Healthcare advertisers have enough to think about without tracking 22 different state privacy laws. But the national privacy landscape is shifting fast, and one category keeps appearing at the center of it: sensitive data. For healthcare advertisers, understanding what that means, and why it doesn't have to slow you down, is worth a few minutes.
Why Health Data Is in a Category of Its Own
Sensitive data is the information people consider most personal. Across the states, the definition consistently includes health conditions and diagnoses, race and ethnicity, religious beliefs, sexual orientation, immigration status, genetic and biometric information, precise location, and data about children. Health information appears in every single definition, which puts healthcare advertising at the center of the most protected data category in American law.
The rules for this category are stricter than for ordinary personal data. In most states, a company must get a person's clear permission before collecting or using sensitive data at all, rather than simply offering notice and a way to opt out. Companies must also assess the risks of using it, limit how it flows to vendors, and answer to state regulators if they get it wrong. Further, the category of sensitive data, and health data specifically, keeps expanding. Newer laws cover inferred health information, information that merely suggests something about a person's health, and several states have passed standalone consumer health data laws. We believe this is a growing trend and expect to see more states follow suit.
A National Trend
This spring alone, Oklahoma, Alabama, and Louisiana all passed comprehensive privacy laws, and all three put sensitive data protection front and center. When states across every region and political stripe land in the same place, it's not a trend worth watching but clear direction. DeepIntent has been building toward this for years, and each new law is less a new challenge than confirmation that our architecture was right from the start.
Built for What’s Coming Next
DeepIntent was built for this environment. Rather than managing 22 slightly different definitions, we hold one bright line that sits above all of them: we do not collect sensitive personal information, by design.
• Privacy-safe audiences. Our campaigns are powered by de-identified data used to build aggregate audiences, never individual health profiles. Independent experts verify our methods so our claims are never self-graded.
• Accountable partners. Every data provider passes rigorous due diligence, and our contracts prohibit providers from ever sending us sensitive personal information.
• Industry leadership. We work closely with leading industry organizations such as the NAI, DAA, and CHC to understand the complex regulatory landscape and ensure we are implementing the necessary controls to keep ourselves and our partners safe.
At DeepIntent, we see strong privacy and effective healthcare advertising as going hand-in-hand. Our legal and compliance team tracks every new privacy law, including those coming online in Oklahoma, Alabama, and Louisiana, makes required changes early to minimize impact, and keeps clients informed before anything affects their campaigns.
