Every day, millions of people use embedded maps to find nearby healthcare providers and book appointments. And while those maps might be a delight for website visitors, they can get healthcare organizations into hot water with HIPAA.
For example, Google Maps needs your IP address to show you a map of your current town. That’s fine when you’re shopping for shoes, but when you’re looking for medical services, it’s one step away from a HIPAA violation.
Therein lies the paradox: Healthcare providers need maps to provide the seamless digital experiences users expect, but the technology that makes maps useful can compromise protected health information (PHI).
Fortunately, providers don’t have to choose between accessibility and privacy. In this article, we explore why maps matter in healthcare, the problems they pose, and how organizations can take advantage of this technology without compromising patient privacy.
Why Maps Matter for Healthcare Organizations
Geography's impact on healthcare can't be ignored. If healthcare organizations make it easy for patients to find care close to their homes through frictionless digital experiences, more patients will book appointments.
Take the example of a healthcare organization in the Southeastern United States. Their marketing team launched a "Healthcare Near Me" campaign to help patients easily find nearby services.
A major component of that digital experience overhaul was embedding maps on their website. The team at this healthcare organization learned through research that the easier it was for patients to find providers near them, the more likely they would be to get the care they needed.
After completing the overhaul, they saw their conversion rate increase by nearly 60%, and they attributed a lot of that boost to the use of embedded maps.
Given that success story, embedding maps into a healthcare website probably seems like a no-brainer. However, there are some major privacy problems to consider.
How Embedded Maps Pose Problems for Healthcare Organizations
Embedding a third-party mapping tool like Google Maps on your website requires sharing a visitor's IP address with the map’s servers. That might sound creepy, but it’s just how the internet works.
When you’re a healthcare provider, that embedded map doesn’t just collect a visitor’s IP address—it collects protected health information (PHI) too.
Let’s say you’re a physical therapy clinic. If someone is on your site looking at locations for sprained ankle rehab in their area, that implies they may be seeking treatment and therefore infers private health information about that visitor.
Keep in mind that this is different from an informational web page where a visitor might just be researching a medical condition. There’s clear intent on a page with an embedded map to find treatment.
A map that doesn’t know what the visitor is looking for (or where they’re located) would be useless. So, how can you make embedded maps helpful and HIPAA-compliant?
5 Essential Features of Embedded Maps for Healthcare Organizations
Let’s walk through five map features healthcare organizations need to level up their user experience while staying HIPAA-compliant.
- BAA-Supported
A Business Associate Agreement (BAA) is a legally binding relationship between HIPAA-covered organizations and business associates to ensure PHI security and HIPAA compliance.
In a perfect world, Google Maps would sign a BAA so you could use their technology without compromising anyone’s privacy. But Google won't sign BAAs because that would require them to curb their data collection practices—and that’s something Google definitely doesn't want to signal to the market (or regulators).
Alternatively, healthcare organizations can replace Google Maps with a BAA-supported mapping product. - Pan and Zoom Features
Help patients get familiar with the area surrounding your healthcare locations so they can better plan their visits. - Interactive Capabilities
When users click on a marked healthcare location, they should be able to see information including the website, phone number, and office hours. - Built-In Search Functionality
Allow visitors to search for care based on their address, zip code, or city. - Customizable Styles
Ideally, embedded maps should match the rest of the website’s aesthetic to create a more cohesive user experience.
Don’t Trade Privacy for Accessibility
Using maps across your healthcare website undoubtedly delights users and improves accessibility, but you can’t compromise privacy along the way. That doesn’t mean you need to remove the legacy maps from your site—you just need to replace them with BAA-supported alternatives.
Like it or not, healthcare websites are going up against brands like Airbnb and IKEA, which have mastered the art of UX without having to worry about healthcare privacy regulations. But with proper planning, you can help potential patients find the care they need—and you can avoid a head-on collision with HIPAA.