At the Healthcare Interactive Conference (HCIC) last month, I got to talk to marketers who are very focused on results. They are also very focused on what will impact their marketing efforts and why. Every conversation came back to AI.

In my previous HCIC takeaway, I wrote about how AI is not a strategy—it’s a tool to solve real problems. Now I want to dig into a specific problem AI is creating for healthcare marketers: how we get found. We need to be thinking about all aspects of how AI can be used. In general, this breaks down into both impact and opportunity.

Impact: AI Search Is Transforming Healthcare Discovery

Several conference sessions alluded to this shift, but marketing experts Brittany Young and Gina Linville gave some deeper insight.

From a marketing perspective, the largest impact is one of being found. Think about how much time a typical hospital marketer puts into being found. I have had many conversations over the years about Search Engine Optimization (SEO) and the importance of having valuable content that the search engines view as unique and relevant.

AI impacts that in ways that are not at first obvious.

The New Reality of Patient Search

Think of how you typically use ChatGPT or how your search engine has evolved. AI now pulls the data and gives you a brief with information culled from multiple online sources. The good news is that the AI tool will typically reference a website it sources. The bad news is while AI typically credits source websites, patients get their answers without ever clicking through to your site.

The scale of this shift is staggering:

AI provides an overview for up to 84% of search queries when it comes to healthcare questions.

Healthcare leads nearly every sector in AI-powered search results—a trend that’s accelerating:

Strategic Response: Winning at AI Search in Healthcare

This shift demands a fundamental rethinking of content strategy. Two concepts are emerging as critical:

1) Answer Engine Optimization (AEO)

• Answer Engine Optimization (AEO) is the practice of structuring and optimizing content so that AI-powered systems, such as Google’s AI Overviews, ChatGPT, Perplexity AI, and voice assistants, can easily identify, extract, and cite it as a direct answer to user queries.

2) Generative Engine Optimization (GEO)

• Generative Engine Optimization (GEO) is a digital marketing technique designed to improve a brand’s visibility in results produced by generative artificial intelligence (GenAI) platforms. It involves adapting digital content and online presence to ensure that AI systems can accurately interpret, cite, and use the content when generating responses to user queries.

The imperative is clear: Organizations that don’t optimize for AI-powered discovery won’t just lose rankings—they’ll lose visibility entirely.

If you are not already thinking about how to orient your content to this then be aware that you will soon feel an impact.

Opportunity: Agentic AI and Productivity

On the flip side of the coin is the opportunity. While the impact above provides you with an opportunity provided you react appropriately, I want to focus on the productivity part of this. Specifically, think of what Agentic AI can do for your organization.

What Traditional Campaign Development Looks Like

Let me give you a few examples of common tasks and how long they typically take:

• Create a campaign brief: up to two weeks
• Create copy across multiple channels: 8-16 hours
• Create digital assets related to the campaign which fit your brand standards and work in each individual channel. Web site may allow for larger images. Paid search or paid social may have limited space: 40 hours
• Creation of the segment and pushing it to marketing automation tools: several hours

Now imagine specialized AI agents handling each component—not replacing human strategy and judgment, but accelerating execution while maintaining brand standards and compliance. Just getting one campaign going across multiple channels become a multi-person engagement over several weeks. While focused on that, you won’t focus on additional campaign or in honing your craft.

The AI Agent Team Your Marketing Organization Needs

The answer lies with Agentic AI. We believe that AI can cut down on the time necessary to complete these tasks and still keep humans in the loop. Here are a few examples of agents you might need in your organization:

Most importantly, this frees your marketing team to focus on what AI can’t do: strategic thinking, creative problem-solving, and understanding the nuanced needs of your community. 

The Path Forward: Integration, Not Replacement

The organizations winning in this new landscape aren’t choosing between human expertise and AI capabilities. They’re strategically integrating both.

Success requires more than technology. It needs an integrated approach:

1. Rethinking discoverability through AEO and GEO optimization
2. Deploying specialized AI agents for productivity acceleration
3. Maintaining human oversight for strategy, creativity, and judgment
4. Ensuring compliance at every step, particularly in heavily regulated healthcare
5. Measuring impact against business outcomes, not just operational metrics

Enabling Healthcare Organizations To Lead This Shift

HCIC reminded us that success in healthcare marketing isn’t about chasing technology for its own sake. As I shared in my first HCIC takeaway, AI is not a strategy—it’s a tool to solve real challenges that impact your organization’s ability to connect patients to care.

The search revolution is here. The productivity opportunity is real. The organizations that move quickly to optimize for AI-powered discovery while deploying strategic AI agents will gain a competitive advantage that compounds over time.

Start a conversation with our experts today.

I was at the Healthcare Interactive Conference (HCIC) this past week. I like this conference because it retains a “learning” approach to sessions. By that I mean, keynotes and the conference breakout sessions address interesting topics and help inform you about what has been successful and how healthcare organizations address ongoing trends. It’s less about, “AI will change your world. You need to do something now!” and more about, “AI has impacted us in this fashion and this is what we are doing to address it.”

In that theme, David Feinberg, senior vice president and chief marketing and communications officer of Mount Sinai Hospital, had some great and common-sense advice to give in the kickoff keynote of the conference.

Succeeding in Today’s Marketing World

Mr. Feinberg made a point that the most successful people have been fired multiple times. This includes Steve Jobs, Bill Maher, and even himself. It happens, especially when circumstances change. We should embrace it and be honest about why it happened and how we can move on. Embracing it means you are not afraid of failure.

I like this approach because modern digital marketing allows for companies to fail quickly and then move on to what is successful. It makes the old marketing adage of “I know half my marketing is misspent, I just don’t know which half” more addressable. You can more easily measure and see where you failed. Failure will occur. Even old approaches age out and you need to address the change and revise your approach.

Bottom Line: Don’t be afraid to fail. Set up your marketing to react to changing circumstances.

Digital Is Not a Strategy. AI Also Is Not a Strategy.

David commented that, at one point, books were considered high technology. They allowed the greatest dissemination of data the world had ever seen. In other words, while a technology might be new, the information or content is not.

So AI alone is not a strategy. The use of AI to address challenges is a strategy, or at least a tactic based on a strategy.

To his point, an AI like Sathya that does the entire intake for interventional cardiology is a perfect example of a good use. Sathya asks the same set of questions and captures the same information a human would. Sathya does it with a 90% adoption rate, where 90% of the patients and caregivers are pleased with the results.

Bottom line: Focus on pragmatic results of AI. Don’t try to “boil the ocean” or “shoot the moon.” Get to value where healthcare marketers and clinicians can focus on what truly makes a difference.

Dealing With Dr. Bigwig

Everyone — whether inside the healthcare industry or not — has a common pain point. A VIP comes to you and says, “I need you to do this now.” It could include creating a new section of the website based on that cool new thing or creating a campaign for a service line based on a flashy new diagnostic, even though that service line has a six month wait time for scheduling an appointment. This VIP probably has every credential and is very smart.

David has some key insights on addressing this type of circumstance:

• Don’t forget that the VIP wants a good outcome just like you do. They probably just skipped a couple of analysis steps before coming up with a solution.
• Focus on the benefits instead of the features. Ask about what this does for the patient. Ask about the benefit the patient (and caregivers) will gain from this.
• You may not be able to say no. You can, however, ask the questions and align towards a measurable result.

Often, this VIP is a physician leader — and that’s where the marketer–doctor dynamic comes into play. Physicians and marketers bring distinct professional mindsets to the table. Physicians are often rewarded for precision, consistency, and adherence to established protocols. Marketers, on the other hand, are encouraged to explore, iterate, and connect emotionally. These cultural contrasts can make it challenging to co-create a vision for AI—especially when one side is looking for proof and the other is looking for possibility.

Here are a few ways to bridge that gap:

• Recognize that visualization may not be a shared strength. Physicians are trained to think in terms of clinical pathways and outcomes, not abstract concepts or speculative futures. Marketers may need to invest more effort in translating ideas into tangible, outcome-oriented narratives.
• Avoid overwhelming with options. Present a clear, well-supported recommendation rather than a menu of possibilities. Decision fatigue is real, and clarity builds trust.
• Use data to build credibility. Show that you’ve done your homework. Frame your recommendation with relevant evidence, and make it easy for physician leaders to track how your proposal connects to patient outcomes, operational goals, or strategic priorities.

Finally, Remember That You Make a Difference, Too

Healthcare marketers typically enter this industry for the same reason clinicians do. You want to make a difference.

David told a great story about being at a wedding where a woman abruptly asked if he worked at Mount Sinai as a marketer. Hesitantly, he said yes and she said, “You saved my life. Yes the doctor did the work, but I would never have gone to him if your content didn’t get me to him.”

That’s the power of what you do. Your work doesn’t just inform — it connects, guides, and sometimes even saves lives.

So keep asking the hard questions. Keep pushing for clarity. Keep advocating for the patient.

Whether you’re building a campaign, shaping a strategy, or navigating a tough conversation with a physician leader, remember: your voice matters. And your impact is real.

Let’s Keep the Conversation Going

HCIC reminded us that success in healthcare marketing isn’t about chasing the newest technology. It’s about using the right tools to solve real problems. Whether it’s AI, digital platforms, or content strategy, the goal is always the same: connect patients to care in meaningful, measurable ways.

David Feinberg’s keynote was a powerful reminder that marketers, clinicians, and business leaders don’t just coexist. They complement each other. When we understand each other’s mindsets, ask better questions, and stay focused on outcomes, we create space for innovation that works.

If you’re navigating the complexities of AI, physician alignment, or digital transformation in your organization, let’s talk. Our team of healthcare strategists, technologists, and marketers is here to help you move from idea to impact.

Start a conversation with our experts today.

Healthcare leaders are engaging us in a variety of discussions to explore intelligent automation’s role for complex business challenges, ranging from efforts to enhance consumer trust and use artificial intelligence (AI) in effective ways, to navigating change that comes with prior authorization mandates. This series shares key insights coming from those discussions.  

As the saying goes, diamonds are made under pressure, and the most impactful opportunities are often those that challenge leaders the most. 

Prior Authorization, In a Nutshell

The CMS Prior Authorization mandate, which goes into effect on January 1, 2026, aims to reduce guesswork for healthcare consumers and the administrative burden on care teams, and to improve patient/member care by streamlining processes and enhancing the exchange of health information. 

Enabling prior authorization through API development is a good start; however, APIs are not a comprehensive solution. Rather, the introduction of multiple third-party APIs creates new processes and steps, often prompting manual follow-ups to track and connect data gathered from multiple sources. In addition, these new data points require new data models and methods to handle patient data.  

To address these inherent challenges, healthcare leaders are prioritizing investments in interoperability and automation technologies. 

Intelligent Automation Supports Prior Authorization and Business Efficiencies

True trust-enhancing transparency can be unlocked through intelligent automation. This is especially true as low-code, more-approachable AI, machine learning (ML) and Generative AI (GenAI) capabilities enter the mix. 

Intelligent automation connects digital process automation (DPA), robotic process automation (RPA), and artificial intelligence (AI) to deliver efficient and intelligent processes and align all aspects of your organization with the vision of constant process improvement, technological integration, and increasing consumer value. 

Although DPA, RPA and AI don’t make final decisions, they can streamline and leverage information, so the right decision gets made. Health insurers are always seeking access to actionable information about their members while adhering to data privacy laws and regulations. 

Getting to that actionable data requires multiple considerations: 

• Using best practices to assemble and curate the right data fields for any given use case 

• A continuous process of identifying and resolving issues in core systems 

• Appropriate environments in which to store data to maintain its integrity, security, and accessibility 

• Only then can you effectively enable specific sub-functions (i.e. functions that ingest the data then act or recommend actions) to happen accurately and on time 

Streamline and Optimize Prior Auth Processes

Every step in the prior authorization process has potential for improvement using intelligent automation. It can support, enhance, and accelerate based on rules engines, event logs, decision rules, and simple automations of high-volume processes. 

These intelligent tools streamline information sharing between payers and providers, reducing the need for repeated exchanges and guesswork, enhancing clinical review, and ensuring timely, accurate decisions. 

Intelligent automation rapidly optimizes the prior authorization workflows that occur at the edge of what can conveniently and cost-effectively be managed through APIs. AI and machine learning (ML) can assist required communications, reporting, and decision flows in many ways, including: 

• Orchestration: Automate the coordination of tasks and data flow between disparate systems and stakeholders. 

• Monitoring: Continuously track the status of prior authorization requests and flag any issues or delays. 

• Standardization: Ensure consistent repeatable workflows and processes across all systems to facilitate smoother information exchange. 

YOU MAY ALSO ENJOY: Evolving Healthcare: Generative AI Strategy for Payers and Providers 

Best Practices to Transform Prior Authorization Experiences

Intelligent automation enhances and overlays existing systems, helping to accelerate the prior authorization process with greater efficiency and generating insights into any recurring root causes in process breakdowns. 

As you’re approaching your prior authorization initiatives, we recommend the following transformation best practices: 

Transformation Tip #1: Cross-Functional Feedback

Maintaining cross-functional feedback is essential to identify and address pain points effectively. Automation allows for healthcare providers to quickly identify and communicate common pain points, such as inaccurate or incomplete record keeping, avoiding common pitfalls in the prior authorization process. 

Transformation Tip #2: Measurement and Tracking

Automated processes provide valuable insights for contracting, reporting requirements, and more. By measuring and tracking these processes, efficiency, effectiveness, and consumer experience are greatly impacted. This information can be used to improve upstream messaging to patients and members about prior authorizations.  

The overlay of technology not only increases operational efficiencies, but it also provides valuable insights that can be used to improve communication and support for consumers. 

Empowering Solutions for Healthcare

We partner with healthcare leaders to optimize prior authorization experiences and drive transparent, consistent engagement with consumers.  

Interested in learning more? In a recent webinar, our experts explored how better prior authorization experiences could enhance consumer trust in healthcare. 

Discover why we’ve been trusted by the 10 largest healthcare systems and 10 largest health insurers and are consistently recognized by Modern Healthcare as a leading healthcare consulting firm. Contact us today to explore how we can help you forge better experiences and improve outcomes.

The Hype Around Generative AI Continues

Many healthcare leaders are wondering if (and how) generative AI, the shiny new tool, could drive value in their organization.

Our recent discussions with Chief Medical Officers, Chief Information Officers, Chief Medical Information Officers, and a VP over Nursing point to this: AI can provide a huge amount of value when it comes to care delivery (e.g., point of care).

You may notice that I mentioned AI there and not, more specifically, generative AI.

Frankly, several of the most interesting care delivery use cases do involve generative AI, but they are not the only examples. And any truly innovative approach shouldn’t self-limit based on what’s absolutely hot in the market place. (Looking at you, generative AI.)

Many provider CIO’s and CDO’s tell us that the revenue cycle side of the equation is already supported by a number of helpful AI solutions. But, they stress, that doesn’t solve for some of the most vexing problems when it comes to clinician burnout. So in this post, I’ll focus on use cases for care delivery and how AI can help.

Care Delivery Use Cases: AI (and Generative AI, Too)

These use cases are just that – a list of possible uses for AI/ML and predictive analytics that drive some sort of value. AI can do a lot, but every use case assumes that the AI model or tool can be used with a system of engagement like an EMR.

SEE ALSO: Evolving Healthcare: Generative AI Strategy for Payers and Providers

I’ll break each of the use cases down by category:

Accelerate Imaging Decisions

We’ve helped our clients identify multiple imaging use cases, including the ability to:

• Flag radiology concerns: Use AI to review an image and perform a preliminary radiology modeling assessment. The focus is to help radiologists start with pre-identified concerns on a given x-ray, CAT scan, or MRI.
• Identify patients who need specialty support: This is similar to radiology in that an assessment occurs, but it would be for pulmonary nodules, liver transplant, kidney transplant, etc.

Streamline Referral Processes

AI could help to better manage the referral process. Of course, it would have to be paired with engagement technology and capabilities (which we also drive for our healthcare clients).

• Manage referrals: Receive a referral and apply an AI model to review referral data and determine the correct doctor or other component of the referral.  You can make this part of a referral management workflow which automates this step.
• Improve experiences: You can also automate the actual experience with the patient. communicate via the preferred channel, send emails or text with the referral info, and allow the patient to interact with an AI chatbot to schedule an appointment.

Support Operations With Deep Learning (DL) Insights

Delays in hospital throughput have negative impacts on financial and hospital optimization results. Insights derived from AI could help close the gap.

• Length of stay: Define potential length of stay in a variety of situations including pediatric, time study, overall patient population, etc.
• Readmission risk: Define the risk of readmission and identify the most likely cause of readmission; this AI model should identify the risk and then push the insight to an EMR.
• Left without being seen: Identify who will leave the ER before being seen.
• PT/OT/OT: Determine which patient should be treated with therapies; this becomes an aid to help the clinician diagnose and prescribe.

Support Patient Care Decision Making

Well-crafted models could support teams as they make decisions to support patient care.

• Testing decision-making: Define appropriate (and unnecessary) testing under certain conditions
• Evidence-based clinical decision-making: again, this AI model will help define clinical decisions that a clinician can then use in their decision making process
• Digital twins: digital twin data could be used to help define the overall best care for a patient

Auto Generate Medical Records

• Using ambient clinical intelligence, capture conversations between a patient and doctor or nurse and then generate an encounter in the EMR with any needed prescription or other information. Ideally, the doctor would review and approve the record and any actions coming from the visit. (This approach should be used for any patient interaction, whether it be a doctor, physician’s assistant, nurse practitioner, or nurse.)

Streamline Clinicians’ In-Baskets

Most clinicians feel buried in their in-basket and need help to quickly identify what needs quick action and what can be delayed or even automated. AI and generative AI could support in a number of ways:

• Better manage the in basket. Auto-categorize the message and make it easy for the important things to rise to the top. Auto-forward messages where appropriate. Auto-generate forms and filters to help in quick response to a given in basket message.

Support the OR

• Optimize the schedule: Based on a variety of factors
• Help with surgical correct counts: Help to automate or even review to ensure no foreign elements remain inside post surgery

Elevate Patient Charts

Every clinician reviews a chart before and after speaking with a patient. You can use AI models for variety of purposes:

• Auto-flag risk profile or patient risk scoring
• Auto compile quality data results (in many hospitals, this is still a fully manual process)
• Auto-chart review to auto-populate frequent screens
• Pull in SDOH predictors of delayed discharge

Support Quality Audits

• Auto compile data audits. Take the manual process, feed data to a model and compile a quality audit. This is technically a generative AI use case but one not top-of-mind.

Ease Digital Interactions, Using the Digital Front Door

What you’ll quickly notice is that this category differs from the others.  It deals more with digital interactions either before or after the point of care. That said, AI can still impact care delivery for things like correct identification of issues before a patient arrive.

• Use AI to schedule appointments. Remember that scheduling an appointment many times relies on a practitioner’s skills and knowledge before actual creating the appointment.
  • Is the physician seeing patients?
  • Is this a specialist who can only be scheduled under the right conditions?
  • Will the physician be in a location at the time the patient wants to schedule?
• Self-triage with a suggested appointment time and scheduling options
• Use AI in a symptom checker and pair it with a chat bot to push to an e-visit, if applicable

Better Outcomes for Patients and Clinicians

One thing you will notice is that care delivery use cases focus on two main needs: 1) clinician burnout – in essence, making a doctor or nurse’s life easier – and 2) better care for the patient – getting them to the right care more quickly. AI offers tremendous potential to create better outcomes for both patients and clinicians.

In my next post, I’ll focus on correct prioritization.

Expert Digital Health Services: Imagine, Create, Engineer, Run

Our healthcare and data experts can help you identify AI opportunities and build a pragmatic implementation plan that holistically considers data, technology, and people.

Drive Outcomes in Healthcare With AI

This is a continuation of my previous discussion on PHI and Online Tracking.  We know you have to be extremely careful when using tracking technologies. This is even true on .com site where you don’t login.  Even with extra care there are a number of ways in which you can track activity and events on healthcare related web sites.

What you can and cannot do

Remember that the guidance stresses that you have to treat analytics under the same constraints as other technologies which access PHI.  HIPAA still applies.  This means you can work with HIPAA.

Can Do

• Communicate with patients and members as you create the right conditions for better health outcomes
• Use all tools as long as there is no chance of gathering PHI.
• Work with patients and members across many channels a
• Use a tag manager to funnel data to HIPAA compliant repositories
• Can send form submits via a POST

Cannot Do

• Use any web or social analytics tool that cannot meet HIPAA guidelines
• Use a Tag Manager to funnel events that may contain PHI to non-compliants tools
• Send form data with PHI in the clear to any tool. This includes HIPAA compliant tools
• Cannot send form submits via a GET which puts potential PHI in the url

Implications of HHS Guidance

When you look at the various ways in which site do their tracking, there are implications that you need to think through and address.

1. Must choose the correct tag management and analytics solution. Remember that tag management solutions send tracking data to a range of possible sources
2. It’s not feasible to just disable analytics tracking on certain pages.  Yes, you can disables tracking on form pages, in find a doctor apps and other areas.  However, I would refer to this as cutting off your nose to spite your face.  You can do it but why would you disable tracking when it’s most important and you want to know what and when a potential member or patient converts?
3. Any tracking should be reviewed.  Facebook, Google, and other vendors have a variety of tracking tools.  Whatever you use on your sites including hotjar should be reviewed.
4. All authenticated experiences fall under HIPAA
5. Many un-authenticated experiences fall under HIPAA
6. Outbound campaigns are less impacted by this.  Yes, you still need to be HIPAA compliant but if your campaign is compliant then tracking the results should also be compliant

Technologies

The good news is that you can still use tracking technologies. The vendor needs to be HIPAA compliant and if the solution is in the cloud, the vendor must sign a BAA.  There are solutions out there and I’ll address that in a future post.

Now that bad news, the most common solution used by a very large majority of healthcare organizations, Google Analytics, cannot be used.  Google has done their own analysis based on this guidance and has published the resulting note:

Customers must refrain from using Google Analytics in any way that may create obligations under HIPAA for Google. HIPAA-regulated entities using Google Analytics must refrain from exposing to Google any data that may be considered Protected Health Information (PHI), even if not expressly described as PII in Google’s contracts and policies. Google makes no representations that Google Analytics satisfies HIPAA requirements and does not offer Business Associate Agreements in connection with this service.

For HIPAA-regulated entities looking to determine how to configure Google Analytics on their properties, the HHS bulletin provides specific guidance on when data may and may not qualify as PHI. Here are some additional steps you should take to ensure your use of Google Analytics is permissible:

• Customers who are subject to HIPAA must not use Google Analytics in any way that implicates Google’s access to, or collection of, PHI, and may only use Google Analytics on pages that are not HIPAA-covered.
• Authenticated pages are likely to be HIPAA-covered and customers should not set Google Analytics tags on those pages.
• Unauthenticated pages that are related to the provision of health care services, including as described in the HHS bulletin, are more likely to be HIPAA-covered, and customers should not set Google Analytics tags on HIPAA-covered pages..

Note that this guidance states that a healthcare organization should not use Google Analytics or Google Tag Manager where HIPAA may be present. Many organizations use these tools under conditions that the new guidance suggests they should not.

In my next post, I’ll explore possible solutions to this challenge.

Recently, the Health and Human Services Department (HHS) came out with guidance regarding the use of online analytics technologies.  This guidance will impact a lot of Provider and even some payer websites.  This includes hospitals, clinics, medical groups, imaging centers, and more. It gives more insight into how healthcare organizations can better ensure patient data is not inadvertently revealed.

Why Guidance and Not a Rule

This guidance has to with HIPAA which is an existing law and for which many organizations already spend a lot of effort ensuring the privacy of that data.  the guidance focuses on where most people might think there is no issue. Many think that Patient data is behind firewalls and logins and not available on a simple .com site. Why should we worry?  It turns out that there is risk and we need to ensure we do incorrectly expose the wrong data.  Here’s what the HHS have to say about this guidance on their web site.

Tracking technologies are used to collect and analyze information about how users interact with regulated entities’ websites or mobile applications (“apps”). For example, a regulated entity may engage a technology vendor to perform such analysis as part of the regulated entity’s health care operations.⁵ The HIPAA Rules apply when the information that regulated entities collect through tracking technologies or disclose to tracking technology vendors includes protected health information (PHI).⁶ Some regulated entities may share sensitive information with online tracking technology vendors and such sharing may be unauthorized disclosures of PHI with such vendors.⁷Regulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures⁸ of PHI to tracking technology vendors or any other violations of the HIPAA Rules. For example, disclosures of PHI to tracking technology vendors for marketing purposes, without individuals’ HIPAA-compliant authorizations, would constitute impermissible disclosures.⁹

What Advice Does HHS give?

Let’s break down the advice around tracking and HIPAA

• This is applicable to online tracking technologies. (web analytics, embedded scripts, etc.)
• HIPAA rules apply when information collected is disclosed to the tracking tools
• Providers are NOT permitted to use tracking technologies that result in PHI disclosures
• This applies to authenticated and unauthenticated scenarios
• For example, gathering PHI during an online appointment schedule
• IP addresses count as PHI
• You need to determine if a tracking vendor requires a BAA

What Do Providers Need To Address

Even simple web sites like your hospital’s main site can collect PHI.  Let me walk you through some examples of where you must be very careful about the use of web tracking technologies.

Find a Doctor

When you schedule an appointment you collect PHI in the form of  name, address, reason for the appointment, type of doctor you are seeing, etc.  If you use a web tracker of any kind as you capture this information and that web tracker captures this PHI in their public, unencrypted cloud, then you have a HIPAA violation.

Class or Interest Forms

Many hospitals provide classes and newsletters but as they capture information to register interest or register for the class, they may tie identifying information to a condition.

Clinical Trial Finder

In the same vein, registering interesting in a specific clinical trial then that interest has a potential to capture PHI if you also use non-HIPAA compliant tools to track these transactions.

The Bottom Line

Providers need to be very careful when using web and social analytics tracking tools on their public facing sites.  These sites do capture PHI.  All Providers sites already securely capture it in a variety of forms for transfer to their internal systems.  Providers just need to ensure that other analytics tools don’t capture that data and deposit it in their public cloud.

I’ll discuss some additional challenges and do’s and don’t around PHI and web analytics next time.

The other day a question came up on what extra due diligence do we need to do as we adhere to HIPAA compliance requirements. My first thought was that, of course, we do comply by embracing that extra due diligence in everything we deliver.

But of course, the devil is in the details. Those details get a little thorny when you create good front-end experiences without crossing the line and sharing any information.

Let me discuss three examples of how you can create a better consumer experience while still taking HIPAA into account:

1. Register for a patient portal
2. Patient Registration with an online form
3. Personalization on a site

Registering on a Patient Portal

Many hospitals commonly require physical signatures and ID before giving access to your patient portal. Technically, this meets all the demands of HIPAA and ensures your privacy. But it requires a lot of extra time just to get access to something most patients won’t access all that frequently. You can set up a process like this, but consider other options.

Other industries commonly use information about you to help with self-verification. What if you could:

1. Start registration with your name, MRN, and a couple of other pieces of information
2. Go through a process where you answer very specific questions like, “Where you got your first loan?” or “What car did you buy in 1999?”
3. Finish with some additional email verification

This type of an approach makes it possible to let patients register for the portal without a physical signature or a trip to hospital. It ensures it’s you because you have key pieces of information known only to you. It ensures your patients don’t start with a bad experience in the digital world they share with you.

Of course, any process like this must be vetted with your compliance organization and with legal. We found that a combination of those two helps to get past issues where one group may only focus on the perceived issues and not on how to adhere to the law and give a better experience.

Online Forms

We’ve all been there. You fill out a pre-registration form and it goes through seven different screens. 98% of that information already exists somewhere in that clinic or hospital records, but you get to do it all over again.

It’s as if they don’t know you despite having access to that very information. It is possible to solve this frustration, but you must be careful. You want to use this data to pre-populate a form, but you must do this in a safe and effective manner.

Here are some thoughts:

1. If you have a custom portal, don’t store PHI on that portal. Make real-time calls to more secure back-end systems to get that information
2. Don’t key information like social security number in the open. You can partially mask it and have a user confirm that the last four digits are correct
3. Verify that the information you “need” is truly what you need and not too much
4. Have two versions of forms: One longer form for new patients and one shorter for existing patients. Once they login, you can give them a better experience.
5. Use these types of events to suggest that now is a great time to sign up for the portal.

Remember that you can take small steps to create a better digital experience. It just takes thought and effort.

Personalizing the Experience

Regardless of industry, every company or organization wants to create a more personalized experienced. Most find it to be incredibly difficult. Health Care Organizations (HCO’s) find it even more so.

How do you use insights about a patient having high blood pressure to help them learn more about their diagnosis and provide options to proactively address the issue? You shouldn’t just come right out and state it. That’s especially true when they are on a public, non-logged in site.

But you can provide insights.

For example, you can have an area with relevant articles from a health library. If you have online classes or other events, you can make them aware of it without explicitly saying anything.

Finally, if they click on these personalized article or classes, you can also make them aware of excellent clinicians who can treat someone with their condition and why anyone who has it needs to take a first step.

This approach isn’t perfect, but it ensures that if someone is curious enough to come to your site and identify themselves, then you can guide them in the right direction to addressing their health needs.

YOU MAY ALSO ENJOY – Hip On HIPAA: The Secret Sauce to Successful Marketing Campaigns

Struggling to Meld HIPAA Compliance and Great Experiences?

We can help. Reach out, and let’s talk.

At Perficient, we see a lot of our partners investing in healthcare in general.  Most of our partners have evolved to the point where their tools are HIPAA compliant and many are willing to sign BAA’s.  I think it’s significant then that Microsoft’s recent announcement that Microsoft Cloud for Healthcare is generally available. Getting beyond core compliance demands that software vendors meet core business needs.  In healthcare, that’s harder than it looks.  Microsoft has chosen to go about this in a variety of ways.  Cloud for Healthcare brings together a range of products into one offering:

1. Azure Cloud
2. AI Healthbots
3. Microsoft 365
4. Dynamics 365
5. Integration in the cloud that support FHIR and other key interoperability standards

Bringing together an assortment of tools bodes well when it comes to meeting the range of challenges Healthcare organizations face and that is good news.

We can finally talk about the actual investment being made in strategy.  Most people want a strategy to start at, “What steps am I going to take?”  Most people find it painful to think about and do the Insights and Ideas steps discussed in previous posts. While those other elements are essential, it’s where the rubber meets the road that you finally fill the gap. It’s here that you get to make a plan that justifies the investment, and that delivers the actual value.  That said, this final strategy phase contains more than just a roadmap.  It’s here that you plan, justify the investment, and start the work.  Think of it as three key elements:

1. Outcomes
2. Program
3. Roadmap

Outcomes

While many skip this step, it’s good to define your specific objectives and key results. By critical results, we mean the actual measurable outcomes you expect.  Don’t fall back on simple measures like the number of page views and the number of downloads.  If your investment will increase customer engagement, sell more product, sign up more subscriptions, schedule more appointments, etc., then focus on that.  Be as ruthless as your CEO is going to be when asking if this is worth what is probably a substantial investment.

In the process, don’t forget about a benefit model, e.g., what specific benefits do you get?  How can you measure those?  Can the benefits provide enough value to justify the actual cost?  Doing your homework here aligns everyone early on and dissipates any complaints later in the project.

Program

The program focuses on the basic set of the project or the “program”  It should also include any change management needs you have. We find that Organizational Change Management (OCM) is needed in every single large program or initiative.  You need to make a case for change, identify the differences, communicate the plan/results, and train people to successfully roll out new functionality.  From an OCM perspective, remember one best practice, start early. Don’t start two weeks before you launch a crucial system.

If your strategy involves multiple projects or workstreams, then you should plan on forming a program and managing these at a program level.  Allocate resources to the program. This includes program management and technical expertise.

Roadmap

The roadmap represents the culmination of the effort. Here you develop your 18-24 month roadmap. Anything beyond 24 months is unrealistic.  You will see too much change at that time to plan beyond it.  When working on the roadmap, remember these best practices:

1. Put your roadmap in a tool where it’s easy to change.  I use Excel for that reason. This is a living document. It will change.
2. Communicate and iterate.  Show the roadmap to everyone involved. Let them know what you plan and why.  Take the feedback and incorporate it.
3. Start with a straw man.  Don’t start with a blank slate and have a meeting with 15 people.  No one deserves that kind of painful meeting. Take a core team of 2-3 and create your first draft. Then fill it out as you get feedback from a larger group.
4. Let the roadmap take into account people and processes.  You will need to incorporate governance, change management, hiring, and training.
5. Show the delivery of capabilities.  Yes, you should model many elements that are more technical in nature, but you want people to see progress as you deliver value to your end-users.
6. Take into account priorities.  No one will approve a roadmap that only delivers value in the 2nd year.
7. Take into account the level of effort.  What are the easy wins?  Have you mapped those activities in where it makes sense?
8. Do not forget critical dependencies.   If you are a retail organization that wants to use your physical locations to enhance a digital experience, then look at all needed, like process automation, inventory, employee communication tools, etc.  If you are a hospital that wants to allow for online scheduling, then take into account not just the delivery of a front end but also of the scheduling system and the API’s involved.
9. Don’t overload too much in any one time period.  This is a long-haul effort.  Get the team and resources allocated for the long haul.
10. Model in how you will measure the value of the effort.
11. Do plan on Agile, Cloud, and other technology best practices.  Strategy implies change, so make changes that set you up for the future.

Bottom Line

Let me hearken back to the initial challenge of a gap in strategy from my first post in this series

“These strategies by their very nature can only go so far. They identify high level actions to take but naturally don’t get into the detail. That’s for the specific initiatives and projects that come from it. Many companies just launch right into it which can result in ineffectual results”

The overall framework for strategy takes a beautiful high-level strategy and gives it enough detail to become actionable.  This final step shows the exact action you want to take and what kind of results you can expect.  It closes the gaps and puts a lovely ribbon on it.

This is part 3 of filling the gap in strategy. You can find a general introduction and a deeper dive into insights if you want to catch up.  We believe that there tends to be a gap in strategy when a business strategy meets the operational elements.  In other words, a beautiful strategy may point you in the right direction, but you typically need a plan on how you will implement the strategy. That plan cannot start with a roadmap, though. You have to understand where you are and how you are going to get there.

Today we are going to transition from insights to ideas.  In other words, how to create your plan by making critical decisions from a business and technology standpoint.  Think of it in terms of some friendly descriptors:

• Explore: explore options, define your customers’ experience, understand what you are trying to achieve
• Iterate: Dive deeper, engage both customers and a range of employees in your organization, map capabilities to what you are trying to achieve
• Decide: Make operations and technology decisions that align with your defined customer experience and plan.

Now that probably sounds a bit soft. You can’t make a plan on explore, iterate, and decide. You can use these as guiding principals. Specifically, you want to do the following:

1. Experience: What experience do you want to create for your customers?  What experience will employees need to make that experience?
2. Operations: What capabilities do you need to create the experiences defined above?
3. Technology: Which technologies will enable those capabilities and experiences?

Experience

I’ve referenced before that you can’t start with vision and goals.  Now is the time to state your vision based on your overarching business strategy and the insights you gained from the previous strategy phase.  So do it, define your vision. Make goals on how you can measure success. Once that’s done, then use a few tools that ensure you know where you are going. If you are creating a customer experience with both front end interfaces powered by back end systems, then define the journey for these customers.

At the same time, don’t forget about your employees. What do they need to create those experiences?  Do they need sales tools? Relationship management tools?  Hardware?  Training?  Define it and make all of that part of your plan.

Finally, you can experiment in this phase. Perhaps you need to prototype a few systems or tools just to ensure that your plans are possible.

Operations

You have to focus on operations to make all this work.  While governance and process mapping sound boring, they drive success. We suggest three high-level activities:

1. Digital Capabilities: Look at your experience and define the capabilities needed to deliver that experience. For example, if you are a retail shop and want to provide digital commerce to the store, what does that look like?  What capabilities do you need to allow someone to order a customized product and arrive in the store?  What do employees need to create an excellent experience for that customer when he walks in to pick up the product? Do you need additional tools in the store to do final customization?   Create a capabilities map on this and the entire spectrum.  At the same time, begin to prioritize what brings the most significant business value.
2. Business Process Mapping: map out the process.  How will you do the intake?  What can be automated?  Who needs to participate?
3. Digital Operating Model: The model is the full set of operating elements. Bring it all together, so you know how you will address the needs.

Technology

As always, we expect technology to fulfill a large part of your plan. Whether it be grassroots systems like storage and automation, a new mobile app, or better and more scalable experience driven by AI, you need to map digital capabilities to technology.  Start with what you have. What can you reuse or upgrade?  With the gaps, define which products will get you moving fastest.  Choose the new tools and create the standards for their use. Remember that business has a seat at the table too. If they can’t see the technology meeting the need, they will go buy their own tools. That can and will create inefficiencies.

Bottom Line

What Perficient calls “Ideas” represents an intermediate step. Here you make decisions that drive experience, matures your business, and aligns technology.  You haven’t reached your end state from a strategic perspective. You still need to define your specific outcomes, create your program, and represent a roadmap.  But this phase gives you the building blocks that will allow you to make those final blocks.

The CMS Final Rule sparked some interesting conversations and problem-solving among the interoperability team at Perficient. It’s one of the first times payer or health insurers had to react to these types of rules. The way they treat the data and the location of all the data makes this a different ball game than what you have to follow if you were a hospital. That means that while the basic rules understanding remains the same, the solutions you consider are actually quite different.

The Ask

Earlier this year, CMS / ONC released their much anticipated “Final Rule” which mandates that payers who have anything to do with federally related plans have to do the following:

• Patient Access API: Provide a FHIR-based API that lets patients access their claims and encounter information through 3rd party applications
• Provider Directory API: Make Provider Directory information available through a publicly available FHIR-based API
• Payer-to-Payer Transfer: Allow members or patients to request transfer of their records to another payer

Payers that meet key criteria must make these capabilities available and must do it following open standards like FHIR, SmartIG, and OpenID.

READ MORE: Fast Healthcare Interoperability Resources (FHIR) Explained

The Challenge

While many payers already have data and integration platforms available, most are not set up to make this data publicly available. In addition, a lot of this data resides in a range of systems. Those systems also have overlapping data. Therein lies the issue. Overlapping data means you have to find it, transform it, and deduplicate that data. It’s possible to make a real-time call, but the more duplicates you have and the higher the overlap of data, then the more you need to do.

In other words, just creating a FHIR API won’t allow you to meet the need.

YOU MAY ALSO ENJOY: Healthcare PowerByte: Interoperability – Make Data a Strategic Business Asset  

Deciding on Solutions

Most of the early debate in our team was what type of architecture would meet the criteria demanded by the CMS Final Rule. Unfortunately, no one architectural approach will work for every payer. This allows integration platforms with FHIR support and FHIR server type solutions to enter the mix. They can even co-exist depending on your ecosystem of platforms and data sources.

In order to make a decision, you need to take into account the following:

• Where does your patient / member information reside? Is it in multiple location for claims, eye exams data, clinical data, etc.?
• Where does your provider information reside?  Is it easily accessible via an API?
• Is there a lot of overlap of data in the various data sources?
• Do you have a hard time pulling from the data sources and mapping it to the correct member?
• Do you already have (or will you soon have) an integration and API management platform? (NOTE: Both can be needed.)

A Few Thoughts on Possible Solutions

As noted, not everyone will land on the same solution.

Larger organizational structures and larger numbers of data sources drives you toward a more complex solution set. I would put the solution in a few categories:

1. For those that have few data sources like mainly just claims data, you can consider using an integration and API management vendor to front both provider and patient data and to serve up the FHIR-based resources.
2. For more complex, you can consider a FHIR Server or FHIR “solution.” This may need to be paired with the enterprise integration and API Management platform. This approach means the following:
   • You pull all the data into one central location
   • You perform data transformation and de-duplication on it so that patient data is correctly defined
   • This data will not be real time; by it’s nature, there will be some latency
   • The normalized data can then be called securely by whatever is fronting your API’s
3. A hybrid option can work if your provider data is easily accessible and already centralized
   • API platform calls provider data and enables a FHIR API
   • Centralized patient data platform for the more complex patient data scenarios

SUCCESS STORY: Empowering Healthcare Consumers and Their Care Ecosystems With Interoperable Data

The bottom line is that each organization has a variety of options. You always have to take your systems and your data into account to create your final architecture.

Just remember that FHIR is the standard and not the solution. Most of the heavy lifting occurs behind the actual FHIR call.

Have questions about your near- or long-term integration and interoperability goals. Our experts can help. Contact us to get started.

I introduced filling the gap in strategy in my last blog post and want to dive in deeper on one element.  Many times, people want to start with Vision or a similar exercise.  The idea being that if there is a gap in your strategy then the obvious next step is to discuss your vision for it and what you are going to do.  It’s an obvious step but it shouldn’t be the next step. Too often, we make decisions in a vacuum. People make decisions without enough data.  I want to focus on the preferred next step which is insights. At Perficient we think of insights in three ways:

1. Market: what’s happening in the marketplace?
2. Business: What are the pain points with your business?
3. Systems: What technology do you have today? Is it up to date?  Does it work well?  Is it capable of scaling? Is it agile enough to meet your needs?

Market

You can use a variety of tools and research to get this insight.  We don’t suggest you do everything but we do suggest you take the time to focus on where you are today.   You want concrete reliable information that tells you if you are winning or losing and for what reasons.  You can’t react to your competitors if you don’t know what they are doing and if it’s impacting you.  Here’s a couple ideas on what you might do.

• Purchase research from your industry group, Forrester, Gartner, etc.
• Interview your customers who are leaving for a competitors
• Contract someone like Perficient to do a market analysis and who likely has a clients in your industry
• Do research on your own on what’s happening. Industry web sites, magazines, and even simple Google search can yield a significant amount of information

Business

What is your business doing right?  How happy are your customers?  Focus on the specific area. If you are talking Customer Experience then focus on that. If you are talking about other areas or are specifically focused on a portal for example then ask relevant questions to that area.  You want to understand what’s working and what’s not so you know where to focus. As always, you must focus on what’s important to the customer.  There are a lot of activities you might include in this area:

1. Internal surveys to gauge how needs are being met in a range of areas
2. External surveys to gauge how your customers feel
3. User research around the current customer experience, pain points, etc.
4. Analytics to determine trends. You can even dive into predictive analytics. One customer used predictive analytics to understand when a customer is about to leave.  That drove additional insights into what the business needs to change

Systems

If strategy drives you to what your next steps should be, technology tends to be an enabler of those steps.  The bad news is that it tends to be expensive and no one wants to bolt on 3 different systems to meet a need unless new technology is critical to the need.  You want to assess the current state and ask key questions related to your specific area.

• What are the technologies that are used in this area?
  • Focus on front and back end systems.  Don’t just think about the lipstick experience component.
• What will be sunset as an old technology?
• What gaps exist in your technology tools

Bottom Line

Take the time to take a step back and understand where you are from a variety of viewpoints.  Then you can move forward to decision making.  It will make the overall strategy process easy and will make it more collaborative as everyone aligns to to true vs perceived inputs.