Resources

The NAI released a framework to determine if companies are processing sensitive health data. Here's what it means for healthcare advertising—and why inferences are the key factor.

That one idea explains almost everything in healthcare privacy. You can see the same pattern across HIPAA, state privacy laws, and enforcement cases like Healthline, GoodRx, and BetterHelp.

There are two very different meanings of de-identified. Confusing them is where a lot of privacy risk comes from in ad tech.

The 'one audience, all channels' rule sounds efficient but hurts performance. Different channels serve different goals and get measured differently—your audience strategy should reflect that.

Modeled audiences miss the moments that matter most—diagnosis, treatment starts, symptom onset. Learn why timing is everything in specialty marketing and what works instead.

Rare disease budgets are tiny. Patient populations are smaller. So why are vendors delivering audiences the size of small countries? Learn why oversized audiences are a red flag—not a strength.

Modeled audiences don't work for hard-to-find patients. Learn why guesswork fails in rare disease, oncology, and specialty medicine targeting—and what works instead.

Ring's Super Bowl ad was meant to feel good. The backlash was immediate. Healthcare advertising lives in the same reality—and the simplest test is whether you can explain why someone saw your ad in one sentence a reasonable person would accept.

Connecticut's AG 2025 enforcement report highlights two health data actions. The key lesson: in Connecticut, health data is defined by intent—what you use it to do. That changes the risk question entirely.

HIPAA is no longer the only rule that matters. State privacy laws now regulate how health audience data is created, and many common methods rely on predictions that are now considered sensitive data.

Jeremy Mittler discusses the implications of New York's S929 health privacy bill with Keaton Wright from Target Continuum, explaining why this could become a de facto national standard.

New York's S929 is one signature away from becoming law. Learn what the strictest health privacy law means for healthcare advertising and why it could become a de facto national standard.

Colorado's AI law takes effect June 2026, targeting prediction models in healthcare advertising. Learn why most vendors aren't ready—and how Blueprint built differently.

Most health audience vendors don't disclose how their segments are built. Under today's privacy laws, that lack of transparency is a problem. Visibility in audience construction is no longer optional—it's the foundation of compliance.

California's $1.55 million fine against Healthline marks a turning point in health advertising privacy. The case shows that personal identifiers + health context = sensitive information, inferences create liability, and enforcement is here.

The California Attorney General's $1.55 million fine against Healthline signals that privacy enforcement in healthcare advertising is changing. Key lessons: HIPAA isn't enough, inferences are risky, and opt-outs must work.

Target's famous pregnancy prediction story from 2003 reveals how predictive health audiences can create compliance exposure and reputational damage. The lesson: build audiences that marketers can explain and consumers would reasonably expect.

A UC Irvine study of all 543 registered California data brokers found rampant non-compliance with basic privacy rights. 43% never responded to access requests, raising serious questions for healthcare advertising.

California's revised AI regulations clarified that targeted advertising is not a 'consequential decision' under ADMT rules. A small win for healthcare marketers, but caution is still required.

Data brokers collect and sell personal information without direct relationships. With new state laws emerging, healthcare marketers need to understand how these regulations affect their audience segments and campaign compliance.

Most health advertisers are focused on consent. But there's another rule baked into state privacy laws that's easy to overlook — and even easier to violate: consumer expectations around health inferences.

21 states. 21 different privacy laws. Each with its own rules for how data can be used in advertising — especially health data. If you're running media campaigns in 2025, that's chaos.

HIPAA used to be the north star for health data compliance. But in 2025, 21 different state laws have redefined the rules around health inferences — and most audience vendors haven't caught up.

Most vendors copy the same playbook: predictive models, propensity scores, health inferences. I took a different approach by asking one fundamental question.

Many healthcare campaigns exclude entire states to reduce privacy risk. But the real issue isn't privacy laws—it's modeled audiences. Learn what works instead.

Minimum audience sizes force healthcare marketers to pay for wasted impressions. They're a workaround dressed up as best practice—and the cost shows up in performance.

Most health marketers are missing this: there are three types of health audience data—facts, inferences, and predictions—and legally, they don't follow the same rules. Understanding the differences is crucial for compliance.

Privacy laws are changing what precision means in healthcare advertising. Learn how to maintain precision without targeting individuals based on health data.

First-party and third-party audiences aren't competitors—they're partners. Learn how combining 1P precision with 3P scale delivers compliant growth for healthcare marketers.

Most health data vendors aren't doing the basics. Some don't offer consumer rights in every state, some skip key rights like deletion. If a vendor can't get this right, they're not taking privacy seriously.

Compliance means you follow the rules. Privacy means you do the right thing. As laws evolve, building empathy into your privacy program is how you future-proof campaigns.

For years, privacy was an afterthought. A box to check once the strategy was in place. That mindset doesn't work anymore. Today, privacy is the strategy.

Healthcare marketing was built for a world with one privacy law. That world no longer exists. State privacy laws now regulate health predictions, making inference-based approaches obsolete.

Jeremy Mittler shares insights on navigating the patchwork of state privacy laws, why aggregated data is the future, and how privacy-first design enables innovation in healthcare marketing.

Jeremy Mittler discusses privacy-safe healthcare audience targeting, why HIPAA isn't enough, and how state privacy laws are reshaping healthcare advertising strategies.

Jeremy Mittler discusses privacy-safe healthcare audience targeting, vendor due diligence, and how to navigate HIPAA and state privacy laws on the She Said Privacy/He Said Security podcast.

Alysa Hutnik reveals how privacy enforcement is reshaping healthcare marketing, why the 'buffet mentality' is over, and how consent-based strategies create competitive advantages.

How state privacy laws are reshaping healthcare digital marketing more than HIPAA, and what marketers need to know about the new risk landscape in 2025.