June 19, 2025 • 31 mins
Aaron Burnett, CEO of Wheelhouse Digital Marketing Group, joins CJ Wolf to decode the complex world of healthcare marketing, privacy laws, and risk mitigation.
What You’ll Learn:
- The evolving legal landscape: OCR guidance, AHA lawsuits, FTC enforcement
- Why third-party tracking is out—and what to use instead
- How to collaborate across marketing, IT, and compliance
- What “data destiny” really means for covered entities
- Emerging solutions like media mix modeling and private analytics
Who Should Listen:
Compliance officers, healthcare marketers, IT leaders, and anyone responsible for HIPAA risk management in a digital world.
Thank you for listening! Please share, like, and subscribe.
If you'd like to see more compliance and auditing content feel free to follow us on social media.
Check out our resource center and weekly compliance newsletter for additional compliance and auditing content from our experts.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
CJ Wolf (00:00):
Welcome everybody to another episode of Compliance
Conversations.
I am CJ Wolf with Healthicityand today's guest is Aaron
Burnett.
Welcome Aaron to the show.
Thanks very much.
Looking forward to theconversation.
Yeah, we're so grateful thatyou've taken some time to share
your expertise.
Before we jump into our topic,we always invite our guests to
(00:23):
share a little bit aboutthemselves.
Maybe tell us about yourbackground or what you're
currently doing, whatever you'recomfortable sharing.
Aaron Burnett (00:29):
Sure.
So I'm Aaron Burnett.
I'm CEO of Wheelhouse DigitalMarketing Group.
We provide performancemarketing for privacy-first
industries.
We have a strong concentrationin healthcare and med tech, have
worked in those industries for13, 14 years.
We think about our work ashelping our clients thrive by
solving their toughest digitalchallenges.
(00:50):
So we're not necessarily theagency you bring in to get a 5%
incremental gain year over year.
We're the agency you bring into completely redefine strategy
change go-to-market, and get100% or 200% gain.
The sorts of problems we mightsolve are reimagining the online
booking experience, as we'vedone for Providence, which
(01:11):
drove, I think, an 860%year-over-year gain in online
appointment bookings, ordeveloping HIPAA-compliant data
solutions, as we've done andimplemented for very large
healthcare and insurance andmedtech clients, or some of the
work that we've done for NASAover the last six years to
consolidate about $2.5 millionpages of content across 29
(01:31):
websites into a single newunified information
architecture.
CJ Wolf (01:37):
Awesome.
So then it is rocket sciencebecause you're working with
NASA.
Some of it.
Aaron Burnett (01:41):
You
CJ Wolf (01:41):
know, I'll
Aaron Burnett (01:42):
tell you, NASA is exciting work because of the
scale.
It's also exciting because ofthe results we can drive.
They're the one client where wecan say we drove an increase of
one billion impressions insearch over six months.
Awesome.
CJ Wolf (01:56):
Awesome background.
Thank you so much for beingwilling to share.
And so, you know, as we weretalking a little bit before the
show started, most of ouraudience are compliance officers
in healthcare.
You know, you mentioned HIPAA.
And so a lot of complianceofficers, obviously HIPAA is one
of the larger areas that theyoversee.
And so we're going to talk alittle bit today about digital
(02:17):
marketing and kind of regulatorycompliance and those sorts of
things.
So maybe to kind of get thestage set, What would you say is
kind of the current state ofregulatory compliance as it
relates to digital marketing?
Aaron Burnett (02:32):
Sure.
I think, you know, the shortanswer is it's complex and
unsettled and continues to beso.
So you can kind of take youthrough three different levels
or so of where compliance andregulatory changes are having
impact.
You think about it at thefederal level.
We talked about HHS andeveryone in your audience will
be aware of the OCR guidance in2022.
(02:52):
The de facto impact of that wasto say pretty much all third
party tracking for digitalmarketing is a HIPAA violation
because most third partytracking captures the content
that someone is visiting and anidentifier, which was defined as
IP address.
And so that upended theindustry.
And we had lots of clients whopulled out all tracking.
(03:13):
We had some who took a wait andsee approach, some who
implemented new solutions, somewho very quickly regretted the
new solutions and are on to asecond better solution.
So we have that going on.
And then, of course, we had thelawsuit from the American
Hospital Association againstHHS, which nullified a key part
of of HHS guidance saying thisprescribed combination, the URL
(03:37):
plus IP address, really couldn'tbe forbidden.
What's interesting about thatruling is the judge didn't say
that's bad policy, you can't dothat.
The judge said you failed tocomply with the Administrative
Procedures Act, which can bedistilled to you did it wrong.
You didn't do the wrong thing,you did it wrong.
And so we anticipate that therewill be a new run at similar
(03:58):
guidance.
And then on top of that, HHShas, issued their intent to add
to the security side of HIPAAguidance, or rather HIPAA
compliance, and requireorganizations now to audit and
document their securityprocedures and data flow across
the organization.
So a lot of continuingcomplexity and a lot of
(04:21):
additional overhead there.
You have increased regulationsat a state level.
I think we're up to 21 stateswith active privacy laws that
are different from one anotherand some of are even more
restrictive and onerous thanwhat exists at a federal level.
You have FTC actions againstthose organizations that might
be sloppy with or suffer fromdata breaches.
(04:45):
And then you have the impact ata platform level.
So regardless of what happenedin that AHA versus HHS lawsuit,
the ship had really sailed, andGoogle, Meta, and other
advertising platforms, alongwith covered entities, i think
had collectively decided it'snot worth the risk and so you
(05:07):
have google introducing whatthey've called the privacy
sandbox which is a different wayto track i think that can best
be understood as google gets allof the data and everyone else
gets almost none of the data.
You have Meta introducing theirsensitive categories
restrictions at the beginning ofthis year, which significantly
(05:28):
constrains what covered entitiesor even not covered entities,
MedTech companies that aren't acovered entity can share in what
Google will ingest.
And you have changes at abrowser level.
Firefox and Safari don'tsupport cookies at all.
You have changes with Googleshifting to a consent model,
where many of their users, asignificant percentage, now also
(05:52):
won't allow third-partytracking.
And so collectively, you have ahigh degree of complexity on
the regulatory side, creatingrisk and uncertainty regarding
what you can track.
And you have a high degree ofuncertainty I guess, loss of
fidelity on the platform side,meaning that if you are a
digital marketer in healthcareor med tech, you have much less
(06:14):
data than you had previously.
The fidelity, the accuracy ofthat data is much lower than it
was in the past, and you have alot greater regulatory
uncertainty and regulatory risk.
Having said that though, Ithink one of the things that
maybe gets missed here is thatthat does not mean that if
you're in digital marketing forhealthcare, you necessarily have
(06:36):
to have less data.
You have to go about collectingthe data differently.
You have to handle it withgreater care, perhaps, than you
did.
You have to activate itdifferently.
But we have clients that havesignificantly more data and more
data fidelity today than theydid prior to the HHS guidance.
CJ Wolf (06:55):
Nice.
That's a great kind of summaryof this regulatory background.
And hearing you speak, makes methink as a compliance officer
in past lives, I'd often beinvited to meetings.
I have a seat at the tablewhere our marketing folks or
operational or business leadersare pursuing certain things and
(07:16):
compliance is there.
And as you mentioned justbriefly, some people just say,
it's easier to avoid the risk.
Let's just not even get closeto it.
Let's not try to maneuver it.
But what I'm hearing you say isthere is an appropriate way to
maneuver it.
So, you know, as a complianceofficer sitting at a table where
these kinds of businessdecisions are being discussed,
(07:38):
what do you think are somecommonly misunderstood things
about compliance and digitalmarketing?
Because, you know, we mightjump to the conclusion of it's
just not safe.
Let's not do it.
But it's sounding like now.
might be misunderstanding somethings sometimes
Aaron Burnett (07:53):
yeah i think there are a couple of things um
i think the biggest and mostimportant thing is that uh you
can collect a great deal of datait's not the collection of the
data that's problematic in themain as long as you're observing
cookie consent it's the sharingof the data with third parties
who are not under baa now whatthat implies is some significant
(08:16):
operational changes.
You can't rely on third partiesto collect your data, provide
it to you in a manner thatallows you to analyze it and
discern insights and performanceinformation from it.
You have to do that yourself.
But again, if you shift fromwe're going to use third party
(08:36):
tracking, we're going to useGoogle Analytics, a MetaPixel,
all of these third partytracking, and we're going to
send data to those thirdparties, which is absolutely
problematic.
That's a bright line issue.
And instead, we're going todevelop a means of collection
that allows us to house the datainternally.
So it's either in ourinfrastructure or it's
(08:56):
warehoused by a partner who'sunder BAA with us.
You can have absolutely highfidelity, very detailed data.
That data can be related to allof your advertising and site
analytics.
And if you do it right, it canalso include data that you never
could have incorporated intothird party platforms.
You can include integrationwith your CRM system.
(09:16):
You can include first party andzero party data.
And now you have a reallyinteresting, rich data trove
that you can mine to understandthe entire user or patient
journey, the performance of yourdigital advertising and then
think about how to activate thatdata.
A really critical considerationis activation.
(09:38):
You can discern, you can gleaninsights from data in your data
warehouse if you develop one andyou should, you cannot take
that data and share it with athird party platform.
You have to air gap thoseinsights and activate without
sharing anything thatapproximates PHI.
So it's just a different way todevelop and optimize campaigns.
CJ Wolf (10:02):
Yeah, so it sounds like you've probably helped clients
kind of navigate those nuancesin the past.
What's your experience inhelping compliance officers
understand those nuances?
It
Aaron Burnett (10:15):
starts with a lot of conversations.
I mean, you described a typicalmeeting to which you might be
invited.
And our experience is thatcompliance officers are
sometimes invited to thosemarketing meetings, but not
often.
Correct.
It's seen as sort of, ah, youknow, this is really going to
slow things down.
Sort of a necessary evil.
We'll do it in this instance.
So it starts with kind ofchanging that mentality.
(10:37):
This needs to be a partnership.
So the compliance team and yourlegal team and your marketing
team and your IT folks all needto be need to become friends and
understand things in the sameway and understand data flow
today and the points of risk indata flow today and the options
that are available to changethat implementation and to
(10:58):
preserve utility and optionalityfor digital marketing while
ensuring compliance and anelimination of legal risk to the
greatest extent possible.
And so it starts for us with alot of discussions with these
parties and a lot of educationbecause all All of them are
expert in different things andthey all now need to become semi
expert in one another'sdisciplines.
(11:19):
That's right.
And then describing the optionsthat are available to an
organization in a manner thathas no agenda except that we
want the organization toidentify the best option for
them.
And so we try to come inneutrally.
We have a recipe for how wehave developed and implemented
(11:40):
HIPAA compliant data solutions.
Our recipe might not always bethe right one for a particular
organization.
There might be something intheir infrastructure that means
our approach isn't the best.
They might already havepreexisting technology that we
should actually be building onrather than introducing
something new or they might havequite a simple digital
(12:00):
marketing ecosystem, which meansthat the approach that we might
take is perhaps overkill.
So we come in neutrally andjust say, these are the things
that you could do.
And this is sort of thecontinuum of cost.
These are the vendors who areavailable in this space.
This is what we know of ourwork with them and how what
these options are mapped to yourparticular circumstance, and
(12:24):
then help to guide thediscussion to selection.
I think the key ingredients ofthe right kind of HIPAA
compliant data solution,regardless of the technologies
or partners involved, isabsolute control at the moment
of collection and absoluteabsolute control at the moment
of sharing.
Right.
Those are the two things thatour approach includes.
(12:46):
And there are other things thatwe do in terms of data
cleansing and injection blockingand that sort of thing.
But those two elements are thekey.
And those two elements make thejob of a compliance officer so
much simpler.
One of the problems with thirdparty tracking is that What is
collected is governed by a datalibrary that is defined by a
(13:06):
third party.
And the data library can beupdated whenever they choose.
And so even if you and I wereworking together and I'm in
marketing and I want you toreview a pixel for a third party
advertising platform, and we gothrough and we identify
everything that that pixelcollects today, and we decide
that's okay.
(13:26):
We have no guarantee thattomorrow they will be collecting
the same thing that they werecollecting today.
And so the shift that we makeis, all right, we replace all
third-party tracking with aprivate client ID that exists
only in the ecosystem of aclient and with a data library
that we define in concert with aclient so that we know
positively what is collected andnothing else can be collected.
(13:49):
And then we do the same thingon the sharing side.
We control down to a singledata attribute level what is and
isn't shared with any thirdparty And those are key
ingredients to any solution inthis space.
CJ Wolf (14:01):
Yeah, sounds wonderful.
So Aaron, we're going to take aquick break and then we'll come
back and we'll talk some moreabout the compliance and digital
marketing.
Welcome back from the break,everybody.
We're talking to Aaron aboutcompliance and digital
(14:22):
marketing.
And Aaron, you're just sharingkind of ingredients of the
recipe.
I just wanted to make surethere wasn't anything else, any
other ingredients that you thinkare included, or do you feel
like we've got the batter mixedand we're ready to bake the
cake?
Aaron Burnett (14:38):
Yeah, there are a couple of other things that
really need to become motherhoodand apple pie for this sort of
ecosystem.
So one is the HIPAA compliantdata solution.
But the second, you know, Inorder to develop and maintain
high-fidelity data, you need adata warehouse that is within
your infrastructure or is heldby a third party under BAA.
And so increasingly, we seethat as just a foundational
(15:02):
element.
You can't get anywhere withouta data warehouse.
We warehouse all of ourclients' data just by rule
because it's the only way thatwe can see what's going on and
do so with a high degree ofsophistication.
I think the third element isthat is quite important now.
is a shift away from what'scalled attribution modeling.
(15:22):
So attribution modeling is theconventional way to figure out
what's working and what's not indigital marketing.
You look at performance.
And historically, throughplatforms like Google Analytics,
you would look at the lastchannel that a visitor came in
through before they converted orthe first channel that began
their journey.
Or you might model and say, I'mgoing to equally weight among
(15:45):
all of the touch points.
And that had some use.
much greater use when we hadmuch greater fidelity and trust
in that data.
But as the percentage of datathat we collect has dropped so
precipitously, some estimatesare that we've lost up to 60% of
the cookie-based data thatpreviously was available.
(16:06):
And as you have more happeningwith cookie deprecation and
cookie suppression at a browserlevel, you can't really rely on
attribution modeling.
And so you have to shift to amuch more sophisticated
approach, in our opinion, calledmedia mix modeling, which
allows us to see, it's a verysophisticated statistical
approach.
It allows us to see the directand indirect effects of all
(16:28):
marketing channels.
Historically, that was onlyavailable to big advertisers who
had millions of dollars tospend.
It usually took six to 12months to develop media mix
models, and it would takeanother six months every year
when you wanted to refresh themodel.
That data, because it was soinsightful and so powerful, gave
those advertisers a significantadvantage.
(16:50):
What's changed over the lastyear is that there are a couple
of open source models that arereally good.
So these are free for clients,for companies to use.
One is from Google, and it'scalled Meridian.
We've evaluated it thoroughly.
It is neutral.
It doesn't bias toward Google.
It's quite sophisticated.
(17:11):
And the other is from Meta andit's called Robin.
Both of them can be deployed ina HIPAA compliant fashion.
So we've deployed Meridian ontop of our HIPAA compliant data
warehouse and give you theability to run these sorts of
sophisticated analyses and tohave directionality and even to
understand where you should beinvesting your budget to get an
(17:32):
optimal return and what returnyou should expect.
So something that was onlyavailable to the really big boys
with lots of money before isavailable now to independent
companies and smaller entities.
Implementation is not for thefaint of heart.
It is complex, but
CJ Wolf (17:49):
it's worth doing.
Well, that's fascinating.
As I'm hearing you talk, I'mthinking a lot of these concepts
compliance officers need to beaware about, but also, just
connecting people in the rightform or fashion.
So you compliance officers thatare listening out there, I know
that you have interaction withyour marketing folks, but this
(18:10):
might be a good episode toforward to them.
And you both kind of get on thesame page when it comes to kind
of digital marketing topics andtalking points.
Aaron, so, you know, I'm not anexpert in antitrust rulings,
but before the show, you weresharing with me that there's
(18:31):
been some recent rulings.
And so maybe we can hear fromyou about do any of those recent
antitrust rulings, and youmentioned against Google, impact
any compliant healthcaremarketing?
Yeah.
Aaron Burnett (18:45):
So just a couple of days ago, the Department of
Justice filed with the courtsthat already had ruled that
Google is in fact monopolisticin their practices.
Right.
And what they're advocating isthat Google be forced to divest
of Chrome, their browser.
Okay.
And I think that the impactthat that might have on privacy
(19:05):
regulations and on compliance issomething that already is
underway today, but is likely toaccelerate.
Google gets...
a tremendous amount of datathrough Chrome.
That is arguably one of themain reasons that they developed
and rolled out that browser,which is a free browser.
They get lots of signal thatallows them to understand the
search landscape.
(19:25):
They get a tremendous amount ofsignal that allows them to
understand and the Department ofJustice would say, sort of
manipulate the searchadvertising landscape.
Without that data andanticipation of, I think, some
of these rulings, Google hasshifted to a form of device
fingerprinting.
So rather than third-partycookies or even server-side
(19:48):
tracking, device fingerprintingrequires no consent on behalf of
a user and occurs entirely at amachine level and can stitch
together identity and sessionsfrom device to device.
So from a laptop to a tablet toa mobile phone and back again.
So I think that what we'relikely to see is that data
(20:11):
collection kind of goesunderground in a way that end
users have very little controlover and compliance officers
also can't really anticipate andgovern either.
I don't know what newregulations will be developed to
govern that, but I do thinkthat it's probably not good that
(20:31):
the data collection that we'veattempted to govern, to handle
ethically, now goes undergroundin a manner that isn't visible
to compliance, to end users, oreven maybe to regulatory
entities.
CJ Wolf (20:47):
Interesting.
Yeah, see, I'd seen thatheadline, but I didn't really
know kind of some of thosedetails that you just shared.
So I appreciate you sharing alittle bit more about that.
Aaron Burnett (20:58):
The device fingerprinting has not been
widely publicized and Googlecertainly isn't gonna make any
noise about it.
Makes sense
CJ Wolf (21:06):
now, thank you.
So Aaron, I wanna ask you tokind of read the tea leaves and
predict a little bit here, givenyour expertise and your
experience in this field.
So if we were to look forwardyou know, what innovations or
technologies do you think willmost likely impact HIPAA
compliant marketing?
And then how should healthcareorganizations prepare for that
(21:29):
as we always are trying toanticipate the future a little
bit?
Yeah, yeah.
Aaron Burnett (21:33):
Well, I think, you know, we've covered a lot of
it.
I think that really theheadline for me and the guidance
that we give our clients isthat as quickly as possible, you
have to take control of yourown destiny.
Historically, digital marketingwas made easy by third parties
providing us with data throughthird party tracking, insights
in their own platforms, even ifthose insights were sometimes
(21:55):
biased.
They would define audiences forus years ago, allow us to track
those audience and remarket tothose audiences.
All of that was made easy.
Most of that is gone now,should be gone if it's not
already for anyone who is acovered entity.
And our belief is that You haveto take control of your own
(22:16):
destiny in terms of datacollection, in terms of data
warehousing, in terms ofgleaning insights from your own
data, in terms of audienceidentification and activation.
You have to develop your owndata ecosystem that does not
rely on third parties in thesame way.
And our experience is, and ourbelief in the future, that if
(22:40):
you do that, you are protectedagainst the whims of third
parties.
So for example, at thebeginning of this year, Meta
rolled out their sensitivecategories restriction, which
compliance folks may or may notbe familiar with, but it was a
really big deal for marketers.
What Meta said is if you are inany of these 14 categories that
(23:03):
we have defined, we believethat there is There are
regulatory restrictions and orrisk associated with our
collecting certain forms of datarelated to digital advertising,
to prospective clients,patients, what have you in these
spaces.
Some of them were healthcareand med tech related, and some
of them were not.
Some of them were finance oreven travel.
(23:24):
The problem is that one of thethings that they restricted is
conversion data.
So an event that says a persondid the thing that I wanted them
to do.
If you don't have conversionsignal, then you can't optimize
a campaign to get theperformance that you need.
And it doesn't matter whetheryou're collecting client-side or
(23:47):
whether you're doingserver-side tracking.
If you can't send that data toa platform, you have a problem.
For our clients who had alreadyimplemented our HIPAA compliant
data solution, we simply wereable to change naming
conventions and still providesignal that we understood to be
conversion that was stillcompliant with what Meta did,
(24:09):
with what Meta implemented interms of their restrictions.
We didn't get back to perfectparity.
We can't take advantage ofalgorithmic optimization in the
platform, but we maintainclarity with regard to
performance.
And it took relatively littleeffort on our part to do it
because we already had takencontrol of the data collection
and sharing mechanism thatallowed us to define what's
(24:31):
shared, what's not down to asingle attribute level.
So doing those kinds of thingsprotects you from a platform, a
browser, a new set ofregulations coming out and
upending your entire Apple cart.
CJ Wolf (24:46):
So Aaron, you know, so I am hearing kind of the part of
this take-home message istaking control and being in
control of your own destiny.
You know, you've talked manytimes about having your own data
warehouse and those sorts ofthings.
Who are the key players in anorganization?
Is this limited to a silo ofmarketing, but, or, you know, in
a large complex health systemare, you know, the information
(25:08):
security officers involved, thecompliance officers is involved,
your head of IT.
Tell me some of the key playersthat you typically would want
involved in an initiative oftaking control of your own
destiny?
Aaron Burnett (25:22):
Yeah, so all of those folks you just listed.
So when we work with anorganization of any size, we go
through operational securityreview.
We're working with IT and IS.
We're working with chiefcompliance officer, usually a
chief marketing officer or VP ofmarketing.
We are working as well withpeople who are at a director or
(25:44):
even manager level, who aredeveloping and implementing and
optimizing campaigns to ensurethat we understand their needs
and we're accounting for thoseneeds.
And we're working with the webteam as well.
The initial work that we dowhen we're implementing our
solution, and this would be trueof anyone's solution, is to
(26:05):
implement a new private clientID and often implement some form
of analytics container on awebsite and that requires
working with the web team aswell.
We often are working with folksin terms of change management
and we're working with folks interms of quality control to
(26:25):
ensure that once we go throughthe process of creating an
optimal environment and anenvironment that is compliant,
that it's not accidentallymessed up by a new web update or
someone who decided to run anew campaign.
And so there's a lot that we doto ensure that processes are in
place and we implement amonitoring solution to ensure
(26:48):
that if a change that isn'tcorrect does take place, we
catch it really quickly and wecan define what it
CJ Wolf (26:55):
is and revert.
Gotcha.
So, you know, that lastquestion then was about
innovations and technologies,and we've had a lot of other
episodes on the podcast inhealthcare about AI being
involved, like with coding andmedical billing and auditing and
revenue cycle.
This may be a yes or no answer,but does AI play any future
(27:15):
role, do you see, in this areathat we've been talking about?
I
Aaron Burnett (27:19):
can see that AI might play a role in automation
of monitoring, compliancemonitoring.
Okay.
It would be hard for me to seeAI playing a role in development
and implementation of asolution that is meant to
satisfy compliance.
That feels like a hands on thekeyboard sort of a thing that
(27:40):
you wouldn't outsource to anagent.
CJ Wolf (27:42):
Yeah.
And that's basically what I'veseen in a lot of responses as
we've talked about AI and othercompliance areas.
But just wanted, you know, kindof your expert opinion on that
as well.
Aaron Burnett (27:53):
Yeah.
Our perspective on AI is thatit delivers a lot of efficiency
in terms of our internalprocesses.
It helps us with some forms ofanalysis.
Some forms of data gatheringare made very efficient with AI.
Where we draw a line is that wedon't use AI for development of
content for our clients.
We're in healthcare and medtech.
(28:13):
The author really matters.
The absolute accuracy of thecontent really matters.
And so we'll take no riskthere.
We also believe that thequality of the content is much
better when a human is involved,but we can use AI for idea
generation, for structuring andoptimizing content that a human
then takes across the finishline.
(28:36):
Yeah,
CJ Wolf (28:37):
yeah, makes a lot of sense.
Well, Aaron, this has beenfascinating.
We're kind of out of time, butI want to give you kind of the
last word.
If you have any parting adviceor a topic or a response that I
might not have asked you aboutthat you think our listeners
should hear.
No,
Aaron Burnett (28:56):
I think it's been a good conversation and we've
covered things.
I would just say again, takecontrol of your data destiny.
CJ Wolf (29:01):
Awesome.
I love that.
That's kind of the take-homemessage that I received.
And for our listeners, we willinclude in the show notes ways
to get in touch with Aaron andhis company if you're looking
for that kind of service.
So thank you, Aaron, for beinghere today.
Thanks for the opportunity.
Absolutely.
And thanks to all of ourlisteners.
As usual, we at this point inthe podcast, we ask that if you
(29:24):
have topics or speakers that youwould like highlighted on the
podcast, please reach out to us.
We want to make sure we'rebringing content that is
important to you as a complianceprofessional.
So thanks, everybody.
And until next time, take care.
Welcome everybody to another episode of Compliance
Conversations.
I am CJ Wolf with Healthicityand today's guest is Aaron
Burnett.
Welcome Aaron to the show.
Thanks very much.
Looking forward to theconversation.
Yeah, we're so grateful thatyou've taken some time to share
your expertise.
Before we jump into our topic,we always invite our guests to
(00:23):
share a little bit aboutthemselves.
Maybe tell us about yourbackground or what you're
currently doing, whatever you'recomfortable sharing.
Aaron Burnett (00:29):
Sure.
So I'm Aaron Burnett.
I'm CEO of Wheelhouse DigitalMarketing Group.
We provide performancemarketing for privacy-first
industries.
We have a strong concentrationin healthcare and med tech, have
worked in those industries for13, 14 years.
We think about our work ashelping our clients thrive by
solving their toughest digitalchallenges.
(00:50):
So we're not necessarily theagency you bring in to get a 5%
incremental gain year over year.
We're the agency you bring into completely redefine strategy
change go-to-market, and get100% or 200% gain.
The sorts of problems we mightsolve are reimagining the online
booking experience, as we'vedone for Providence, which
(01:11):
drove, I think, an 860%year-over-year gain in online
appointment bookings, ordeveloping HIPAA-compliant data
solutions, as we've done andimplemented for very large
healthcare and insurance andmedtech clients, or some of the
work that we've done for NASAover the last six years to
consolidate about $2.5 millionpages of content across 29
(01:31):
websites into a single newunified information
architecture.
CJ Wolf (01:37):
Awesome.
So then it is rocket sciencebecause you're working with
NASA.
Some of it.
Aaron Burnett (01:41):
You
CJ Wolf (01:41):
know, I'll
Aaron Burnett (01:42):
tell you, NASA is exciting work because of the
scale.
It's also exciting because ofthe results we can drive.
They're the one client where wecan say we drove an increase of
one billion impressions insearch over six months.
Awesome.
CJ Wolf (01:56):
Awesome background.
Thank you so much for beingwilling to share.
And so, you know, as we weretalking a little bit before the
show started, most of ouraudience are compliance officers
in healthcare.
You know, you mentioned HIPAA.
And so a lot of complianceofficers, obviously HIPAA is one
of the larger areas that theyoversee.
And so we're going to talk alittle bit today about digital
(02:17):
marketing and kind of regulatorycompliance and those sorts of
things.
So maybe to kind of get thestage set, What would you say is
kind of the current state ofregulatory compliance as it
relates to digital marketing?
Aaron Burnett (02:32):
Sure.
I think, you know, the shortanswer is it's complex and
unsettled and continues to beso.
So you can kind of take youthrough three different levels
or so of where compliance andregulatory changes are having
impact.
You think about it at thefederal level.
We talked about HHS andeveryone in your audience will
be aware of the OCR guidance in2022.
(02:52):
The de facto impact of that wasto say pretty much all third
party tracking for digitalmarketing is a HIPAA violation
because most third partytracking captures the content
that someone is visiting and anidentifier, which was defined as
IP address.
And so that upended theindustry.
And we had lots of clients whopulled out all tracking.
(03:13):
We had some who took a wait andsee approach, some who
implemented new solutions, somewho very quickly regretted the
new solutions and are on to asecond better solution.
So we have that going on.
And then, of course, we had thelawsuit from the American
Hospital Association againstHHS, which nullified a key part
of of HHS guidance saying thisprescribed combination, the URL
(03:37):
plus IP address, really couldn'tbe forbidden.
What's interesting about thatruling is the judge didn't say
that's bad policy, you can't dothat.
The judge said you failed tocomply with the Administrative
Procedures Act, which can bedistilled to you did it wrong.
You didn't do the wrong thing,you did it wrong.
And so we anticipate that therewill be a new run at similar
(03:58):
guidance.
And then on top of that, HHShas, issued their intent to add
to the security side of HIPAAguidance, or rather HIPAA
compliance, and requireorganizations now to audit and
document their securityprocedures and data flow across
the organization.
So a lot of continuingcomplexity and a lot of
(04:21):
additional overhead there.
You have increased regulationsat a state level.
I think we're up to 21 stateswith active privacy laws that
are different from one anotherand some of are even more
restrictive and onerous thanwhat exists at a federal level.
You have FTC actions againstthose organizations that might
be sloppy with or suffer fromdata breaches.
(04:45):
And then you have the impact ata platform level.
So regardless of what happenedin that AHA versus HHS lawsuit,
the ship had really sailed, andGoogle, Meta, and other
advertising platforms, alongwith covered entities, i think
had collectively decided it'snot worth the risk and so you
(05:07):
have google introducing whatthey've called the privacy
sandbox which is a different wayto track i think that can best
be understood as google gets allof the data and everyone else
gets almost none of the data.
You have Meta introducing theirsensitive categories
restrictions at the beginning ofthis year, which significantly
(05:28):
constrains what covered entitiesor even not covered entities,
MedTech companies that aren't acovered entity can share in what
Google will ingest.
And you have changes at abrowser level.
Firefox and Safari don'tsupport cookies at all.
You have changes with Googleshifting to a consent model,
where many of their users, asignificant percentage, now also
(05:52):
won't allow third-partytracking.
And so collectively, you have ahigh degree of complexity on
the regulatory side, creatingrisk and uncertainty regarding
what you can track.
And you have a high degree ofuncertainty I guess, loss of
fidelity on the platform side,meaning that if you are a
digital marketer in healthcareor med tech, you have much less
(06:14):
data than you had previously.
The fidelity, the accuracy ofthat data is much lower than it
was in the past, and you have alot greater regulatory
uncertainty and regulatory risk.
Having said that though, Ithink one of the things that
maybe gets missed here is thatthat does not mean that if
you're in digital marketing forhealthcare, you necessarily have
(06:36):
to have less data.
You have to go about collectingthe data differently.
You have to handle it withgreater care, perhaps, than you
did.
You have to activate itdifferently.
But we have clients that havesignificantly more data and more
data fidelity today than theydid prior to the HHS guidance.
CJ Wolf (06:55):
Nice.
That's a great kind of summaryof this regulatory background.
And hearing you speak, makes methink as a compliance officer
in past lives, I'd often beinvited to meetings.
I have a seat at the tablewhere our marketing folks or
operational or business leadersare pursuing certain things and
(07:16):
compliance is there.
And as you mentioned justbriefly, some people just say,
it's easier to avoid the risk.
Let's just not even get closeto it.
Let's not try to maneuver it.
But what I'm hearing you say isthere is an appropriate way to
maneuver it.
So, you know, as a complianceofficer sitting at a table where
these kinds of businessdecisions are being discussed,
(07:38):
what do you think are somecommonly misunderstood things
about compliance and digitalmarketing?
Because, you know, we mightjump to the conclusion of it's
just not safe.
Let's not do it.
But it's sounding like now.
might be misunderstanding somethings sometimes
Aaron Burnett (07:53):
yeah i think there are a couple of things um
i think the biggest and mostimportant thing is that uh you
can collect a great deal of datait's not the collection of the
data that's problematic in themain as long as you're observing
cookie consent it's the sharingof the data with third parties
who are not under baa now whatthat implies is some significant
(08:16):
operational changes.
You can't rely on third partiesto collect your data, provide
it to you in a manner thatallows you to analyze it and
discern insights and performanceinformation from it.
You have to do that yourself.
But again, if you shift fromwe're going to use third party
(08:36):
tracking, we're going to useGoogle Analytics, a MetaPixel,
all of these third partytracking, and we're going to
send data to those thirdparties, which is absolutely
problematic.
That's a bright line issue.
And instead, we're going todevelop a means of collection
that allows us to house the datainternally.
So it's either in ourinfrastructure or it's
(08:56):
warehoused by a partner who'sunder BAA with us.
You can have absolutely highfidelity, very detailed data.
That data can be related to allof your advertising and site
analytics.
And if you do it right, it canalso include data that you never
could have incorporated intothird party platforms.
You can include integrationwith your CRM system.
(09:16):
You can include first party andzero party data.
And now you have a reallyinteresting, rich data trove
that you can mine to understandthe entire user or patient
journey, the performance of yourdigital advertising and then
think about how to activate thatdata.
A really critical considerationis activation.
(09:38):
You can discern, you can gleaninsights from data in your data
warehouse if you develop one andyou should, you cannot take
that data and share it with athird party platform.
You have to air gap thoseinsights and activate without
sharing anything thatapproximates PHI.
So it's just a different way todevelop and optimize campaigns.
CJ Wolf (10:02):
Yeah, so it sounds like you've probably helped clients
kind of navigate those nuancesin the past.
What's your experience inhelping compliance officers
understand those nuances?
It
Aaron Burnett (10:15):
starts with a lot of conversations.
I mean, you described a typicalmeeting to which you might be
invited.
And our experience is thatcompliance officers are
sometimes invited to thosemarketing meetings, but not
often.
Correct.
It's seen as sort of, ah, youknow, this is really going to
slow things down.
Sort of a necessary evil.
We'll do it in this instance.
So it starts with kind ofchanging that mentality.
(10:37):
This needs to be a partnership.
So the compliance team and yourlegal team and your marketing
team and your IT folks all needto be need to become friends and
understand things in the sameway and understand data flow
today and the points of risk indata flow today and the options
that are available to changethat implementation and to
(10:58):
preserve utility and optionalityfor digital marketing while
ensuring compliance and anelimination of legal risk to the
greatest extent possible.
And so it starts for us with alot of discussions with these
parties and a lot of educationbecause all All of them are
expert in different things andthey all now need to become semi
expert in one another'sdisciplines.
(11:19):
That's right.
And then describing the optionsthat are available to an
organization in a manner thathas no agenda except that we
want the organization toidentify the best option for
them.
And so we try to come inneutrally.
We have a recipe for how wehave developed and implemented
(11:40):
HIPAA compliant data solutions.
Our recipe might not always bethe right one for a particular
organization.
There might be something intheir infrastructure that means
our approach isn't the best.
They might already havepreexisting technology that we
should actually be building onrather than introducing
something new or they might havequite a simple digital
(12:00):
marketing ecosystem, which meansthat the approach that we might
take is perhaps overkill.
So we come in neutrally andjust say, these are the things
that you could do.
And this is sort of thecontinuum of cost.
These are the vendors who areavailable in this space.
This is what we know of ourwork with them and how what
these options are mapped to yourparticular circumstance, and
(12:24):
then help to guide thediscussion to selection.
I think the key ingredients ofthe right kind of HIPAA
compliant data solution,regardless of the technologies
or partners involved, isabsolute control at the moment
of collection and absoluteabsolute control at the moment
of sharing.
Right.
Those are the two things thatour approach includes.
(12:46):
And there are other things thatwe do in terms of data
cleansing and injection blockingand that sort of thing.
But those two elements are thekey.
And those two elements make thejob of a compliance officer so
much simpler.
One of the problems with thirdparty tracking is that What is
collected is governed by a datalibrary that is defined by a
(13:06):
third party.
And the data library can beupdated whenever they choose.
And so even if you and I wereworking together and I'm in
marketing and I want you toreview a pixel for a third party
advertising platform, and we gothrough and we identify
everything that that pixelcollects today, and we decide
that's okay.
(13:26):
We have no guarantee thattomorrow they will be collecting
the same thing that they werecollecting today.
And so the shift that we makeis, all right, we replace all
third-party tracking with aprivate client ID that exists
only in the ecosystem of aclient and with a data library
that we define in concert with aclient so that we know
positively what is collected andnothing else can be collected.
(13:49):
And then we do the same thingon the sharing side.
We control down to a singledata attribute level what is and
isn't shared with any thirdparty And those are key
ingredients to any solution inthis space.
CJ Wolf (14:01):
Yeah, sounds wonderful.
So Aaron, we're going to take aquick break and then we'll come
back and we'll talk some moreabout the compliance and digital
marketing.
Welcome back from the break,everybody.
We're talking to Aaron aboutcompliance and digital
(14:22):
marketing.
And Aaron, you're just sharingkind of ingredients of the
recipe.
I just wanted to make surethere wasn't anything else, any
other ingredients that you thinkare included, or do you feel
like we've got the batter mixedand we're ready to bake the
cake?
Aaron Burnett (14:38):
Yeah, there are a couple of other things that
really need to become motherhoodand apple pie for this sort of
ecosystem.
So one is the HIPAA compliantdata solution.
But the second, you know, Inorder to develop and maintain
high-fidelity data, you need adata warehouse that is within
your infrastructure or is heldby a third party under BAA.
And so increasingly, we seethat as just a foundational
(15:02):
element.
You can't get anywhere withouta data warehouse.
We warehouse all of ourclients' data just by rule
because it's the only way thatwe can see what's going on and
do so with a high degree ofsophistication.
I think the third element isthat is quite important now.
is a shift away from what'scalled attribution modeling.
(15:22):
So attribution modeling is theconventional way to figure out
what's working and what's not indigital marketing.
You look at performance.
And historically, throughplatforms like Google Analytics,
you would look at the lastchannel that a visitor came in
through before they converted orthe first channel that began
their journey.
Or you might model and say, I'mgoing to equally weight among
(15:45):
all of the touch points.
And that had some use.
much greater use when we hadmuch greater fidelity and trust
in that data.
But as the percentage of datathat we collect has dropped so
precipitously, some estimatesare that we've lost up to 60% of
the cookie-based data thatpreviously was available.
(16:06):
And as you have more happeningwith cookie deprecation and
cookie suppression at a browserlevel, you can't really rely on
attribution modeling.
And so you have to shift to amuch more sophisticated
approach, in our opinion, calledmedia mix modeling, which
allows us to see, it's a verysophisticated statistical
approach.
It allows us to see the directand indirect effects of all
(16:28):
marketing channels.
Historically, that was onlyavailable to big advertisers who
had millions of dollars tospend.
It usually took six to 12months to develop media mix
models, and it would takeanother six months every year
when you wanted to refresh themodel.
That data, because it was soinsightful and so powerful, gave
those advertisers a significantadvantage.
(16:50):
What's changed over the lastyear is that there are a couple
of open source models that arereally good.
So these are free for clients,for companies to use.
One is from Google, and it'scalled Meridian.
We've evaluated it thoroughly.
It is neutral.
It doesn't bias toward Google.
It's quite sophisticated.
(17:11):
And the other is from Meta andit's called Robin.
Both of them can be deployed ina HIPAA compliant fashion.
So we've deployed Meridian ontop of our HIPAA compliant data
warehouse and give you theability to run these sorts of
sophisticated analyses and tohave directionality and even to
understand where you should beinvesting your budget to get an
(17:32):
optimal return and what returnyou should expect.
So something that was onlyavailable to the really big boys
with lots of money before isavailable now to independent
companies and smaller entities.
Implementation is not for thefaint of heart.
It is complex, but
CJ Wolf (17:49):
it's worth doing.
Well, that's fascinating.
As I'm hearing you talk, I'mthinking a lot of these concepts
compliance officers need to beaware about, but also, just
connecting people in the rightform or fashion.
So you compliance officers thatare listening out there, I know
that you have interaction withyour marketing folks, but this
(18:10):
might be a good episode toforward to them.
And you both kind of get on thesame page when it comes to kind
of digital marketing topics andtalking points.
Aaron, so, you know, I'm not anexpert in antitrust rulings,
but before the show, you weresharing with me that there's
(18:31):
been some recent rulings.
And so maybe we can hear fromyou about do any of those recent
antitrust rulings, and youmentioned against Google, impact
any compliant healthcaremarketing?
Yeah.
Aaron Burnett (18:45):
So just a couple of days ago, the Department of
Justice filed with the courtsthat already had ruled that
Google is in fact monopolisticin their practices.
Right.
And what they're advocating isthat Google be forced to divest
of Chrome, their browser.
Okay.
And I think that the impactthat that might have on privacy
(19:05):
regulations and on compliance issomething that already is
underway today, but is likely toaccelerate.
Google gets...
a tremendous amount of datathrough Chrome.
That is arguably one of themain reasons that they developed
and rolled out that browser,which is a free browser.
They get lots of signal thatallows them to understand the
search landscape.
(19:25):
They get a tremendous amount ofsignal that allows them to
understand and the Department ofJustice would say, sort of
manipulate the searchadvertising landscape.
Without that data andanticipation of, I think, some
of these rulings, Google hasshifted to a form of device
fingerprinting.
So rather than third-partycookies or even server-side
(19:48):
tracking, device fingerprintingrequires no consent on behalf of
a user and occurs entirely at amachine level and can stitch
together identity and sessionsfrom device to device.
So from a laptop to a tablet toa mobile phone and back again.
So I think that what we'relikely to see is that data
(20:11):
collection kind of goesunderground in a way that end
users have very little controlover and compliance officers
also can't really anticipate andgovern either.
I don't know what newregulations will be developed to
govern that, but I do thinkthat it's probably not good that
(20:31):
the data collection that we'veattempted to govern, to handle
ethically, now goes undergroundin a manner that isn't visible
to compliance, to end users, oreven maybe to regulatory
entities.
CJ Wolf (20:47):
Interesting.
Yeah, see, I'd seen thatheadline, but I didn't really
know kind of some of thosedetails that you just shared.
So I appreciate you sharing alittle bit more about that.
Aaron Burnett (20:58):
The device fingerprinting has not been
widely publicized and Googlecertainly isn't gonna make any
noise about it.
Makes sense
CJ Wolf (21:06):
now, thank you.
So Aaron, I wanna ask you tokind of read the tea leaves and
predict a little bit here, givenyour expertise and your
experience in this field.
So if we were to look forwardyou know, what innovations or
technologies do you think willmost likely impact HIPAA
compliant marketing?
And then how should healthcareorganizations prepare for that
(21:29):
as we always are trying toanticipate the future a little
bit?
Yeah, yeah.
Aaron Burnett (21:33):
Well, I think, you know, we've covered a lot of
it.
I think that really theheadline for me and the guidance
that we give our clients isthat as quickly as possible, you
have to take control of yourown destiny.
Historically, digital marketingwas made easy by third parties
providing us with data throughthird party tracking, insights
in their own platforms, even ifthose insights were sometimes
(21:55):
biased.
They would define audiences forus years ago, allow us to track
those audience and remarket tothose audiences.
All of that was made easy.
Most of that is gone now,should be gone if it's not
already for anyone who is acovered entity.
And our belief is that You haveto take control of your own
(22:16):
destiny in terms of datacollection, in terms of data
warehousing, in terms ofgleaning insights from your own
data, in terms of audienceidentification and activation.
You have to develop your owndata ecosystem that does not
rely on third parties in thesame way.
And our experience is, and ourbelief in the future, that if
(22:40):
you do that, you are protectedagainst the whims of third
parties.
So for example, at thebeginning of this year, Meta
rolled out their sensitivecategories restriction, which
compliance folks may or may notbe familiar with, but it was a
really big deal for marketers.
What Meta said is if you are inany of these 14 categories that
(23:03):
we have defined, we believethat there is There are
regulatory restrictions and orrisk associated with our
collecting certain forms of datarelated to digital advertising,
to prospective clients,patients, what have you in these
spaces.
Some of them were healthcareand med tech related, and some
of them were not.
Some of them were finance oreven travel.
(23:24):
The problem is that one of thethings that they restricted is
conversion data.
So an event that says a persondid the thing that I wanted them
to do.
If you don't have conversionsignal, then you can't optimize
a campaign to get theperformance that you need.
And it doesn't matter whetheryou're collecting client-side or
(23:47):
whether you're doingserver-side tracking.
If you can't send that data toa platform, you have a problem.
For our clients who had alreadyimplemented our HIPAA compliant
data solution, we simply wereable to change naming
conventions and still providesignal that we understood to be
conversion that was stillcompliant with what Meta did,
(24:09):
with what Meta implemented interms of their restrictions.
We didn't get back to perfectparity.
We can't take advantage ofalgorithmic optimization in the
platform, but we maintainclarity with regard to
performance.
And it took relatively littleeffort on our part to do it
because we already had takencontrol of the data collection
and sharing mechanism thatallowed us to define what's
(24:31):
shared, what's not down to asingle attribute level.
So doing those kinds of thingsprotects you from a platform, a
browser, a new set ofregulations coming out and
upending your entire Apple cart.
CJ Wolf (24:46):
So Aaron, you know, so I am hearing kind of the part of
this take-home message istaking control and being in
control of your own destiny.
You know, you've talked manytimes about having your own data
warehouse and those sorts ofthings.
Who are the key players in anorganization?
Is this limited to a silo ofmarketing, but, or, you know, in
a large complex health systemare, you know, the information
(25:08):
security officers involved, thecompliance officers is involved,
your head of IT.
Tell me some of the key playersthat you typically would want
involved in an initiative oftaking control of your own
destiny?
Aaron Burnett (25:22):
Yeah, so all of those folks you just listed.
So when we work with anorganization of any size, we go
through operational securityreview.
We're working with IT and IS.
We're working with chiefcompliance officer, usually a
chief marketing officer or VP ofmarketing.
We are working as well withpeople who are at a director or
(25:44):
even manager level, who aredeveloping and implementing and
optimizing campaigns to ensurethat we understand their needs
and we're accounting for thoseneeds.
And we're working with the webteam as well.
The initial work that we dowhen we're implementing our
solution, and this would be trueof anyone's solution, is to
(26:05):
implement a new private clientID and often implement some form
of analytics container on awebsite and that requires
working with the web team aswell.
We often are working with folksin terms of change management
and we're working with folks interms of quality control to
(26:25):
ensure that once we go throughthe process of creating an
optimal environment and anenvironment that is compliant,
that it's not accidentallymessed up by a new web update or
someone who decided to run anew campaign.
And so there's a lot that we doto ensure that processes are in
place and we implement amonitoring solution to ensure
(26:48):
that if a change that isn'tcorrect does take place, we
catch it really quickly and wecan define what it
CJ Wolf (26:55):
is and revert.
Gotcha.
So, you know, that lastquestion then was about
innovations and technologies,and we've had a lot of other
episodes on the podcast inhealthcare about AI being
involved, like with coding andmedical billing and auditing and
revenue cycle.
This may be a yes or no answer,but does AI play any future
(27:15):
role, do you see, in this areathat we've been talking about?
I
Aaron Burnett (27:19):
can see that AI might play a role in automation
of monitoring, compliancemonitoring.
Okay.
It would be hard for me to seeAI playing a role in development
and implementation of asolution that is meant to
satisfy compliance.
That feels like a hands on thekeyboard sort of a thing that
(27:40):
you wouldn't outsource to anagent.
CJ Wolf (27:42):
Yeah.
And that's basically what I'veseen in a lot of responses as
we've talked about AI and othercompliance areas.
But just wanted, you know, kindof your expert opinion on that
as well.
Aaron Burnett (27:53):
Yeah.
Our perspective on AI is thatit delivers a lot of efficiency
in terms of our internalprocesses.
It helps us with some forms ofanalysis.
Some forms of data gatheringare made very efficient with AI.
Where we draw a line is that wedon't use AI for development of
content for our clients.
We're in healthcare and medtech.
(28:13):
The author really matters.
The absolute accuracy of thecontent really matters.
And so we'll take no riskthere.
We also believe that thequality of the content is much
better when a human is involved,but we can use AI for idea
generation, for structuring andoptimizing content that a human
then takes across the finishline.
(28:36):
Yeah,
CJ Wolf (28:37):
yeah, makes a lot of sense.
Well, Aaron, this has beenfascinating.
We're kind of out of time, butI want to give you kind of the
last word.
If you have any parting adviceor a topic or a response that I
might not have asked you aboutthat you think our listeners
should hear.
No,
Aaron Burnett (28:56):
I think it's been a good conversation and we've
covered things.
I would just say again, takecontrol of your data destiny.
CJ Wolf (29:01):
Awesome.
I love that.
That's kind of the take-homemessage that I received.
And for our listeners, we willinclude in the show notes ways
to get in touch with Aaron andhis company if you're looking
for that kind of service.
So thank you, Aaron, for beinghere today.
Thanks for the opportunity.
Absolutely.
And thanks to all of ourlisteners.
As usual, we at this point inthe podcast, we ask that if you
(29:24):
have topics or speakers that youwould like highlighted on the
podcast, please reach out to us.
We want to make sure we'rebringing content that is
important to you as a complianceprofessional.
So thanks, everybody.
And until next time, take care.
Popular Podcasts
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.