HIPAA Compliant Healthcare Marketing and Ad Targeting

/ Thoughtspace - Blogs, Healthcare, Industry Expertise, Omnichannel Targeting

Healthcare Marketing Compliance Guidelines

In healthcare marketing, compliance is of the utmost importance. At Coegi, we work with many healthcare and pharmaceutical clients to continuously navigate this highly regulated industry. Continue reading to learn more about what it means to be a compliant and ethical healthcare marketer with this guide. 

Who sets the regulations for healthcare marketing compliance?

In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was passed to protect sensitive patient health information from being disclosed without consent. However, when it comes to understanding HIPAA for healthcare advertising, there’s a lot of room for interpretation. This leaves many advertisers unsure if certain marketing capabilities are compliant and ethical. 

This is especially true for pharmaceutical advertisers using health information to target audiences for prescription drugs, medical devices, and other pharmaceutical products through media. To provide an industry standard, there are committees devoted to giving pharma advertisers direction – including  the Interactive Advertising Bureau (IAB), the Digital Advertising Alliance (DAA), and the National Advertising Initiative (NAI). 

The NAI is one of the leading bodies for defining healthcare marketing compliance regulations. Founded in 2000, the NAI published a set of codes for targeted advertising and online profiling that is supported by the U.S. FTC. The most recent revisions to the code provide media targeting best practices, including a definition for Sensitive Health Information to provide pharmaceutical advertisers with more concrete direction for targeting consumer populations.

How does HIPAA affect healthcare ad targeting?

The first step is understanding if your brand’s core consumer audience falls under the ‘sensitive’ category. This will impact targeting capabilities. According to the NAI, there are two subsets of sensitive information: 

  1. Data about a health condition or treatment derived from a sensitive source 
  2. Data about certain sensitive conditions regardless of the source of the data

The NAI only provides a few sensitive categories. These include drug addiction, STDs, mental health, pregnancy termination, cancer, and all conditions predominantly affecting children that are not treatable with OTC medications. For other health conditions, the NAI provides guidance to help determine whether pharmaceutical targeting segments are considered sensitive. However, this guidance does not offer a clear list of compliant targeting capabilities. 

One of our leading media buying partners, The Trade Desk (an NAI member), also has a healthcare targeting policy. Using its own multi-factor analysis process, it defines whether a condition is high, medium, or low sensitivity to determine allowable targeting capabilities. Coegi recommends using these guides to inform client conversations and recommendations when aligning on the brand’s own definition of sensitivity. 

How do you approach pharmaceutical targeting compliantly?

The goal is to aggregate enough compliant data about an individual to create a complete picture. This allows you to meet their needs accurately while preserving their privacy. Make sure pharmaceutical advertising campaigns are compliant by examining the data sources informing them. Look for two specific criteria:

  1. Consent: Guarantee the audiences reached provide the brand permission to market to them
  2. Deterministic data: Validated user information so marketers know they’re reaching a person who gave consent

Despite the challenges, pharmaceutical brands still have a variety of ways to target patients. We can use first-, second-, and third-party data and machine learning to identify relevant consumers who are likely to be receptive to receiving advertising from your brand.

Best Practices for HIPAA Healthcare Marketing Compliance

  • Ensure FDA and HIPAA compliance of campaigns including messaging and targeting with legal counsel.
  • Use de-identified information from third-party data providers for patient behavioral targeting.
  • Gain opt-in consent from users for sensitive health segment targeting and geo-targeting. 
  • Leverage data partners to reach HCPs on a 1:1 basis at scale. 

Healthcare Consumer Ad Targeting

Once you determine whether your target is in the sensitive or non-sensitive condition category, use the following tactics to reach healthcare and pharmaceutical consumers:

Modeled Targeting

Modeled targeting using de-identified information from third-party data providers is compliant according to the NAI. The NAI’s Guidance for Health Audience Segments quotes, “the use of offline marketing segments that are also modeled, not based on any user-level purchase, behavior, or activity, would also be considered non-sensitive.”

From a blog post by Yeehooi Tee of PulsePoint, not all audience models are created the same. It is critical to analyze data collection methods. There are key factors to understand when evaluating health data segments. These include the source of the seed data, modeling attributes, the seed-to-output ratio, and many others. 

Contextual Targeting

There are no regulations on using contextual targeting for a consumer audience. This is a popular approach for reaching patient and caregiver audiences in a compliant manner. 

Connected TV is a useful medium for contextual healthcare targeting. A TV ad for a specific health condition can feel less invasive, yet still relevant, using contextual targeting. With third-party data partners, personal information is de-identified for HIPAA-compliant CTV targeting.


For both sensitive and non-sensitive conditions, geo-targeting a consumer audience requires the user’s opt-in consent to target by location data (like a clinic location). However, even with opt-in consent, there are still limitations for sensitive topics, such as reproductive health or addiction recovery, when it comes to location-based targeting. 

There are other forms of targeting patient audiences using geographic data. For example, using data partners, pharmaceutical brands can target programmatic buys to specific zip codes that over-index for a condition. Using anonymized provider prescription data, data can be matched to zip codes with the highest lift in specific prescriptions and even mapped to these households via IP addresses. This enables omnichannel online targeting to reach healthcare consumers through display, video, native, and social media channels. 

Condition-Based Targeting

We use third-party data providers to access unique condition-based healthcare segments. This anonymized data is not subject to some of the strict HIPAA guidelines, as it cannot be tied to personally identifiable records. This allows you to reach your relevant audience at scale with minimal media waste. 

Interest Targeting

Interest-based targeting can reach patients as well as caretakers with interest in a specific condition or topic. This expands reach to the key decision-makers in the healthcare process. The content consumers are reading or searching for online typically defines “Interest”. To engage these individuals as they are consuming relevant information, consider contextual targeting methods mentioned above. 

For more of my tips on the best strategies and channels for healthcare patient and provider targeting, view the video below:

Healthcare Provider Ad Targeting

Healthcare providers are relatively easier to target than patient segments due to publicly available information and fewer privacy restrictions. However, there can be challenges with achieving scale and managing higher costs. Regardless, brands can reach HCPs across the wide range of content they consume and the multiple devices they use.

Because you’re targeting by profession rather than a condition, there are fewer restrictions for HCPs. Let’s explore some of the most effective forms of compliant audience targeting for HCPs: 

ID-Based Targeting

ID-based targeting allows pharmaceutical brands to reach HCPs with a compliant audience-first approach. National Provider IDs are personal identifiers for specific healthcare providers, including their practice location and specialty. 

Utilizing this data set via demand-side platforms (DSPs) such as PulsePoint, MedData, CrossIX and HealthLink allows for compliant, one-to-one HCP targeting across multiple channels and devices.  Brands can target HCPs both by specific medical specialty or by an individual NPI number. 


Brands can also use NPI numbers to target relevant practice locations for particular physicians or specialties. By targeting a geo-radius around point-of-care locations with high volumes of particular diagnoses or treatment types, brands can remain compliant with HIPAA and the NAI while also reaching the target audience. Another opportunity for geo-targeting physicians is geo-fencing industry conferences and events where large groups of professionals congregate.  

Contextual Targeting

Contextual targeting tools can look at categories, keywords, and tags on web pages to deliver highly relevant content to HCPs through programmatic channels. At Coegi, we map these to the National Library of Medicine MeSH Taxonomy to ensure the most relevant terminology is applied to our digital media. 

Rx and Dx Targeting

Through data partnerships, brands can target NPI numbers of providers who commonly prescribe certain prescription codes. Likewise, brands can target by diagnosis using ICD-10 codes to find their core HCP customers. 

Depending on each client’s goals, Coegi provides a recommended HCP targeting strategy. Even with fewer restrictions, we investigate and understand the source of the data segments associated with NPIs. 

For more on healthcare marketing compliance and best practices, read this Q&A article with more insights from myself and Pulsepoint’s Malcolm Halle or contact Coegi today. 

Coegi Partners

/ Contact

Tell us about your project

This field is for validation purposes and should be left unchanged.

Coegi Partners
Skip to content