Online tracking technologies and Healthcare

Explore Twilio Segment's HIPAA-compliant solution, optimizing data security and privacy for healthcare analytics and governance.

By Atit Shah, Darcelle Pluviose

Please note that this post merely provides an overview of possible uses of Twilio Segment and is not considered legal advice or methods of compliance with HIPAA or advertising regulations.  It should not be taken or used as legal advice about the security, protection and use of data for Marketing or Advertising in healthcare or in compliance with HIPAA. You should consult your legal and/or security experts as needed before implementing solutions for any use cases. 

In December 2022, the Office for Civil rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a bulletin to highlight the obligations and concerns that Covered Entities and Business Associates must consider under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) when using online tracking technologies. 

As part of this bulletin, OCR explained that such tracking technologies may be subject to HIPAA and healthcare organizations that use such tracking technologies must ensure they comply with the applicable obligations under HIPAA. 

For customers subject to HIPAA, Twilio not only signs BAA for  HIPAA Eligible Services, including Twilio Segment, but also provides an extensive range of capabilities across both privacy and personalization. As a customer data platform (CDP), Twilio Segment offers solutions for data governance and compliance management, as well as Engage Audiences which allows users to group users or accounts based on event behavior or traits, and improved personalization through ID resolution

Tracking technologies for Analytics 

When using online tracking technologies for analytics, healthcare organizations should consider how the tracking technology is built, what type of information it collects, and how this information is shared with your organization and other parties. While you may not need to overhaul your entire strategy, in light of the HHS ruling, it may be a good time to re-evaluate your analytics strategy to ensure compliance.

Replacing the tracking technology

Tracking technologies often operate like enigmatic walled gardens: you insert a code snippet into your web pages and app, and they autonomously gather a wide array of data with minimal control. 

At Twilio Segment, we take a more precise approach at only collecting first-party data (the data your user directly shares with you) and then share specified data with specific destinations. Twilio Segment offers 450+ out of the box integrations across marketing, analytics, warehouses, and more, so you gain a more holistic understanding of your users while activating these insights on your preferred platforms.

Data classification with additional security control

Twilio Segment offers nuanced, granular, and automated data quality controls so customers  have a trusted data foundation to improve personalization, engagement, and user management strategies. Based on your data inventory Twilio Segment's Privacy Portal automatically detects and classifies your sensitive data that you can additionally encrypt before sharing with your downstream destinations. 

Rigorous approach to data minimization

With Twilio Segment, customers are empowered to take charge of what data is shared with third-parties including analytics tools, ad networks, marketing automation platforms and more. By leveraging Twilio Segment’s Schema Controls and Destination Filters, you have the opportunity to be exceptionally discerning about the data you share with these tools. You can block events or specific properties within events from being sent to your preferred Destinations.

Prevent accidental sharing of data

Twilio Segment offers Destination Actions that allows you to see and control how Twilio Segment sends events and event data it receives from your sources to more than 50+ actions-based destinations. Unmapped events and event data are never sent to these destinations.

Tracking technologies for Advertising 

In addition to HIPAA and other regulations, broader industry trends point to a shift toward an increase in consumer demands for transparency around data privacy. Healthcare organizations should understand how tracking technologies transmit data when advertising online in order to identify areas of increased risk and thereby reduce your exposure of noncompliance. 

PII Blocking Lists

For certain integrations, Twilio Segment automatically scans events and implements a safeguard against the transmission of PII flagged by the platform. For example, we offer PII blocklisting for Facebook. You have the ability to expand this list by adding additional properties within the Blocklist PII Properties settings.

Build redundancy into your privacy strategy with Data Encryption and Hashing

For Facebook Pixel Destinations, from the Blocklist PII Properties settings, you can choose to hash flagged data fields. For conversion APIs of ad platforms like Facebook, Tiktok, Pinterest, Snapchat and more, Twilio Segment automatically hashes platform specific PII. For all other destinations, you can leverage data encryption to encrypt data before sharing with a destination. 

Create audiences in real-time

Rather than transmitting all events and data properties to ad platforms for segmentation, customers can build audiences directly within Twilio Segment using Twilio Engage Audiences and only share the minimum necessary data with the ad platforms using Destination Actions

Respecting End User Consent 

If you're using data for advertising or other purposes, ensure you obtain appropriate end user consent. Making your data collection and usage practices clear to your end users, and giving them the option to opt-in/opt-out to those purposes can help you with compliance. 

Get started with Twilio Segment for Healthcare

Twilio Segment understands that our platform is only one element of an organization’s strategy, since HIPAA isn’t a set-it-and-forget it endeavor. It’s an ongoing responsibility to ensure PHI is being properly stored and shared with only the appropriate parties. So while no tool will eliminate the risk entirely, building on a HIPAA-eligible platform that uses first-party data can be a strong foundation to help build out your application in compliance with not only HIPAA, but other data privacy regulations. 

If you’re interested in learning more about Twilio Segment for Healthcare, check out our past blog on Creating Privacy-conscious care journeys, or request a demo to see how you can get started today.

The state of personalization 2023

The State of Personalization 2023

Our annual look at how attitudes, preferences, and experiences with personalization have evolved over the past year.

Recommended articles


Want to keep updated on Segment launches, events, and updates?