Posted by White Rhino

Today’s media is buzzing with pretty dramatic headlines declaring the end of cookies on the web. But here's the thing: it's not all doom and gloom for marketers. For marketers who have relied heavily on third-party cookies over the past several years, the shift to a cookie-less web can feel daunting. But our ability to personalize messages and offers is not going away. We just need to be more mindful and strategic about the way we collect and use data. 

First-party Cookies: The Unsung Hero of Digital Marketing

First-party cookies are the ones created by your website and are mainly used to enhance the user experience. Third-party cookies, on the other hand, are created by someone else and are typically used for commercial means. 

Not too long ago, many healthcare marketers used the Facebook tracking pixel (a third-party cookie) as an easy way to track ad conversion. But because this and other third-party cookies share sensitive information about users’ online health journeys to that third party, they’ve quickly become a big no-no in healthcare. 

That’s where first-party cookies become so valuable. You can still gather insights on user behavior directly from your website to personalize their experience. Google and others are even sprucing up their tools to allow organizations to safely use first-party data for ad targeting.

The Proof is in the Policy

Shifting from third-party to first-party cookies is a better set of ingredients for securing patient privacy and trust – and staying HIPAA compliant. However, the methods we use to communicate our approach make all the difference in how our recipe turns out.

Thanks to GDPR and an onslaught of additional web privacy laws, the innocuous “Accept Cookies" popup has become a necessary but frustrating toll we pay before visiting the websites we use every day. For many of us, clicking yes has become a reflex. And many people I’ve talked to don’t even think they have a choice in the matter.

These cookie policies could use a heavy dose of human-centered design. It’s not all that surprising that we’ve landed here, considering the rapid pace at which organizations had to roll out Cookies Policies. Most solutions were just trying to get ahead of the new technical requirements that websites were not traditionally built for. There was hardly sufficient time to approach the design from a user perspective.

But with many healthcare organizations still rolling out their cookies management policies, we have a chance to change the story. I can’t think of a better industry to lead this shift. Empathy and advocacy are the underpinning values of anyone I’ve ever met in this space. So, who other than healthcare should rewrite the rules for healthy data practices? 

Here are a few strategies you could consider:


Create a Sliding Scale

Most cookies policies ask for a blanket yes/no acceptance. Increasingly, you also see policies that ask the user to opt into several types of cookies (from essential to first-party to third-party). Sliders offer a more nuanced and engaging way for users to express their privacy preferences. Here’s a great example:

With definitive stops presenting on a sliding scale, users can more quickly understand the increasing levels of data risk – but also value, which brings us to the next strategy.



Communicate Value

You wouldn’t set up a web form without offering users something in return for their data. And terms like “essential” and “first-party” cookies won’t mean much to most consumers. 

By clearly defining internally how you use cookies and the benefit they provide to users, you can then transparently share that value with users. For example:

“Based on your location, we can help you more quickly find a doctor near you.”

“By monitoring the pages you visit, we can customize the resources and information you see across the site.” 

And don’t forget also to communicate that you will keep this information to yourself (if it’s a first-party cookie). I also like this example, which provides a visual cue to help you understand the increasing value you get with each level.



Time Your Ask

Moving away from a simple yes/no creates greater trust, but it also means that cookies acceptance may take a little more time. And that can be disruptive to a user just trying to quickly get to a phone number or some other information. So perhaps think about how you could ask for acceptance over time. 

Suppose you only need a user to opt into a baseline level of cookies when they first hit the site. In that case, consider waiting to ask for additional layers of acceptance only when more cookies are necessary (for instance, if a user is indicating their role to personalize offers on the site). To strike the right balance for your organization, consider these variables as you define your website personalization strategy. And leverage user testing to monitor and optimize over time based on cookies acceptance rates.

Be a Trusted Resource

Consider taking the opportunity to educate patients about how they can best protect their health data. Write a blog about what cookies are and how they are used on your website and other websites. Help patients adopt healthy digital habits by explaining how they have a choice and helping them understand the positive benefits of cookies.

Integrate Single Sign On

By allowing users to log into your website, you can create a bubble of data privacy around them. This won’t remove the need for a cookies policy if a user has not logged in, but it allows you to use first-party data more freely when they are. Some of the EHRs have APIs to help facilitate SSO. Epic, for instance, allows patients to use their existing MyChart ID to log in and share information with your website. Once logged in, you can securely personalize website content based on their individual health profile. 

Anonymize Data

If you use third-party tools and cookies, talk to your web development partner about hashing. Hashing is a cryptographic process that transforms input data (like personal information) into a fixed-size string of characters, which usually appears random. When properly implemented, hashing can anonymize data before it gets stored or communicated to a third party in a way that can’t be traced back to the individual user. Tools like Freshpaint will sign a BAA and take care of data anonymization for you. And don’t forget to tell users that you’re taking these extra steps to keep their data private!


Google and some other big names are indeed giving third-party cookies the cold shoulder. They’re finally acknowledging that tracking people's every move online without them knowing is creepy, to say the least. But fear not! Marketers aren’t left high and dry in a world without third-party cookies. With first-party cookies and anonymization, we can protect patients’ data. And, by communicating our data collection policies and how it helps provide a better experience, we can secure patients’ trust.

It's about being transparent, offering choices, and educating users so they feel empowered, not cornered. It will take more time and resources. But it’s a worthwhile investment. After all, especially in healthcare, the data we collect and use allows us to genuinely improve people’s lives. 


Nothing in this article should be taken as a recommendation or formal assessment. Please consult with your organization’s own legal and compliance team.

Topics: Technology, Strategy, Best Practices, Healthcare