In response to continuing shifts in the healthcare and data privacy landscapes, the American Association of Advertising Agencies (4As) today issued a white paper designed to provide clarity to its member organizations. “Navigating the Health Privacy Landscape: A Guide for Agencies” outlines a series of best practices that agencies can use to “stay on the right side of these new laws and regulations,” as the paper puts it.

The paper’s creation was spurred, not surprisingly, by the host of legislation and regulation enacted in the wake of the Supreme Court’s reversal of Roe v. Wade in June 2022.

“Usually regulation and legislation moves at a pretty glacial pace, especially in health. It’s usually just nibbles along the edges,” explained Alison Pepper, 4As EVP, government relations and sustainability. “That hasn’t been the case since the Dobbs decision, and so much of what has happened has been under the radar.”

Thus 4As thought it would be helpful to “have all the information in one place,” Pepper said. “We kept looking for resources, but the efforts really didn’t link together post-Dobbs… We saw a bigger picture developing.”

The 27-page paper reviews state health data privacy laws as well as the federal regulatory landscape. It offers an abundance of definitions and concludes with an agency checklist of 9 recommendations, including the necessity of compliance management processes and regular self-audits. The paper is not currently available to non-members.

Pepper acknowledged the obvious: That agency marketers have largely been left to navigate the health privacy landscape on their own. This has lent some urgency to 4As’ mission.

By way of example, Pepper pointed to Washington state’s My Health, My Data Act, the first law to protect health data not covered by the Health Insurance Portability and Accountability Act.

“What Washington state did got everyone’s attention. They had a hard time passing a comprehensive privacy bill, but they moved the standalone healthcare privacy bill quickly,” she said. “People were asking us, ‘Is this a thing now?’”

As of mid-February, 15 states had passed comprehensive data privacy legislation. Until Washington passed My Health, My Data, none had enacted similiarly comprehensive health-specific privacy laws.

As a result, confusion abounds. “I don’t know what ‘compliance’ means anymore and neither does anybody else. So everyone errs on the side of conservatism,” Pepper noted.

Which, she quickly added, beats the alternative. “One of the laws protects any information that identifies a consumer’s health status,” she continued. “What does that mean? If somebody buys running shoes, do I have to assume they’re trying to lose weight?”

As for what comes next, Pepper doesn’t expect the pace of change to relent. To that end, 4As views “Navigating the Health Privacy Landscape” as a living document of sorts, one that can be updated if legislative or regulatory action renders it outdated.

“For all the debate going on in the broader advertising industry over the past five to 10 years about comprehensive privacy legislation, I think healthcare privacy is going to move way faster – and it’s going to be very different from what companies are used to,” she predicted. “Hopefully we can help agencies who work with healthcare and wellness entities put harsher eyes on what they’re doing.”