Large US Healthcare Customer Chooses SiteSpect To Meet HIPAA Requirements

Introduction

SiteSpect, Inc., a leading provider of digital optimization solutions, added another large US healthcare customer to its growing list in the sector. The customer organization began its search for a new optimization platform after becoming aware of a HIPAA-related bulletin issued by the U.S. Department of Health and Human Services. Validating the inability of its existing provider to sign a Business Associate Agreement (BAA), the organization ran an extensive evaluation and security vetting process, ultimately selecting SiteSpect as its new optimization partner.

Responding to Regulatory Changes

The engagement began when the customer’s legal department became aware of the recent bulletin issued by the US Department of Health and Human Services (HHS). The bulletin outlined stringent guidelines for handling online patient data, detailing how tracking technologies, cookies, and web beacons must comply with HIPAA rules, especially concerning protected health information (PHI). The guidance also covered tracking on authenticated and unauthenticated web pages and mobile applications, stressing the need for Business Associate Agreements (BAAs) to help protect PHI and prevent unauthorized disclosures and breaches. As a result, the organization’s Legal Department mandated a usage halt for all third-party technologies that touched customer data where a Business Associate Agreement (BAA) was not in place. This directive impacted the organization’s digital operations, including the stoppage of A/B testing activities for over eight months, as their previous enterprise software provider was unable to sign a BAA.

Critical Business Needs and Rigorous Evaluation

Realizing an A/B platform change would be needed for compliance and to resume a much-needed testing program, the organization sought a solution that could meet or exceed the functionality of its previous tool and would comply with its security requirements. Additionally, the customer was re-platforming their website and patient portal and wanted to ensure the new experimentation tool would be secure and ready to deploy upon the launch of the updated site. The capability to securely test in both public and private/authenticated areas of their site was also crucial.

The evaluation and buying team, comprised of the Senior Manager of Digital Products, Senior Director of Customer Experience, the Chief Marketing Officer, and various IT and CSO group members, conducted a thorough Security and Architecture review process. SiteSpect’s ability to meet all security and functionality requirements was a key differentiator.

Why They Chose SiteSpect

SiteSpect distinguished itself on several fronts:

• Pricing that was competitive and transparent.
• The value of included consulting services with healthcare expertise.
• Extensive experience working with other healthcare organizations.
• Compliance and ability to sign a BAA, ensuring full compliance with HIPAA regulations.
• Additional gains such as faster site performance, the elimination of “flicker effect”, and full support for single-page applications (SPAs), mobile, IoT, and OTT devices.
• Ability to optimize the entire user journey, from public-facing to patient portal.

We are thrilled to partner with this prominent healthcare organization. Our platform’s robust capabilities, coupled with our unwavering commitment to security and HIPAA compliance makes SiteSpect the ideal choice for organizations navigating the complexities of the healthcare industry. We look forward to supporting their digital optimization efforts and contributing to their ongoing success.

— Patrick Romich, CEO of SiteSpect

Conclusion

This partnership underscores SiteSpect’s dedication to providing innovative, secure, and effective digital optimization solutions that meet the unique needs of the healthcare sector. With SiteSpect, healthcare organizations can confidently pursue digital transformation initiatives, knowing they have a partner committed to their success and compliance.