidential during online transmissions. 

However, it’s important to understand that while an https protocol protects data transmission from the client (your web browser or email client, for instance) to your web server, it does not provide end-to-end security for email transmission (more on this later). For that reason, you will need to enable a separate email security protocol to make data transmission from client to web server and back is secure and HIPAA-compliant.

Compliant ePHI Data Encryption & Transmission – Many medical websites have contact forms that allow patients & potential patients to contact them, set up appointments, complete patient registration, release or request medical records, and others. 

This contact form is typically emailed to your staff upon submission. It may also be stored in a database on your web server. You may also send a reply e-mail or SMS to the individual who filled out the form. So there are several data communication streams that are enabled when a contact form is filled and submitted on your healthcare website.

Even with an HTTPS site with SSL/TLS certificates in place, when this data is either stored in a database (at rest) or emailed to a recipient email address in your organization (in transit), protected health information (PHI or ePHI) may not be secure and expose you to a HIPAA violation.

To make it easier to understand, think of SSL/TLS as encrypting the communication channel. However, it does not encrypt the message. So when the email reaches the receiver’s email server, it can be hacked into and PHI can be retrieved. 

In order to be truly HIPAA compliant, you should either enable end-to-end email encryption by integrating S/MIME or a PGP Network, which should be built into your website or applications, along with SSL/TLS. Alternatively, you could set up a custom HIPAA-compliant application that encrypts data at-rest and in-transit while allowing for secure links that can then be shared via email or SMS with the desired audience.

Analytics Tracking – A red hot topic in healthcare marketing in 2024 is whether website analytics that you may have set up for your website and your marketing campaigns is HIPAA compliant. On July 21, 2023, the office of Civil Rights (OCR) at Department of Health & Human Services issued a warning to all hospitals and healthcare providers to guard against “impermissible disclosures of health information to third parties.”

What are these identifiable ePHIs that may be collected from your website that may be introduced by third-party tracking code and may implicate you of HIPAA violations?

Let’s consider Google Analytics 4 (GA4) as a reference point here to understand how Google Analytics tracking code could link a patient with a past, present, or future medical condition, considered protected health information. We know that Google Analytics collects IP information (though temporarily now under the revamped Google Analytics 4 (GA4)) when a visitor visits your website. They may visit treatment or disease specific pages on your website that may connect the individual with the regulated entity, i.e., your healthcare organization. As per the OCR, this “relates to the individual’s past, present, or future health or health care or payment for care” thus making impermissible PHI available to third party technology vendors, such as GA4.

As a healthcare technology & marketing company, we are erring on the side of caution while we set up GA4 for our healthcare clients. While GA4, a positive upgrade for privacy concerns, compared to the earlier Google’s Universal Analytics (UA), makes it closer to being HIPAA compliant, there are additional steps that you need to take to ensure full compliance. 

Server-side tag managers, customer data protection (CDP) platforms, and recommended analytics platform settings are some options available to make analytics tracking HIPAA-compliant. 

We are strong proponents of server side tag management setup that allows you control of your data and what is shared with third-party marketing platforms, thus meeting compliance requirements. And that’s not all, a server side setup also creates a first-party cookie context, improves your data collection, and allows you to circumvent ad blockers (although in the world of privacy-first world, we do NOT recommend circumvention).

Talk to us to see how we can customize your tag management setup to make your analytics and marketing pixels HIPAA compliant. 

Retargeting & Other Marketing Pixels – Another aspect of third-party tracking includes pixel codes, such as Meta Pixels or Google Ad codes that allow for retargeting of your top funnel audience to lead them closer to making an appointment or completing a purchase, is no longer HIPAA compliant. 

Just like web analytics code can relay and store impermissible & identifiable PHI, so can other marketing and retargeting pixels, such as Meta. Furthermore, like Go ogle, Facebook is not willing to sign a Business Associate Addendum (BAA), which is required to keep the covered entity and all its all business associates HIPAA compliant.

This unfortunately means that retargeting ads are currently out of bounds for healthcare organizations, unless PHI identifiers are transformed into anonymized data points before it reaches a third-party tracking or marketing platform. These PHI could be anything from IP addresses, page URLs that contain health information, including health conditions

This solution creates an obvious dilemma – the more anonymized the data that you send over to marketing platforms, the less useful that data becomes. For instance, a simple solution of redacting or encrypting HIPAA identifiers, such as IP addresses and page location/path/referrers that can connect an individual to a  past, present, or future health condition, treatment or payment plan also removes important data points that are needed to optimize or initiate targeted campaigns.

At Webtage, we are implementing server side tag management solutions that allow for creation of PHI-free custom audiences that are then sent to third-party marketing platforms, keeping marketing campaigns free of any HIPAA identifiers.

Social Media Compliance – Social media channels can be a landmine of non compliance covered entities under HIPAA, unless the channels are navigated carefully and cautiously. There are plenty of cautionary tales about healthcare social media marketing gone awry

Bottom line – you never want to post testimonials, pictures, before & afters, or any other information that may link a patient or even a prospective patient with their past, current, or even future health condition. 

If you plan to use user generated content (UGC) or your own content that contains identifiable PHI, do request a media waiver form to be signed by them prior to any social media posting.

Beware that even private messaging to your colleagues on social media will violate HIPAA unless you know for certain that those messages are encrypted end-to-end. Even acknowledging a social post from a patient by stating that your organization treated them or is going to treat them for a condition is a violation of HIPAA.

Some common precautions we take at Webtage is we require our healthcare clients to always have a Media Waiver form signed by patients before their faces, names or other forms of identity is released on social media or on the website. We also never add names of patients to testimonial posts or imagery. Rather, we simply add their initials, thereby removing any identifiers.

Remember that deliberate or thoughtless disclosures of PHI are both HIPAA violations and can result in distress, citations, fines & punitive actions. Work with a marketing team that understands the tightrope of protecting PHI while building trust and marketing your organization.

Review Management – When it comes to review management and HIPAA compliance, businesses in the healthcare industry face unique challenges. With the rise of online platforms and social media, publicly-posted reviews can have a significant impact on a healthcare provider’s reputation. However, it is crucial for these organizations to navigate this landscape while ensuring compliance with HIPAA regulations. This includes any information that could potentially identify an individual’s health condition or treatment.

Negative reviews can be particularly problematic in terms of HIPAA compliance. While businesses need to address customer concerns and feedback, they must do so without violating patient privacy rights. This requires careful monitoring and response strategies that prioritize both reputation management and adherence to HIPAA regulations.

Here’s the golden rule for maintaining HIPAA compliance on publicly-posted reviews. Even if the patient acknowledges that they are your patient, your response should not indicate a patient-provider relationship. In case of a negative review, Aledade.com, a healthcare accountable care organization (ACO) suggests the following:

  • Use neutral, professional language
  • Thank the reviewer for providing feedback
  • Stress that a great experience and patient satisfaction is of importance
  • Detail any changes implemented within the practice, if appropriate
  • Request that the reviewer contact the office if they have questions; however, do not acknowledge if the reviewer was or was not a patient
  • Never post information about a patient or their condition without their authorization

Business Associate Agreement (BAA) – A final word of recommendation. When working with a marketing technology (MarTech) or marketing agency, signing a Business Associate Agreement (BAA) with them is crucial for ensuring HIPAA compliance when handling protected health information (PHI). By entering into a BAA, your marketing providers agree to safeguard ePHI and adhere to HIPAA regulations. This agreement outlines the responsibilities and obligations of the provider, such as maintaining data security measures, reporting breaches, and ensuring compliance with HIPAA rules. 

For instance, while choosing an email marketing automation platform, look for those that offer BAAs to healthcare organizations to help them securely manage PHI within their email campaigns. By partnering with BAA-compliant marketing providers, healthcare businesses can confidently navigate the complexities of HIPAA regulations and protect sensitive patient data.

Conclusion

At Webtage, we are committed to helping medical businesses create compliant marketing and web technologies solutions that provide peace of mind while enhancing patient care.

Talk to us about our HIPAA-compliant web technologies, marketing analytics and digital marketing protocols that provide an end-to-end solutions for your healthcare business. 

Solutions we offer:

  1. Custom server-side tag management solutions for HIPAA-compliant analytics & marketing tracking  
  2. HIPAA-compliant applications that encrypt data at-rest and in-transit 
  3. HIPAA-compliant communication protocols for social media and review management platforms
HIPAA Compliant Marketing Solutions

Generative AI-Led Search in 2024: How Healthcare Organizations Should Refine Their Strategies for Improved Search Visibility

Posted on December 14, 2023 - 10:30 AM by
generative AI led healthcare

We are a lead generation company with specialized expertise in organic search and paid search for healthcare and B2B verticals.

We are seeing some significant changes in search results, especially for healthcare, led by generative AI, propelling search engines, such as Google & Bing, to improve their search results in order to be more meaningful and personalized for their users. 

In this article, we focus on competitive search strategies for healthcare organizations in the age of generative AI.

What are some of these search trends and how will they affect your ability to attract patients?

Google’s Search Generative Experience (SGE) – Google (and Bing) are working to bring generative AI capabilities into their search engines. Generative AI is poised to change the way search engines work and is the biggest search technology breakthrough in 25 years! 

Google says: “With new breakthroughs in generative AI, we’re again reimagining what a search engine can do. With this powerful new technology, we can unlock entirely new types of questions you never thought Search could answer, and transform the way information is organized, to help you sort through and make sense of what’s out there.”

Google is not the only search engine experimenting with gen AI in search models. The new Bing, powered by ChatGPT, is already in business.

What does Gen AI-led Search mean for you as a healthcare business?

Earlier, if you typed in ‘how do I find a doctor who truly cares in Santa Clara, CA’ Google would provide you with the ten best sites and would expect you to sift through the websites to find the best doctor for you.

Gen AI-led search

With SGE, Google will save you the trouble of sifting through results. Instead, it will rely on real-time information and Large Language Model-led AI analysis to provide search results so “you’ll be able to understand a topic faster, uncover new viewpoints and insights, and get things done more easily.

Let’s see what an SGE will produce for the same search: ‘how do I find a doctor who truly cares in Santa Clara, CA.’

SGE

As you can see, Google’s SGE has done an analysis of content and produced a compilation of results to provide you with guidance on:

  1. Ways to find a doctor who truly cares in your location. There are websites that Google considers important and lists them. You want to appear here!
  2. A carousel of the top 3 websites that provide specific guidance on this topic, with the ability to click right on the carousel to see more websites. Another real estate on SGE that you would want to target.
  3. Google SGE also offers ‘Perspectives’ which allows user-generated content (UGC) from forums and discussions, including social media,  to appear on SGE results. This, interestingly, is also a growing feature Google search currently. We expect perspectives to gain more importance in the coming months. 
  4. Finally, with SGE, you can have a follow-up conversation with generative AI by typing in a follow-up question.

How do you go about appearing in Google’s SGE? 

If you truly consider the impact of Google’s SGE, it is a paradigm shift in search. With generative AI capabilities, powered by Med-Palm 2, Google’s large language model trained to provide high-quality answers to medical questions, Google search for healthcare will be positioned to provide many healthcare-related informational questions on Google search itself, without the need to directly visit your website.

However, this does not mean that you cannot attract high-quality transactional search-led traffic to your website. Here are steps you can take to position your website high on generative AI-led search engines in the near future:

  1. A good foundational SEO strategy – First of all, you need to ensure that you appear high on organic search results currently. In that sense, a good current SEO base is your defensive strategy. This means authoritative content  and the E.A.T. strategy should still be your foundational strategy!

Let’s talk about your offensive strategy next.

    2. Clear content that is easy to read – SGE favors readability. Look at your readability score and summarize your page info into simple sentence structures followed by a clear call to action. This means presenting your information in a clear and easy-to-understand language.

    3. Well-researched, current, and well-sourced content – Additionally, since healthcare websites fall in the ‘ Your Life, Your Money’ (YLYM) category, it becomes acutely important to put forward well-researched and well-sourced content on your website. This is because search engines are particularly demanding of the trustworthiness of your content if you provide advice regarding money or health. The more current, well-sourced, and trustworthy the content (as in quoted by a reliable healthcare site), the more likely it is to appear on SGE results.

    4. Featured Snippets – A related offensive strategy, that is relevant not only for SGE but also current organic search results, is the creation of deep content and developing high authority backlinks to appear as a featured snippet on search.

This begs the question – What are featured snippets? 

Featured snippets are valuable answers to search queries that are displayed at the top of search results. Featured snippets aim to provide quick and direct answers to questions being asked. SGE, in that sense, is an extended featured snippet with a summary of the most important information taken from a variety of sources, as opposed to a single source, as in the current featured snippet.

So, how do you go about being featured in the current Featured Snippet or the extended SGE of tomorrow?

 Create deep content. What do I mean by deep content? In short, I mean content that meets professional compliance requirements and is medically vetted, so readers get valuable, up-to-date, and factually correct  information. It also means creating dynamic and real-time content as far as possible. This is because Google favors “fresh and recent information sources.”

  • Further steps include getting valuable links from reliable sources in the healthcare industry. To this end, a few things we do for our clients is to have a digital PR strategy for them by getting their content published in high authority industry sites, joining sites like HARO and Qwoted to get them published in reputed journalistic pieces, and building backlinks from local organizations, such as the Chambers of Commerce, professional associations, and local media. 
  • Focus on adding structured data that enables Google to easily parse markup data on your site & brand authority. For healthcare sites, make sure you include frequently asked questions (FAQs) related to healthcare services, article bylines & author schema markups.  

  5. Digital Reputation – As early versions of SGE become available for personal use, our experience shows that your digital reputation will be paramount in getting links within SGE. 

While most healthcare practices think this means getting high ratings and laudatory reviews on Google Business Profile, Healthgrades, Yelp etc. digital reputation is a bigger goal than just getting good reviews. 

Digital reputation can be built by combining good reviews with authorship. Ensure your practitioners are authoring articles, appearing on podcasts, and being quoted by reputable local and industry sites.

What Hasn’t Changed

As generative AI-led search becomes prevalent, foundational search strategies remain the same. 

  1. E.A.T. Still reigns Supreme – Use content to build brand authority and authorship. Gen AI is even more likely to look at expertise, authority, and trustworthiness to decide which content links to include in its SGE search results.
  1. Local SEO Remains Important – Most healthcare organizations have a local focus. They tend to serve individuals in a certain locality. Building a strong local SEO strategy that includes building high authority local citations, will continue to be important for your business.
  1. Good technical SEO Still Matters – Using a crisp site structure that follows a clean and intuitive navigation structure. Use structured data to mark up the content of your website. For healthcare organizations, we strongly recommend healthcare service FAQs, medical organizations, and authorship markups. Maintain easy readability scores and summarize the information on your pages at the top in clear and concise language, followed by a call to action.

In conclusion, make sure you work with a forward-thinking marketing team that stays ahead of their domain curve, so you don’t have to. 

Here are two examples of strong digital reputation management for our clients that have led them to appear prominently in Google’s SGE:

google reputation management

reputation management

In that sense, some things never change. Search engine optimization (SEO) has never been about tricking Google through paid links or keeping up with algorithm changes. It is about improving user experience (UX) and providing value to your users – if users and influencers find your website relevant and useful they will keep coming back and Google will notice! And that’s the reason we don’t lose page rankings to algorithm changes.

Learn more about our healthcare patient generation services and our other digital solutions for healthcare organizations.

Healthcare Digital Agency

Why Top Quality Content is Essential for Healthcare Practice Marketing

Posted on November 15, 2022 - 11:30 AM by
healthcare marketing

Healthcare marketing is one of our favorite niches at Webtage. We get to tell beautiful stories of miracles and the resilience of the human spirit. But this is the easy part of our jobs.  

What we find challenging, and thus, more exciting, is building a solid foundation for our client’s content marketing. It begins with laying out a well-thought-out content strategy.

Good healthcare content can help:

  1. Generate trust in your expertise as a trusted healthcare provider, thereby helping with your reputation management
  2. Drive search traffic by helping your quality content rank higher on search engines
  3. Help your patients answer questions regarding health conditions.

Why would any healthcare practice not want to include content in its marketing toolkit? Even though quality content should be a part of any healthcare practice, a recent survey by SEMRush on State of Content Marketing 2022, found that only 26% of healthcare organizations use content marketing very successfully.

 We’ll be exploring healthcare content marketing in this article, the challenges, opportunities, and some actionable tips you can implement for your healthcare practice. 

Where Are Healthcare Marketers Going Wrong And What Can They Do About It?  

What truly matters is delivering value for your customers through your content. Unfortunately, that’s missing from healthcare marketing. Most of the focus is inward, and content marketing is merely another tool to hard sell their practice and its offerings. We also commonly see click-bait, low-quality SEO articles with keyword stuffing to drive search traffic. 

Another challenge is that healthcare marketing is a different beast from the other kinds of marketing because of HIPAA laws and high (read life-and-death) stakes. 

At Webtage, we believe that challenges are hidden gems of opportunity. It’s a chance to wipe the slate clean, present fresh ideas, and carve new pathways that are unique for healthcare marketing. 

7 Tips For Your Healthcare Practice To Ace at High-Quality Content Marketing 

Here’s how you can use high-quality content marketing to partake in your patients’ conversations and make a difference in their lives. 

  1. Step Into Your Customers’ Shoes 

 The internet is a gold mine for healthcare marketers. Your patients are looking at it as a reliable source for answers on their health and solutions. It’s their first go-to source which can lead them to stumble upon your website. 

Relevant and high-quality content is what will pull them to your website, browse for answers to their challenges, and reach out to you for solutions. 

 Your content must be empathetic, and that can happen if you think and feel like your patients. What your patient is looking for is a trusted partner that can solve their ailing issues. 

Your message should have your target audience and their needs at the heart of all conversations. 

 You must know your audience before creating material for them. Ask yourself: 

What is your patient experience like when they come to your website and when they visit your competitors’ sites? 

A strong content marketing program identifies and defines its target audience. Some tools that can help you are focus groups, one-on-one interviews, and qualitative and quantitative research. You should now have a strategic foundation to construct your content marketing program thanks to that analysis. 

 A firm grasp of your patient’s needs and experiences is key to building a winning content marketing plan and relevant engagement material.  

  1. Plan Well And In Advance

Content marketing must be strategic, like any other marketing element. 

A documented content strategy, in our opinion, is essential to any healthcare marketing strategy. Not more content, exactly. Intelligent content is the key. It’s a tedious procedure, but essential to your success. A strategy is now essential, not just nice to have. 

We engage your consumers and drive business growth with our differentiated content marketing approach which requires us to plan, create, distribute, measure, and optimize all content around the target audience.

At Webtage, we employ a Google Sheets content calendar that enables us to collaborate with our healthcare clients to manage their monthly content editorial plan. In order to make writing content less stressful and more focused, our editorial calendar concentrates on specific key areas and goals. Our top content marketing goals are: 

  • Consumer engagement 
  • Brand building
  • Lead generation and conversion 
  • Patient loyalty
  • Physician engagement 

Our editorial calendar is set up in two-month intervals. This enables us to prepare ahead of time and delegate tasks to our content creators.

  1. Content Creation 

Once you have the content strategy and editorial calendar ready, decide how you will ensure quality content that meets professional compliance requirements and is medically vetted, so readers get valuable, up-to-date information

Quality, up-to-date and accurate healthcare content is also important for search engine visibility. In 2018 Google unveiled its “medic update” which had strong implications for businesses in the YMYL (short for ‘Your Money or Your Life’) or in other words websites that provide any information that affects people’s health, wellness, or money. Put simply, it means that Google does not want to recommend “uneducated advice, opinions, or potentially fraudulent websites.” Google wants to be certain that the sites that they recommend display a high level of expertise, authority, and trustworthiness. algorithms place. 

That’s the reason that we follow the E.A.T. principle when creating and marketing content for our healthcare clients.

At Webtage, our content team comprises medical writers with experience in creating content that meets professional healthcare writing standards. This means some of the  specialized skills they bring to the table include:

  1. Ability to present information that is scientifically accurate
  2. Deep understanding of medical terms & conditions
  3. Ability to provide a logical structure, including logical presentation of ideas
  4. Ability to simplify complex medical information into simple, easily digestible pieces, without losing factual accuracy
  5. Ability to search reliable references from non-reliable sources
  6. Be able to combine factual information with compelling writing to appeal to readers and search engines.
  7. A clear understanding of statistical research, data presentation, as well as ethical and legal issues
  1. Content Delivery & Mobile Searches

It’s crucial that we present the content in an engaging way. Those who optimize for mobile platforms and present snackable content in text and video formats will reap the benefits of content marketing. Therefore, your content marketing must not only show relevance to the end user but also deliver it in easily digestible chunks while on the go.

  1. Pay Attention To Online Reputation Management 

Healthcare marketers must convince prospective patients that they are reliable considering the abundance of options for customers to get health information, both reliable and dubious.

Reputation management means more than generating and managing reviews (although that’s an important part of the puzzle). 

So how should you go about building a transparent & authentic brand while driving action & advocacy that goes beyond managing your reviews on Yelp and other public review sites? Remember, the approach is to push up positive content higher and higher in search engine results and bury the negative content. We offer several services to build a solid reputation for you.

Creating original content, such as thought articles, white papers, videos, Q&A, and other long-form content pieces and publishing them on your website and high-quality third-party sites helps to display your thought leadership high on search engines, thus boosting your reputation. Similarly, social media marketing, when done well, can not only increase your brand reach, but it also allows you to build your reputation through local community marketing.

  1. Collaborate With Influencers 

Even if a doctor may be the one writing prescriptions and advising treatments, if a patient is well-informed, she is more likely to follow the doctor’s advice or even inquire about it in the first place.

Online influencers are now a part of these doctor-patient discussions because of the expansion of digital healthcare research, and they have a significant impact on the possibilities that patients inquire about.

Think of the quality above number when choosing your influencers to work with in order to maximize your impact. Instead of only looking for influencers with the greatest following, when conducting audience research, look for specialty publications and websites that cater to your core audience and consider methods to collaborate with them.

Your own work will benefit from paying greater attention to these trends and how they change over time. 

  1. Content Analytics and Measurement

In order to maximize the efficacy of the program, you need to examine your content marketing endeavor to determine what is effective and what is not. You’ll discover the tactical move that most appeals to your target market through trial and error. 

Key performance metrics we use to understand content marketing success include:

  1. Acceptance of content pieces on high-quality and relevant third-party sites.
  2. Ability to produce medically compliant content pieces that attract traffic consistently.
  3. Reader engagement with the content. This could include social shares, likes, and comments on owned social channels.
  4. Website traffic to your content pieces, whether we publish them on your website or third-party sites.
  5. Reach of your content, calculated as impression share

 It should be clear that developing a successful content marketing strategy takes time. It needs nurturing and requires patience. But in the end, your firm might benefit from all of your efforts, strategic focus, tracking data, and meticulousness. 

Final Thoughts 

The key to enhancing your reputation as an expert in your field and drawing new patients to your health system’s website and online channels is timely, pertinent, and consistent quality information.

Marketers in any industry may position themselves for success by creating great content for audiences that are becoming more knowledgeable, prioritizing mobile, and spending money on influencer marketing. This is even more important for healthcare organizations as the content you create can have serious implications on lives if not created and vetted extremely carefully

Google has clearly stated that “medical advice needs to be written by people with high medical E-A-T to be considered high quality.”

Creating regular, excellent healthcare material is not easy—but it doesn’t have to be an insurmountable endeavor. We hope you find our advice on developing a master editorial content calendar and skills to create high-quality, up-to-date, and medically sourced content helpful. 

Finally, you might want to consider asking for support from a professional healthcare digital marketing agency in Chicago to help handle this challenging task with ease and comfort.

Healthcare Marketing Agency in Naperville

Are you a Healthcare Provider That’s Offering Telehealth Services? This is What You Need to do Right Now!

Posted on April 14, 2020 - 6:26 PM by

In response to the COVID-19 pandemic and shelter-in place orders in many areas of the country, many healthcare providers, including hospitals, doctors, and mental healthcare providers, are now providing virtual care. Google has recently rolled out tow new features in Google Search and Maps to allow users to conveniently find telehealth options, “whether it’s to a doctor’s office down the street, the hospital across town, or a national telehealth platform.” You can also clearly communicate your COVID-19 information with your intended audience.

So how do you, as a provider, access these features? Let’s talk about Google Maps first (if you are not familiar with the significance of Google Maps for your healthcare business or have not claimed your Google My Business listing , learn why it’s critical that you do so now and while you’re at it, also learn foolproof tips on optimizing your GMB listing):

      • Google My Business now offers URLs dedicated to COVID-19 and telehealth services. Make sure you add the URL links to your Google My Business Page listing. After your edits have been reviewed and approved, it’ll appear in Google Maps listing and your detailed Google Maps listing as well. Here’s how you can add the URLs: Sign in to your GMB listing by visiting business.google.com. Next click on ‘Info’ on the left-hand side panel. If you are a healthcare organization, you will see two additional URL options for COVID-19 info link and virtual care link. Add the links as applicable and click Save.
      • List Telemedicine Services on your Business Profile on Google. Google adds that “you can choose what to offer from suggested types of services. If the type of service isn’t listed, you can add your own custom services, like “telemedicine,” “telehealth,” “video visits,” or “house calls.” Once the services edit has saved, patients will be able to see the services you have listed, including online visits or telemedicine.
      • Finally, in the Attributes section, add video visits to the offerings, if you do provide video visits. This will also help display your telemedicine option to your patients when they search for your services in Google.

I’d be amiss if I didn’t mention that Google is also helping healthcare providers with technology infrastructure and support via “HIPAA-compliant G Suite products (including using Google Meet for telehealth or virtual visits), deploying virtual agents to field questions related to COVID-19, and helping with capacity-planning and demand forecasting of key medical supplies to better manage their supply chains.”

If you need help planning your transition to virtual care, contact us at Webtage where we have facilitated the transition to online visits for healthcare providers, developed the capacity to communicate high quality and credible information in the midst of the health crisis, and marketed online visits to continue solid revenue generation for our client. 

[mk_page_title_box page_title=”Healthcare Digital Marketing Done Right” page_subtitle=”Grow Quickly & Effectively” section_height=”150″ font_size=”24″ title_force_font_size=”true” sub_font_size=”16″ subtitle_force_font_size=”true”]
Learn More
Healthcare Marketing Agency in Naperville

Healthcare Digital Marketing: What E.A.T. Means for Your Search Visibility and Why Good Content is Your Best Friend!

Posted on March 1, 2020 - 9:01 PM by

In 2018 Google unveiled its “medic update” which had strong implications for businesses in the YMYL (short for ‘Your Money or Your Life’ or in other words websites that provide any information that affects people’s health, wellness, or money). Since more than 40% of websites affected due to this update were health related sites, this came to be known as the “medic update.” There have been further Core Quality Updates in 2019 that continue to have deep implications for search visibility of healthcare organizations.

So what do these updates mean if you are a healthcare provider? Put simply, it means that Google does not want to recommend “uneducated advice, opinions, or potentially fraudulent websites.” Google wants to be certain that the sites that they recommend display a high level of expertise, authority, and trustworthiness.

So how do you signal your expertise, authority, and trustworthiness to Google?

Expertise

  1. Build expertise by creating frequent content that is informative, useful and engaging for your audience.
  2. Remove poor quality, dated content from your website that would signal half-baked, incorrect, or worse, harmful information to your audience.
  3. Keep in mind that it is not only important to build E.A.T. for your website, but also work on building E.A.T. for your content creators. How?

 

  • Ensure your content creators are experts in healthcare. Google has indicated that “medical advice needs to be written by people with high medical E-A-T to be considered high quality.”
  • You may be a wonderful and experienced doctor, but if you haven’t built your online profile then there is nothing in the digital world to back up your expertise. So strengthen your online expertise by writing guest articles for niche publications in your field and contribute to industry publications and forums.
  • Add by-lines expert to website content. This will signal that the author is an expert in the profession or niche and the information provided in that blog is trustworthy.
  • Link content creator’s profile to other online profiles, especially on authority sites.
  • Use structured data to markup the author’s profile that will allow for a connection to be made with other online profiles for the author.
  1. Cite credible research, statistics, and data in the content that you create.

 

Authority

  1. Build authority by developing valuable backlinks from relevant & authoritative sites.
  2. Gain backlinks from high authoritative sites naturally by guest blogging for niche high DA (domain authority) sites. Most health-related guest blogging sites have clear guidelines on the types of content they will consider for publication. Identify sites that are the best fit for your specialty.
  3. Create outbound links to high quality health sites & industry publications. Try to include links to research studies or academic journal. Outbound links to .edu or .gov or .org sites are especially useful.
  4. Quality over quantity! Take your time to build good quality links. Building links through automated citation submissions may not be enough anymore.
  5. A good social media strategy will help you market your content and get your content shared – another great way to build authority.

Trustworthiness

  1. Build trustworthiness by building positive reviews. Positive client reviews help in increasing the E.A.T. score, so encourage all the satisfied patients to write testimonials on Google My Business, social media, and review sites.
  2. Many healthcare provider websites allow for email subscriptions, online appointment scheduling, online portal sign-ins etc – all considered to be Protected Health Information (PHI) under HIPPA. This patient data is vulnerable to being stolen unless your site is secured with an SSL certificate. An SSL certificate is not only necessary for you to be HIPPA compliant, it also signals trustworthiness of your website. Google takes privacy of user data very seriously and provides a boost to those websites that signal their intent to protect their user’s information. So make sure your website is secure with an SSL certificate!
  3. Have a clear way for your visitors to contact you with a clearly accessible Contact page.
  4. Include a Privacy Page to let your patients know how you gather, use, disclose, and manage their data.
  5. If you allow for online transactions through your website, ensure that clearly outline your refunds & returns policy.

 

E.A.T. is not the only update that has had an impact on Google search rankings of healthcare businesses. The 2019 B.E.R.T. is another update that has hit some healthcare sites hard and is about incorporating Natural Language Processing (NLP) into Google searches. And if pages on your website don’t provide information on topics that users are keying into search bars, then your website is likely to be overlooked.

 

Note the common theme in all the updates? Create content that is informative, useful, and engaging. Google has been saying this for a very long time. Create great content. That has not changed and will not change. See how we used content creation and a solid digital marketing strategy to help a healthcare practice gain top search visibility, increase online patient lead generation, and grow their long-term patient panel 60%.

[mk_page_title_box page_title=”Healthcare Digital Marketing Done Right” page_subtitle=”Grow Quickly & Effectively” section_height=”150″ font_size=”24″ title_force_font_size=”true” sub_font_size=”16″ subtitle_force_font_size=”true”]
Learn More
Healthcare Marketing Agency in Naperville

40 Questions to Ask Before You Start Healthcare Digital Marketing

Posted on October 20, 2017 - 2:48 PM by

A digital marketing campaign needs a strategic approach and careful planning. Advance preparation can help both clients and vendors develop a common understanding of marketing objectives & constraints.

This questionnaire will help you understand your vision for your organization’s growth goals and plan the overall effort required for a confusion- and conflict-free digital campaign. It will help your vendor understand your constraints and will also lower your risk for running into a time and cost overrun.

So whether you are considering improvements to your existing campaign or an extensive omnichannel marketing launch, use this questionnaire to start your digital strategy on the right footing.

    What is 4 + 9 ?

    About the Author

    A believer in hype-free and performance driven digital strategies, Snigdha’s endeavor is to get your brand established and your business grow. She is passionate about research, design and analytics and works non-stop and meticulously to make sure that your brand stands out from the rest.

    Snigdha’s background is in research design, industry research, content creation, and qualitative and quantitative research (including web-based and phone survey methods and focus group discussions). She is a highly qualified professional in the areas of digital marketing strategy design, SEO, content creation, and social media marketing. Most recently she has grown a client’s online presence from zero to 25% online leads within 3-6 months; moved client website to the #1 & #2 spots on Google, Bing, and Yahoo for all major keywords; and generated online leads accounting for 25% – 30% of all leads for that client.

    Contact her at snigdha@webtage.com

    Healthcare Digital Agency in Naperville