Behind the Login: Why Installing Freshpaint on Authenticated Experiences Is Secure and Strategic

Patient portals, member dashboards, and other authenticated experiences hold the most valuable marketing data: appointment bookings, care plan information, prescription data, and more. These are the data points that complete the patient journey and transform marketing from a cost center into a growth engine.

But, as we’re all too familiar, making that transformation is extremely challenging. Not because marketers aren’t skilled, but because many healthcare organizations are stuck on this idea that marketing is a cost, not a driver of growth. Chris Pace, a healthcare marketing executive, thinks shifting this narrative could be a huge unlock for healthcare marketers: “marketing is an investment in growth, not a cost. If we could get to that level of understanding, then it changes the dynamic for marketers.”

That misunderstanding leads to a frustrating catch-22. To move from a cost center to a growth engine, marketers need access to deeper funnel insights, like the data behind a login. But because marketing is still seen as a cost, access to that data is tightly controlled. Legal teams hesitate, risk tolerance shrinks, and marketers are left with incomplete insights and mounting pressure to prove their impact.

But there is a better way that satisfies all stakeholders. Giving marketers access to post-authenticated data can flip the script and turn marketing into a revenue driver. As long as it’s done in a privacy-first way.

Understanding Post-Authenticated Data

Post-authenticated data is the information generated and accessed after a user logs into a secure platform. If a patient logs into a portal to book an appointment, view test results, or refill a prescription, those actions create post-authenticated data.

This type of data typically lives within:

• Patient dashboards (e.g., MyChart)
• Member portals (e.g., insurance portals)
• Secure login-gated content

This data represents real patient intent and behavior. And when used properly, it can fill critical gaps in the patient journey, power more precise advertising, and improve marketing performance.

Access to this data is exactly how marketing shifts from being seen as a cost center to a proven driver of revenue. 

For example, let’s say a marketer runs a campaign promoting diabetes checkups. Without post-auth data, they can see who clicked the ad, but not who actually booked a follow-up appointment. With post-auth tracking in place, they can tie ad spend to real appointments booked, demonstrate revenue generated from that campaign, and confidently justify further investment. That closed-loop visibility turns marketing from a guessing game into a growth engine.

Yet despite its value, this data often remains out of reach. Legal and compliance teams worry it could be misused or expose the organization to regulatory risk, so marketers are left without the insights they need to fully demonstrate impact.

Why Legal Teams Are Hesitant

To be clear, legal and compliance teams are not the enemy here. They play a huge role in protecting healthcare organizations from risk. And given how much PHI lives behind the login, their caution is reasonable.

That caution is often driven by a few recurring concerns:

• High-profile enforcement actions: In the wake of the 2022 OCR guidance and enforcement, many legal teams take a conservative stance to tracking technology because they want to avoid becoming the next headline.
• Misconceptions about tracking technologies: There’s a widespread belief that all tracking tools inherently collect PHI without authorization and are therefore off-limits.
• A sharp rise in litigation: The increase in class-action lawsuits related to web tracking, especially under state privacy laws and older statutes like the VPPA, has only heightened risk aversion.

These concerns are definitely valid, but they sometimes lead to overly broad restrictions. Fortunately for marketers and legal teams, there are HIPAA-compliant ways to access post-authenticated data using tools and techniques designed to mitigate risk.

How Freshpaint Safely Operates Post-Authentication

We’re focusing on Freshpaint’s Healthcare Privacy Platform here because, well, we are Freshpaint and we know our technology better than others. Sure, there are probably other tools that can safely operate in an authenticated environment, but Freshpaint is built on “safe by default” principles, ensuring that sensitive data is never shared unless explicitly authorized.

Before we get to the technology itself, let’s talk about the legal side. Freshpaint signs a Business Associate Agreement (BAA) with every single healthcare organization that requires one. By signing a BAA, that legally binds us to handle PHI with the same high standards as covered entities. 

But legal agreements are just the groundwork. How Freshpaint is implemented behind the login is what ensures those standards are met in practice.

What Gets Installed

Freshpaint provides two primary methods for implementation behind login:

• Client-side JavaScript SDK: Mirrors pre-auth tracking which gives healthcare organizations manual control over what data is captured and where it’s sent. 
• Server-side event tracking: Via our HTTP API, for environments that require reduced client-side exposure.

The approach you choose often depends on how closely you can collaborate with your IT team. If you have strong engineering support, the HTTP API offers more control. But for many healthcare marketing teams working independently, the client-side SDK is the faster, simpler option, and still provides robust security and privacy safeguards.

Regardless of the option you choose, it’s worth pointing out that Freshpaint does not collect any new or different data beyond what we collect on the pre-auth side. In other words, Freshpaint isn’t picking up “more detailed” patient information just because a user is behind a login. The same endpoints and data types are used pre- and post-auth. What changes is the context, not the content. 

That distinction is critical for legal and compliance teams: no new data is being collected, and nothing is shared unless it’s explicitly allowed by the customer’s configuration. Behind the login simply provides the ability to track deeper funnel activity like an appointment booked or a care plan followed — but with the same controls in place.

How Data is Controlled

Freshpaint’s platform is designed to be “safe by default," meaning nothing is tracked or sent externally unless explicitly approved. This is true regardless of whether data is collected pre- or post-auth. The rules and protections remain exactly the same. Freshpaint does not gain access to new types of data simply because the user is logged in.

Key safeguards include:

• Autotrack with control: While autotrack is enabled by default, you can selectively disable text capture or any other data layer behavior to avoid collecting unintended PHI
• Built-in and custom property allowlisting: Only events and properties that appear on your configured allowlists are sent to external destinations. If something isn’t on the list, it won’t go out. Period.
• Per-destination allowlists: You can maintain unique allowlists per destination, ensuring only the properties required by and approved for that destination are included. This is especially important for HIPAA vs. non-HIPAA destinations.
• ID masking for non-HIPAA destinations: Freshpaint hashes identifiers (e.g., emails, user IDs) using the SHAKE3 algorithm before sending them to non-HIPAA compliant destinations. This preserves identity resolution without exposing PII

These safeguards might seem over the top, especially if you’re used to traditional Customer Data Platforms that make data transfer easy, but this is what’s required to ensure data security. 

Booking an Appointment Behind Login

Let’s say you, as a healthcare marketer, want to send appointment booked data to Google Ads to improve ROI. 

A user clicks on a Google Ad and logs into their patient portal to book an appointment with a cardiologist. Freshpaint tracks this as an Appointment Booked event, which includes the following properties:

{
  "conversion_event": "Appointment Booked",
  "doctor_type": "cardiology",
  "appointment_date": "2025-08-10",
  "user_email": "jane.doe@example.com",
  "url": "https://healthportal.com/appointments/confirm",
  "$gclid": "EAIaIQobChMI3fP4"
}
  

‍

To send this event to Google Ads, Freshpaint uses a server-side connection that emulates a native Google Tag installation. This ensures HIPAA compliance while still enabling effective conversion tracking.

Here’s what happens under the hood:

1. Freshpaint checks your allowlist for Google Ads. Only explicitly approved properties are forwarded. In this case, the allowlist includes:
   
   • conversion_event (needed to map the event to a Google Ads action)
   • $gclid (the Google Click ID, essential for attribution)
2. Any unapproved properties, like user_email, are automatically excluded. Even if you accidentally include them in the tracking call, they won’t be sent unless they’re both on the allowlist and the destination is HIPAA-compliant.
3. Freshpaint sends the allowed properties to Google Ads via its proxy integration.
4. Google Ads receives only what it needs: the $gclid and conversion_event. This allows the appointment booking to be attributed to the original ad click—without exposing sensitive PHI.

Let’s zoom in on that $gclid, or Google Click ID, property for a second. There’s always confusion on if it is PHI or not. But, independent legal experts, like Faegre Drinker’s Dori Cain, have confirmed that when using Freshpaint, it’s safe to send the Click ID to Google for two reasons:

1. That click ID originated in the Google, which HIPAA does not regulate, so nothing new is being introduced
2. There is no health information in the $gclid, and therefore no PHI is shared back to the ad platform from the healthcare provider.

This kind of post-auth tracking doesn’t just protect patient data – it unlocks the insights marketers need to prove performance and drive smarter strategy.

Benefits of Authenticated Tracking

Implementing Freshpaint behind the login unlocks some very real, financially positive benefits for marketers:

• Complete Funnel Visibility: Track user journeys from initial ad interaction through critical post-login conversions.
• Enhanced ROI Measurement: Optimize marketing campaigns based on deeper, more actionable conversion metrics (e.g., actual appointment bookings or care plan adherence).
• Personalization with Privacy: Enable tailored user experiences without compromising identity security.
• Cross-Functional Collaboration: Better alignment between marketing and product teams due to shared, trusted data.

All of this adds up to the transformation we introduced at the outset of this article – shifting marketing from a cost center to a revenue driver.

Turning Insight Into Impact

Accessing post-authenticated data has long felt like a regulatory minefield for healthcare marketers. But with the right platform, and the right safeguards, it becomes a powerful advantage. Freshpaint makes it possible to unlock deep-funnel insights, honor patient privacy, and meet the expectations of legal and compliance teams.

The result isn’t just better data. It’s a stronger business case for marketing, clearer attribution, smarter campaigns, and a more strategic seat at the table.

Behind the login isn’t off-limits. It’s where the real opportunity begins.