Marketers commonly use databases of customers or potential customers (also referred to as “leads”) to generate personalized communications to promote a product or service. The method of communication can be any addressable medium, e.g., direct mail, e-mail, telemarketing, and the like.
A marketing database may combine of disparate sources of customer, lead, and/or prospect information so that marketing professionals may act on that information. However, it can be difficult to provide access to a rich set of data in a way that makes sense to the end user of the data (e.g., marketers), as opposed to a database administrator.
Unlike in many fields, marketing activities in the health care field must comply with various privacy rules designed to protect personally-identifying health information. For example, under the United States Health Insurance Portability and Accountability Act (“HIPAA”), protected health information (“PHI”) must be treated with special care. According to HIPAA, PHI includes information about health status, provision of health care, or payment for health care that can be linked to a specific individual, such as names, addresses more specific than a state or (in some cases) a range of zip codes, dates (e.g., birth dates, admission and/or discharge dates, death dates, and the like), communications identifiers (e.g., phone and/or fax numbers, email addresses, and the like), account numbers, and the like. Electronic records that include PHI (“EPHI”) must comply with various security safeguards, including administrative controls (e.g., restricting access to EPHI to only those employees who have a need for it to complete their job function) and technical controls (e.g., storing EPHI in encrypted form). However, using existing methods, it can be difficult to do effective marketing while still complying with HIPAA-mandated security safeguards.