Is Microsoft Ads HIPAA compliant?

Featured image

Share this article

Microsoft Ads logo

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.

Covered entities (CEs) and their business associates (BAs) must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

We know the HIPAA industry is vast and that it is important to properly advertise your organization while remaining HIPAA compliant.

This is especially true with the recent digital transformation in healthcare and the current need to function more remotely.

Today, we will determine if Microsoft Ads is HIPAA compliant or not.

RELATED: Healthcare Ads and HIPAA Compliance: The Ultimate Guide

About Microsoft Ads

Bing, owned by Microsoft and launched in 2009, consists of two search engines: Bing and Yahoo. In 2015 Microsoft entered into a deal with AOL for Bing to power the Yahoo platform’s searches. With Yahoo and AOL, Bing enables close to one-third of all U.S. web searches.

Microsoft Ads (known as Bing Ads until 2019) are visible on all three platforms, as well as on MSN search. Users can find them either at the top or in the right column of a web page.

Bing was the last of the main search engines to utilize pay-per-click (PPC) advertisements (companies pay each time someone clicks an ad). With Microsoft Ads, advertisers can target and focus their ads to increase clicks.

Microsoft Ads and the business associate agreement

A major part of HIPAA compliance is signing a business associate agreement (BAA) with a business associate (BA). A BA is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.

RELATEDIs a Name PHI?

For example, Microsoft Ads would be a business associate if it handles PHI.

Generally, the HIPAA Privacy Rule allows CEs to disclose PHI to a BA if they receive assurance that the information is protected through a signed BAA.

Microsoft offers a BAA to CEs for Microsoft 365 and some cloud services. However, there is no mention of Microsoft Ads in the BAA.

Microsoft Ads and HIPAA marketing

Another HIPAA Privacy Rule guideline addresses marketing by giving “individuals important controls over whether and how their [PHI] is used and disclosed for marketing purposes.”

In most cases, a CE must have a patient’s authorization before marketing to them. Keep in mind that there is a distinction between the types of communication that HIPAA considers marketing and when this permission is necessary.

RELATEDHIPAA Definition of Marketing Explained

Targeted PPC advertisements (largely based on keyword searches) are generally allowed under HIPAA. At the same time, retargeting (using cookies to bring your ad to users who visited your website) is not. Microsoft Ads uses both.

Microsoft addresses HIPAA on a compliance web page, though the discussion does not mention advertising specifically. And on another web page, the company lists healthcare products that cannot appear in advertisements but doesn’t mention any other restrictions.

Is Microsoft Ads HIPAA compliant?

The BAA is a key component of HIPAA compliance. While Microsoft will sign a BAA for some of its products, Microsoft Ads is not included.

Moreover, Microsoft Ads relies on both targeting and retargeting in its marketing campaigns.

Conclusion

Microsoft Ads is not HIPAA compliant.

Paubox Marketing—a sound alternative

While there are many ways that CEs can market to patients or potential patients, one of the best methods today is healthcare email marketing using HIPAA compliant email.

Paubox Marketing allows recipients to view marketing emails like regular emails but with strong encryption and email security at all times.

RELATEDWhy Paubox Marketing is the Best HIPAA Email Marketing Solution Available

Paubox will not only sign a BAA but will also work tirelessly to keep you and your patients safe. No extra steps for the sender or the receiver and no worry about leaked PHI.

Use HIPAA compliant email marketing not only to create personalized marketing campaigns but also to maintain PHI security.

Try Paubox Marketing for free and make your email marketing HIPAA compliant today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022