Case Study | Cross-Cloud : Health Cloud - Sales Cloud - Marketing Cloud Project (New York-based client)

How this Stock Exchange-listed Healthcare Company aligned Marketing and Sales while keeping HIPAA compliance

Health Cloud - MC Connect - Marketing Cloud highly secured HIPAA compliant implementation

Overcoming the challenge of a HIPAA-compliant Marketing Cloud implementation in a cross-cloud environment

Vertical: HLS - Health & Life-Sciences
Client: HealthCare tech company, New York

The Challenge

Very few companies have the knowledge and skillset for securely implementing cross-cloud (Salesforce Health Cloud-Sales Cloud-Marketing Cloud) integrations,
all while complying with HIPAA constraints to keep PHI (Private Health Information) safe.
After successfully implementing Health Cloud internally, our client called on our expertise to leverage CRM data to be used in Automated Marketing using Marketing Cloud
in a complex multi-channel environment (Paid Ads, Email & SMS). Finding the balance between Marketing necessities and Legal / HIPAA obligations.  

The Solution

The approach we took was of carefully planning - before any execution.
We kicked off with requirements gathering from the Marketing Department, making sure to involve the Health Cloud admin and team lead.
We guided conversations towards the full wish-list from Marketing so that we can design the data for future expansion on all channels.

Next, we designed and mapped the data structure accordingly - laying out what data is required to implement each feature in Marketing Cloud.
We then involved the client's HIPAA officer and legal team, to present the data that will be needed for Marketing to function. PHI / ePHI was clearly identified.
Our Marketing Cloud experts provided detailed recommendations around the different ways to achieve HIPAA compliance, including: 

  • Tokenized Sending;
  • Transparent Data Encryption (TDE) (Encrypt the entire DB);
  • Field Level Encryption on both Health Cloud and Marketing Cloud (Encrypt fields);
  • Salesforce Shield;
  • Marketing Cloud Shield;
  • Advanced Audit Trail in Marketing Cloud;

We worked closely with the Salesforce AE to assure that the client understands the different options and costs, leaving the final decision to the client HIPAA officers. 

Results:

  • HIPAA-compliant solution, tailored to the client's products, physical location, audience and requirements; 
  • We designated a dedicated MC-Connect user to keep full control of data in Health Cloud centralized;
  • We designed filters and logic on Objects to add fine-tuning control for auto-syncing data, with expansion in mind; 
  • We leveraged both Salesforce Profiles, Marketing Cloud Custom Roles and Timed-Out sessions to achieve HIPAA compliance;
  • We designed and implemented the Secure, encrypted Data flow and Connector from Health Cloud to Marketing Cloud;
  • We explained and validated client understanding of the features we have to give-up, due to incompatibility with HIPAA;
  • We designed and implemented the Campaign structure in Health Cloud to match triggers in Journey Builder;
  • We created customized Marketing Cloud Data Extensions joining data from multiple Salesforce Objects to meet email personalization requirements;

The client, extremely satisfied, now looks at us for continued support, training and further development.


Tell us about your Business Case - Schedule a Call now