Develop a future-proof, enterprise grade HIPAA-compliant data solution.
THE CLIENT – providence HEALTH & Services
Providence Health & Services is a not-for-profit healthcare system, operating 51 hospitals and over 1,100 clinics across seven U.S. states.
Our Results
200+
Domains across the system
1,000+
Client-side tags
1
Private client ID to replace all third-party tracking
Challenge
A 200+ site digital ecosystem outgrew its data governance approach.
Noting the rise in data privacy concerns and the accompanying increase in privacy regulations in 2019, Providence leaders sought a data solution that could handle the complexities of their extensive digital presence, provide granular control over data collection, and adapt to changing regulation and marketing technology.
Wheelhouse DMG® was tasked with developing an innovative, platform-agnostic approach that would empower Providence’s marketers to make data-driven decisions while ensuring patient privacy.
Approach
Leverage existing MarTech to give the covered entity total control of data collection, processing, and sharing with third parties, ensuring HIPAA compliance.
Wheelhouse designed and implemented a platform-agnostic, HIPAA-compliant data solution, built upon our client’s existing MarTech infrastructure. By leveraging Tealium EventStream’s features and transitioning to server-side analytics, Wheelhouse introduced a private client ID as the sole means of user data collection, replacing all third-party tracking and governed by custom data collection libraries.
Our implementation also included:
HIPAA-Compliant Tag Architecture – Every tracking pixel, analytics tag, and MarTech integration is mapped against regulatory requirements before deployment. Tags fire only when appropriate consent permissions are in place, and all data flows through HIPAA-compliant data hubs with custom connections for each downstream platform.
Centralized Tag Governance – We maintain structured governance protocols with clear ownership hierarchies. Every tag deployed must serve a legitimate business purpose and maintain compliance standards. Our documentation includes each tag’s purpose, data flow mapping, and regular review cycles.
Consent Management Integration – Consent signals are mapped across all digital properties, ensuring privacy controls are properly implemented and consent preferences are honored throughout the user journey.
Ongoing compliance is maintained through automated ObservePoint audits, consent signal verification across all user journeys, and an agile weekly sprint model that kept Providence’s team informed and aligned at every step.
Outcomes
Wheelhouse’s HIPAA-compliant data solution empowered the client to make data-driven marketing decisions while safeguarding patient privacy across their vast digital ecosystem.
Wheelhouse’s innovative HIPAA-compliant data solution eliminated the risk of unauthorized PHI collection across all 200+ digital properties, standardized data collection across a previously fragmented ecosystem, and unlocked sophisticated marketing capabilities including cross-device user journey tracking, identity stitching, and conversion optimization, all within a fully compliant framework.
Delivered and supported under BAA in compliance with HHS guidance, Wheelhouse’s solution has positioned our client as a leader in the healthcare industry, enabling them to deliver valuable content to its audience while upholding the strictest HIPAA standards.
Additionally, this work was completed before the December 2022 Office for Civil Rights (OCR) guidance that formally clarified how tracking technologies on healthcare websites can create HIPAA liability. While many organizations scrambled to respond after the guidance dropped, Providence’s solution was already in production, built on the premise that client-side tracking technologies posed inherent compliance risks for covered entities.
next steps
Tell us how we can help you achieve your marketing goals.
“What Wheelhouse accomplished for us is amazing.”
– Laura Chase
