Navigating the New Rules of Healthcare Advertising

Intro 0:01

Welcome to the She Said Privacy/He Said Security Podcast, like any good marriage, we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st Century.

Jodi Daniels 0:21

Hi, Jodi Daniels, here. I’m the founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified informational privacy professional providing practical privacy advice to overwhelmed companies. Hello.

Justin Daniels 0:37

I am Justin Daniels, I am a shareholder in corporate M&A and tech transaction lawyer at the law firm Baker Donelson, advising companies in the deployment and scaling of technology. Since data is critical to every transaction, I help clients make informed business decisions while managing data privacy and cybersecurity risk. And when needed, I lead the legal cyber data breach response brigade.

Jodi Daniels 1:00

And the second subject is brought to you by Red Clover Advisors. We help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, e-commerce, professional services and digital media. In short, we use data privacy to transform the way companies do business together. We’re creating a future where there’s greater trust between companies and consumers to learn more and to check out our best-selling book, Data Reimagined: Building Trust One Byte at a Time. Visit redcloveradvisors.com, well, hello, hello.

Justin Daniels 1:35

It’s podcast recording. Time again, you’re looking very chic today. Oh, okay. I’m not sure what I should do with that. I don’t know. I don’t know. Got your jeans and your fancy shirt? Fancy shirt.

Jodi Daniels 1:49

It’s because I have ruffles festive, I guess my festive fort, I think it just has ruffles.

Justin Daniels 1:55

Okay, is that new I

Jodi Daniels 2:00

in the last couple months new Okay, I hope you’ve enjoyed fashion. You’ll have to go check out the YouTube video to see my my ruffles on my shirt and my blue earrings, actually that my younger daughter made. She made them in jewelry. So metal smithing.

Justin Daniels 2:15

Metal smithing, yes, for those of you who don’t know, Jodi is very adept at making sure that her earrings match her outfit. I’ve never seen anything

Jodi Daniels 2:24

like it. When the last fun about fashion is when I was in high school, I used to wear a bow in my hair, and every bow always match. So now I’ve just moved from bows to earrings, okay, but we should probably talk about privacy. This is not a fashion podcast at all, and instead, today, we’re going to talk with Jeremy Mittler who is the co founder and CEO of Blueprint Audiences with nearly two decades in healthcare advertising and privacy. Jeremy has shaped how marketers reach patients and providers at blueprint. He is creating a new privacy, safe way to build health audiences that ensures compliance across HIPAA and the growing list of state privacy laws. Jeremy, welcome to the show. Yeah.

Jeremy Mittler 3:08

Thank you for having me and Justin. Let me say you also look chic today.

Jodi Daniels 3:14

It’s fun and powerful. Absolutely.

Justin Daniels 3:17

Video that’s funny. Jeremy, this happens to be one of my favorite casual shirts. It just well fits well and a little different. I don’t know. I do appreciate you saying that’s rather funny, huh? Yeah, we’ll leave the hairpins in the that to you, whatever. Yes, we need to focus on Jeremy, our guest. So Jeremy, tell us a little bit about your career journey.

Jeremy Mittler 3:46

Yeah, sure, absolutely. Thank you guys for having me. So I entered the workforce in ‘99 it was the height of the dot-com bubble, and the reason I share that is because that helps shape the rest of my career. I’ve always had an interest in startups and small companies and so on. Fast forward, after business school, I joined a startup in healthcare called cross solutions. I was an early employee, and we basically created two markets in healthcare. One was the ability to measure pharmaceutical marketing campaigns. The other, which is where I spend my time now, is in audience targeting for healthcare. I left last December and took a little bit of time off. I got to ski, spend time with my kids and my wife and so on. And, you know, I always wanted to start my own company, kind of driven by that just experience of joining the workforce back then. And so I just announced recently that I started Blueprint Audiences won’t get too deep into it, but it was driven by this idea of, if I wanted to build the absolute safest audience segment for healthcare, how would I go about doing it? Right? And it just kind of built the idea from there, and lo and behold, here we are. So thank you guys for having me

Jodi Daniels 5:06

now, Justin, I know you want to talk about skiing. We’ll save that for. You’re going to save that for. What do you like to do? For fun? Yes, you are. And I’m going to focus on Jeremy, what you just talked about, which was building safe audiences. And your work really focuses on this idea of a privacy safe health audience targeting. Can you help us understand what does privacy safe actually mean in practice for health marketers? And then, how does one actually do that?

Jeremy Mittler 5:37

Sure, I will. I’m gonna give you an analogy here. Tell me if it hits or doesn’t hit, but when I hear the words privacy safe, I think of the words all natural, like when you’re going through the grocery store and you’re looking at breakfast bars, and everybody says they’re all natural, and very few are. And I think privacy safe is kind of a similar thing. I’m trying to judge based on your faces, if that hits home or not.

Jodi Daniels 6:07

I love it because I like healthy food, and it’s fine. You have to read the ingredient labels. And here, if you have to try and figure out, dig deep behind the the tools and vendors and partners that you’re using.

Jeremy Mittler 6:20

Yeah. Yeah. So I think it’s the same, right, like everyone says, If you are, you know, I think in healthcare and in healthcare advertising, many marketers are using a lot of the same tools that were created before we had even one state privacy law, before we had California, come on the books, and that’s the idea. You know, a lot of the tools are modeling and inferences and predictions of someone’s health, then using that data to determine who should see an ad and who who shouldn’t that is, as you know, pretty highly regulated right now. One example of this idea of everyone says privacy safe, but few are. I see a lot of companies out there that say they’re HIPAA compliant, but I think we’re well past the world in healthcare where HIPAA compliant equals privacy safe. There’s much more to it than that. And so, you know, I think we’re moving to a world where, you know, I’d love to see privacy thought of as an advantage, right? When everyone’s doing the same thing, it presents opportunities to differentiate, to evolve more quickly than than everyone else. And, you know, I think we’ll probably get into this. But the tools do exist today for healthcare marketers to run precise, you know, healthcare media campaigns and to really reach the patients they’re trying to reach, but also be very conservative and safe from a privacy standpoint. So it’s possible, takes thoughtfulness and effort and so on, just from a change management perspective. But I think it’s possible, and hopefully we can talk more about that as we go through the session here. That sounds like a good plan, yeah.

Justin Daniels 7:58

So health data is highly regulated data HIPAA, state laws, patient, consent, etc. What are some of the biggest regulatory and legal challenges that you see right now for companies trying to use health audience segments, and how are you helping them navigate those challenges?

Jeremy Mittler 8:14

So good question. I touched on it a little bit, but the biggest challenge is just the patchwork landscape that we live in today. Right for healthcare, advertising in particular, we’re well past the world of HIPAA only. And in fact, for much of the things that we do in this world, HIPAA is even less relevant, not irrelevant, but less relevant than the patchwork of state laws, unless you’re actually taking phi and sending it to an ad platform. The state laws really reign supreme. So challenge. There are 22 laws by my tracking, that are relevant for healthcare marketers, and even more so, as you know, they’re not usually black and white, a lot of gray area. What’s considered sensitive data, what’s considered consumer health data. There’s a lot of room for interpretation. We look to Attorney Generals for guidance and so on, and we look for other clues for guidance on what’s okay and what’s not. But so many different laws, so much gray area is very hard to deal with. It’s very hard to come up with, like, a single compliance checklist and say, okay, I’m good when there’s so much gray out there. So that’s the challenge, and that’s what I spent a lot of time thinking about, is how do you overcome that and, and how do you deal with that massive patchwork and and still be compliant and being able to deliver the right ads to the right people.

Jodi Daniels 9:46

Companies really want to get what you just said, the right ad to the right people. And before we kind of go a little bit deep on this personalization, I am curious on the theme of challenges. I imagine I’m I’m a company. I. Just I want to get my ad to the right people. What are you seeing at when working with those companies, actually, as some of the challenges. So for example, are they familiar with the 22 different laws that you have on your tracker? Are they familiar with the definition of health data beyond HIPAA? Do they not know how to separate out any of their data. So I’m curious if you can share a little bit of the challenges you’re seeing across companies right now.

Jeremy Mittler 10:27

So that’s a good question. Jodi, there’s certainly a range. I think there’s parts of healthcare where the, I don’t know, the the themes and concepts within privacy are well ingrained in the marketing teams. You know, they speak the language. They are aware that their state laws. Maybe not entirely sure how to deal with the complexity of it, but well aware and on one extreme, I see companies that, in some cases, have just stopped advertising. Because how do I deal with this? I don’t know. Let me just stop the other end of the the equation here is either less familiar with the complexity, or I know that it’s out there, but I just don’t really want to deal with it, almost like, kind of like a blind eye and until something happens that’s an external event, I’m gonna just let others deal with it. My privacy team will deal with it. If they say it’s okay, I’ll just keep going with things. So I think there’s a very broad range. I would obviously love to see the, you know, the education and awareness of the complexity and of the challenges that we’re facing really, really grow. And I think it will right as we get more laws and more, you know, more, sorry, more laws and and just other things that we’re dealing with, the awareness will grow within the industry broadly.

Jodi Daniels 11:56

Well, I appreciate you kind of setting that stage. And we have some companies who are too scared to do anything, some companies who want to ignore it. And there are, as you mentioned before, some technologies, or some tools or some ways that companies can kind of be in the middle and actually do this safely. Can you share a little bit about what are some of the techniques or technologies that companies could deploy to make this privacy, safe, health, audience targeting a reality.

Jeremy Mittler 12:23

So, yeah, sure, I like to think of the approach here, and this is my own view. You know, a lot of companies talk about balance here. How do we balance privacy and precision in audience targeting? I don’t love the word balance. Balance, to me, I think of a seesaw, and it implies that in order to get a level of precision, I need to have an acceptable level of privacy risk. And I don’t like that. I think we are in a world where we should be starting from a place of absolute privacy, where we just think, first and foremost, how do I create a safe, good experience for the consumer who’s about to see my ad? And then we say, how do we optimize for the business outcome, for the precision, you know? And so the techniques and tools, actually, I’ll mention a guest of yours that you’ve had in the past. Alysa Hutnik, I just listened to a podcast that she did recently, which talked about the exact topic, right? Well known privacy lawyer, and saying, what are the tools and techniques that are considered safe in the world for healthcare, in the world that we’re in today? And she lists off three things, if I power for paraphrase, she says, contextual advertising makes sense. Opted in, consented data makes sense, and then also this idea of using aggregated insights on personal data as another tool in the toolbox. And I think these, along with others, can really form the core of a media plan for healthcare marketers moving forward, if you really want to think about privacy first and then focus on the precision and the business outcome from there,

Jodi Daniels 14:09

I really appreciate you listing those three. I think that’s very, very helpful for people to be able to have a knowledge and some options to be able to move forward with.

Justin Daniels 14:20

You know, it’s interesting, the two of you bring up the aggregated data part, because I’m involved in a negotiation that that’s an issue, and I just wonder if data aggregation will be impacted by the use of AI to use other outside sources coupled with that data to try to then re anonymize data and undermine that pathway to having, well, you know, Privacy Enhancing kinds of data,

Jeremy Mittler 14:53

yeah, I’m of the belief that I, you know, I love AI, it is a wonderful tool. So when we think specifically about advertising in healthcare and trying to get those ads sensitive data, AI is a huge risk, you know, because of that, because there are now tools that we’ve had them for a while, and they’ve gotten more advanced with AI that really allow you where’s the line between aggregated and personal, right? And you can AI can blur the line a bit. I would say,

Justin Daniels 15:25

I guess, or at least shift it, but I don’t know. I guess it’ll be something that we’ll all be watching as soon. Yeah, as an emerging trend.

Jodi Daniels 15:33

We will, Mr. AI.

Justin Daniels 15:39

I have to deal with AI, I have no choice. It completely disrupts the way I deliver value.

Jeremy Mittler 15:45

I guess we’re going to have to talk about how AI is going to impact skiing. At the end of this,

Justin Daniels 15:50

we can, but you know what? We’ll save that, and let’s continue to focus on this. Because, anyway, I guess I’d like to learn a little bit more about, you know, the advertisers and healthcare companies that work with, the vendors, the ad platforms and partners. And you know, what should those organizations look for when evaluating these partners to ensure they align with privacy, data security? I guess we’ve already kind of talked about one emerging issue, but what’s currently top of mind that they got to deal with now?

Jeremy Mittler 16:18

So I think there’s three things, like, when we think about, how do you work with how to healthcare, advertisers work with other organizations, and how do we get com? How do they get comfortable with privacy, security, you know, ethics, even there’s a lot, I think, of three things in particular. One is compliance, right? Everybody works internally with legal and privacy teams. Of course, it’s important. There are due diligence, things that you can do, and checklists. Obviously, there’s a ton of that work. That’s where, you know, I know you guys come in and help out a lot. I also think again, my own opinion here that when we think about who should we work with in an in an environment with so much uncertainty and gray areas, we need to lean a little bit more on our own gut instinct, like we think about transparency. And I know there are companies that have left meetings with vendors and said, I don’t, still don’t understand it. How does it work? I don’t really know that I trust they were telling me everything or they didn’t answer all my questions. And I really would love to see checklist aside, you know you could check all the boxes, but in a high risk environment with a lot of uncertainty, you have to listen to your gut when you think about transparency and trust and just, do I trust the people on the other end of the line? I think there are some due diligence, things that marketers can do themselves. I love to tell people to stop what they’re doing and just be a consumer. Go exercise your own rights with your partners. Go to their websites. Try to opt out and exercise your rights. See if it works. Is it? Are you allowed to do so in every state where it’s required? Like, there’s some basic things that anybody and everybody can do, and I think that’s important. And then, you know, the last thing is just scrutinizing the methods that are used. We touched on this earlier, where, you know, Alyssa had said that, you know, there’s kind of three main tools that you can use, focusing on those, understanding the methods. How are you creating the data that’s being used to advertise? So that’s kind of what I think about. You know, when you’re a marketer who needs to get comfortable with the vendors that you’re working with,

Jodi Daniels 18:37

I love Jeremy that you made the recommendation to think like a consumer, and to actually go and test it out yourself. I I love doing that. It’s so helpful. And yeah, in the physical world, I always encourage people I know we’re talking about beyond HIPAA, however you should, you should look to see what that experience is like and ask for your HIPAA privacy notice at different places, because it’s always interesting, you’ll get a very unique experience, is all I will say there. But then online too is looking at how clear or not clear it is. So going to, for example, what did I opt into something? Well, some of the situations that HIPAA notice looks just like a regular opt in notice, and you can’t really tell the difference, so it’s a little bit more of like a dark pattern and kind of trickery. And at the end of the day, then you’re going to have unhappy consumers. And I’m always in the belief marketing is trying to connect with consumers and to give them what they what we feel like they need or or what they want, and make them happy and create a good relationship. And if there’s any form of trickery underneath any of that, it you’re not going to have a good experience. So I absolutely, really just wanted to emphasize, I think all privacy pros to go and do that, marketers should go and do it. You. We are all consumed. Ours as well, and being able to test what that experience looks like.

Jeremy Mittler 20:04

Yeah, Jodi, I don’t know if you saw, but I think it was a two to three months ago, some PhD students at UC Irvine did this. They took the 500 plus registered data brokers in California. They went one by one and tried to exercise their rights. And I know one of the headline I don’t remember every detail, but one of the headlines was 42% of companies did not even respond. Like there’s a lot of stuff that needs to be cleaned up in that world. And to me, it’s just kind of indicative of when you think about who you’re working with, your partners were responsible for the whole edtech food chain. This is kind of a pretty easy way to say, am I working with companies who take this seriously? That’s kind of how I think about it.

Jodi Daniels 20:50

Well, we’ve talked a lot about risks and challenges. I’m curious, is there anything emerging that you are watching that is exciting to you in this new space,

Jeremy Mittler 21:01

so exciting to me, maybe not exciting to everyone else I know. Everyone says, AI, I will go a different route and just continuing to watch the regulatory landscape for health marketers as it just continues to get infinitely more complex. I’m waiting, for example, to see what happens in New York. New York passed a health privacy law in the spring and not yet signed. We’ll see if that happens. Very strict people, compared to Washington’s, my health, my data. I’m watching to see AI laws and if and how they impact advertising in healthcare, Data Broker laws, and if there’s any more regulatory actions, you know, we saw this health line case in California a couple of months ago as well. And are we going to see others follow in California’s you know, footprint? So just the complexity of it to see what else, what else comes around, it is hard for me to envision a world with fewer privacy regulations instead of more and also hard to envision a world with less strict laws and rules rather than more strict rules and laws.

Jodi Daniels 22:10

That makes sense.

Justin Daniels 22:13

So Jeremy, do you have a best personal privacy tip you’d like to share with our audience today?

Jeremy Mittler 22:19

I will give you two, one of which I said already, which is the practical one, you know, go, be a consumer, opt out, exercise your rights, you know. Does the mechanism work properly? Is it available in all states where it’s required and so on. That’s the practical one. The theoretical tip is, put yourselves in the shoes of the consumer, right? So I spend a lot of time with healthcare marketers, and you really want to think about the person on the other end and the rule of thumb, right? If you’re explaining to your aunt or cousin or uncle or whomever, how did it come to be? Why was it that this ad was shown to them? What’s the response? Is it? Oh, that makes sense. Contextual advertising. Good example, you say you saw this ad because you read this article about diabetes and you saw a diabetes ad. Generally, people say, Oh, okay, I get that. That makes sense. If it’s Well, we took all this data about you, and we try to profile you and and we try to have some kind of educated guess of whether you have diabetes or not. You’re starting to move away from the safety and the and the secure and more in the, you know, the creepy factor a bit. And so just put yourself on the other end, think about the experience, and probably a decent rule of thumb to start with, compliance aside, like just put yourself there and make sure that they’re having a good experience.

Jodi Daniels 23:49

Now, when you are not reading privacy regulations and talking to health marketers and creating privacy safe segments, what do you like to do for fun, and I feel like skiing might be one, one of the activities.

Jeremy Mittler 24:04

We’ll save that for the last one. I will start with the common answer. I bet a lot of people say I have an eight and 10 year old, and so I love spending time with my wife. My kids are great ages. They still want to spend time with us. They don’t have too much homework. They don’t have devices yet, no phones, no iPads, but obviously pretty independent, so it’s just a great time right now with them. I am also a, I guess, unfortunately these days, a huge New York Giants football fan had season tickets in my family for over 60 years. So I’m big fan. Went to the last giants patriots Super Bowl in Indianapolis. And then the third thing I would say is skiing. So Justin, let’s talk skiing.

Justin Daniels 24:49

What Where do you like to go? Why don’t you share with our audience some of your favorite places?

Jeremy Mittler 24:54

Yours actually, during my break, I took most of the winter off mid career break. I’m in. New York in the New York suburbs, I skied a bunch in the Berkshires, which is probably my least favorite place to go, but most convenient. I did spend a week and a half skiing in the Alps in Switzerland with a friend of mine in January. That was very nice. I still think the best skiing is what you know, western US better environment and experience out in in Switzerland, for me, at least. So that was a nice, great experience. Would prefer to go out west, where I haven’t been in a long time. How about yourself? West is best. West is best you got it.

Jodi Daniels 25:36

Yeah, that’s, that’s the the phrase he has a shared often in our

Jeremy Mittler 25:41

it’s a good phrase, good for I’m gonna steal it at some point.

Justin Daniels 25:46

Feel free. No no licensing or no charge, no charge. Please use it as you need to.

Jodi Daniels 25:54

Well, Jeremy, we’re so grateful that you came to share all that you have today. If people would like to connect and learn more. Where can they find you?

Jeremy Mittler 26:02

Certainly, on LinkedIn. I write regularly just on this topic, just kind of the industry topic of healthcare, advertising and privacy. So find me there, or blueprintaudiences.com probably the two best ways.

Jodi Daniels 26:14

Amazing. Well, thank you so very much. We really appreciate it.

Jeremy Mittler 26:18

Sure. Thank you guys for having me.

Outro 26:22

Thanks for listening to the She Said Privacy/He Said Security podcast. If you haven’t already, be sure to click Subscribe to get future episodes and check us out on LinkedIn. See you next time.