Navigating Digital Experimentation with HIPAA Compliance

By Mike Fradkin

April 11, 2024


Connecting with users online gives healthcare organizations more opportunities to reach their patients and customers. It also increases the risk profile of PHI and other sensitive data protected by HIPAA compliance.

With 95% of all identity theft incidents coming from stolen healthcare records, data security is always a top priority for healthcare organizations. But maintaining high standards around privacy and security doesn’t have to come at the expense of user behavior insights, reducing operational costs, or improving the user experience.

Despite data showing that 3 in 5 individuals nationwide reported they were offered and accessed their online medical record or patient portal in 2022 (a 50% increase since 2020), many Americans still have misconceptions about their healthcare and insurance benefits. People want to find health service providers, answers to their health questions, and care options online—they just might not be getting the clear, easy-to-use, and efficient self-service resources they need to do so.

So how can healthcare organizations address these information gaps and offer a better experience for their patients and customers while reducing costs and remaining secure and compliant?

A/B Testing Using Proxied Technology

What are proxied technologies?

A proxy server works by moderating requests between the user’s browser and the web pages they access over the internet. Proxies are built into the flow of requests and responses, so they can filter and change content and APIs, modify features, and prevent access to sensitive information for individual users.

SiteSpect’s proxy solution brings the advantages of proxied technologies to A/B testing. This patented approach of transforming content and APIs in the flow of traffic delivers A/B/n variations to mobile and web users and tracks the results without reducing site performance or compromising HIPAA compliance.

Why is a proxied A/B testing approach superior?

For testing client-side look-and-feel elements, most A/B testing platforms use JavaScript tags, which slow page load times and cause the page to flicker. Flicker and latency are not only inconvenient for users—they can also interfere with the reliability of testing result data.

For testing server-side elements (e.g. search algorithms and form completion flows) most A/B testing platforms use SDKs and other approaches that require the code of the healthcare site or application itself to be changed. This confines A/B testing to code release events and creates added risk and technical debt.

A proxied solution like SiteSpect ensures testing campaigns won’t be affected by flicker or delayed page loads and doesn’t require the code of the healthcare application or website to be changed to perform A/B tests. This means far less risk and tech debt—and it enables you to run a higher volume of tests since tests are no longer confined to code release events. With SiteSpect, CRO teams are empowered to increase experimentation and conversions without compromising on security and HIPAA compliance.

Proxied Technologies in Action

  • Security: Traffic is encrypted between users, SiteSpect, and web/app servers to protect user information and experimentation data.
  • Website Optimization: A proxied technology enables more complex A/B tests by quickly transforming content between users and web and app servers.
  • Performance: SiteSpect’s proxy solution delivers the entire experience on first response, increasing speed and reducing flicker.

Best Practices for HIPAA-Compliant A/B Testing

While client-side testing generally focuses on look-and-feel elements (e.g. layout, graphics, messaging options, etc.), server-side A/B testing goes beyond look and feel. It changes and tests back-end aspects of the user experience such as search algorithms, inventory, checkout/payment flows, form population, third-party services, feature rollout, and more to help you develop more efficient self-service experiences.

Unlike many A/B testing tools, SiteSpect includes both client-side and server-side testing in one unified platform. No matter what types of tests you’re planning to run, SiteSpect can help you run them securely and compliantly. Here are a few other tips to keep in mind to ensure HIPAA compliance:

Seamlessly Collaborate

To get the most out of your A/B tests without jeopardizing HIPAA compliance, you’ll want to have all the teams responsible for user experience (marketing, product, development, CRO) on one testing platform. Sitespect offers a single platform in which all these teams can work, with one implementation, one login, one interface, and easy integrations with other technologies (analytics, user segmentation, CRM, etc.).

Use a HIPAA-Ready A/B Testing Solution

Not all testing tools are inherently HIPAA-ready, and most A/B testing vendors will not sign a BAA (Business Associate Agreement). A/B testing can be a key way to improve user satisfaction and drive revenue, as well as increase self-service and reduce operational costs. However, you’ll want to make sure the solution you choose does not impact your existing HIPAA compliance in any way and that your provider stands behind that posture with a signed BAA.

Final Thoughts

The availability of experimentation tools built with proxied technologies marks a significant opportunity for healthcare organizations to meet data security and HIPAA compliance requirements while simultaneously revamping the user experience and overall website or mobile app quality.

A/B testing platforms like SiteSpect can hone the user experience, upgrade back-end processes, and remain compliant for healthcare organizations, meeting not only regulations but also your conversion goals.

If you’re ready to introduce A/B testing as you optimize your healthcare website, SiteSpect is a great place to get started. SiteSpect stands out from other experimentation platforms with our HIPAA-ready solutions and commitment to compliance, enabling healthcare entities to fully embrace A/B testing and elevate conversion rates.

See it in action by requesting your demo today.


Mike Fradkin

Mike Fradkin

Mike Fradkin is the Director of Product Marketing at SiteSpect. His experience ranges from smaller series-A startup companies to large multinational corporations such as AT&T and IBM. With a technology career that began with several customer-facing leadership roles, Mike never loses sight of the connection between technology value and the real people it can positively affect. He enjoys the challenge of identifying trends and market drivers, truly understanding the problems of customers within their specific industries, cultures, and reporting structures, and leveraging those insights to deliver more impactful results.

Suggested Posts

Subscribe to our blog: