Back to agent
Organization Dimensionorg-dim.industry.healthcare

Industry — Healthcare

Highly regulated; PHI handling, HIPAA, often segregated infrastructure. Constrains both the architecture (data residency, encryption-at-rest) and the activation surface (consented vs non-consented uses).

confidence 87%v2reviewed Jun 4, 2026industry, healthcare, hipaa, phi, regulated

Industry — Healthcare

Highly regulated. Personal Health Information (PHI) handling under HIPAA in the US (equivalents elsewhere) imposes data-residency requirements, encryption-at-rest mandates, and Business Associate Agreement (BAA) obligations on any vendor touching the data.

Architectural implications.

Why this matters. The agent should not propose architectures that move PHI through unsigned vendors or unsegregated infrastructure. When healthcare is the industry, every recommendation must be filtered for compliance posture.

Sources

Related

This node →

  • governed-byconstraint.hipaa-phi-cdp-healthcareHIPAA applies to all covered entities (providers, health plans, clearinghouses) and their Business Associates — any healthcare organization operating a CDP is subject to HIPAA PHI protections and the Marketing Rule.

← Referenced by

  • applies-to-domainuse-case.transactional-emailAppointment reminders and prescription-ready notifications are transactional email in healthcare (consented use, HIPAA controls required).
  • applies-to-domainorg-dim.marketing-goal.customer-experienceHealthcare patient experience coherence across portal, telehealth, appointment reminder, and care coordination channels is the primary CDP value proposition before any performance marketing activation — omnichannel CX for treatment-purpose communications is HIPAA Marketing Rule-exempt, making CX the safest and highest-value healthcare marketing goal for CDP investment.
  • applies-to-domainorg-dim.marketing-goal.retentionPatient attrition prevention — engagement programs for patients with declining care adherence computed from care telemetry and delivered via BAA-covered channels — is the healthcare retention-goal CDP use case. Requires BAA coverage for all PHI-based targeting; third-party paid-media retargeting requires de-identification first.
  • applies-to-domainorg-dim.marketing-goal.acquisitionHealthcare member and patient acquisition (insurer open-enrollment campaigns, health system new-patient programs, group practice expansion) uses look-alike modeling on de-identified existing member profiles — Safe Harbor or Expert Determination de-identification is the required architectural prerequisite for any paid-media audience activation under the HIPAA Marketing Rule.
  • applies-to-domainorg-dim.marketing-goal.customer-lifetime-valueHealthcare CLV optimization — payer preventive-care engagement programs reducing long-term claims cost, and provider care-journey completion outreach preventing costly acute episodes — is a HIPAA treatment-purpose or operations-exempt CDP use case that operates across a multi-year patient-member lifetime. CLV in healthcare is the long-horizon complement to the acquisition and retention goals already covered.
  • applies-to-domainorg-dim.marketing-goal.engagement-advocacyHealthcare engagement-advocacy CDP use cases — post-visit NPS-recovery targeting, patient peer-support community enrollment, provider referral-network engagement under value-based care, and patient ambassador programs — are non-remuneration advocacy motions that operate within HIPAA anti-inducement bounds. Cash referral incentives to Medicare/Medicaid beneficiaries are prohibited; non-remuneration advocacy is permissible and clinically beneficial.
  • applies-to-domainorg-dim.marketing-goal.new-productHealthcare new-product launch CDP use case: outreach to existing patients who would clinically benefit from a new service line (new telehealth program, specialist clinic, chronic-disease management program). Clinical relevance targeting is HIPAA treatment-purpose-exempt when the outreach serves the patient's healthcare interest — personalization for clinical appropriateness, not commercial promotion.
  • applies-whenarchetype.aep-locked-healthcare-cx-evaluatorArchetype is defined by healthcare industry membership — health systems, regional payers, specialty care networks with HIPAA-covered PHI handling obligations.
  • applies-whenarchetype.healthcare-provider-hipaa-performance-marketingOC-046 schema fix. Archetype is healthcare-industry-specific: HIPAA Marketing Rule constraints on paid-media activation are US healthcare sector constraints with no equivalent in other industries. Replacement for invalid applies-to-domain edge.
  • applies-to-domainuse-case.hipaa-safe-performance-marketingOC-051. HIPAA-Safe Performance Marketing is a healthcare-industry-exclusive use case: the HIPAA Marketing Rule constraints on PHI routing to non-BAA ad platforms apply only to US healthcare covered entities (health systems, health plans, specialty practices). The PHI suppression architecture described in this use case has no equivalent requirement in other industries.
  • applies-to-domainrecommendation.aep-locked-healthcare-cx-deepen-or-supplementOC-073. This recommendation is scoped to healthcare organizations — HIPAA data-residency constraints and AEP HLS cloud features are US healthcare sector specifics. Org-dim.industry.healthcare is the correct domain scope.
  • applies-to-domainrecommendation.hipaa-tracking-layer-phi-suppressionOC-090. Recommendation scoped to healthcare via the triggering archetype (archetype.healthcare-provider-hipaa-performance-marketing → applies-when → org-dim.industry.healthcare). Edge mirrors the archetype's applies-when set so traversal from the industry leaf reaches the recommendation.