How Meta’s Data Restrictions Impact Healthcare Advertising Strategies

Meta has announced significant updates starting in January 2025 that will change how it handles data from healthcare advertisers. I don’t know anyone in the industry who isn’t worried about this announcement, so I wanted to shed a little light on what’s happening, why it’s happening, and what you should plan to do about it.

Most importantly, DON’T PANIC.

Digital advertising for healthcare has always been a dynamic landscape, which is the only thing about healthcare advertising that won’t change. Everything else evolves, and we figure out smart ways to evolve with it so we can continue delivering effective campaigns. After researching (and getting some input from our resident experts Carolina Costa and Rich Briddock), here’s what you should know:

Context: Pursuing Privacy

In the past few years, we’ve seen a big general push from consumers and regulators alike for more privacy across the board, whether we’re talking about HIPAA compliance with PHI, or California privacy laws against pixels, or Google phasing out third-party cookies. The future of digital healthcare advertising is trending towards more privacy.

That’s a general trend. Of course, sometimes things buck the trend, and we see pushback—you may recall the AHA won a verdict this summer regarding the recent HIPAA bulletin on tracking technologies, and Google Chrome has already delayed their third-party cookie deprecation once —but overall, we’ve seen that both healthcare and digital advertising are getting a lot more privacy-protective regulations than they used to have, and the lawsuits to back them up.

For those of us who live at the intersection of healthcare and digital advertising, that’s a reality we must adapt. Heck, we already have adapted to numerous new privacy regulations over the past decade, and so in that context, while Meta’s latest update may come as an unpleasant surprise, it’s nothing outside the bounds of what we’re used to dealing with.

What’s Changing at Meta

Starting in January 2025, Meta is rolling out stricter data-sharing policies that will significantly impact healthcare advertisers. These changes determine how data from websites and apps is categorized—and, in some cases, fully restricted.

Meta has introduced three levels of data source restrictions:

• Core Setup: (Default for healthcare advertisers, optional for others)
  • Core setup restricts the transmission of custom parameters and any information in a URL following the domain. 
  • Advertisers must ensure their event tracking does not include prohibited data or custom parameters.
    
• Mid-Restricted Properties: (Affects multi-discipline broad health systems and providers)
  • Restrictions on mid- and lower-funnel optimizations, impacting conversion tracking and retargeting.
• Full-Restricted Properties: (Affects condition-specific providers, e.g., treatmigraines.com)
  • No mid- or lower-funnel event tracking.
  • Custom conversion events are completely blocked.
  • Most often, we have found this restriction to be applied based on specific regions. 

Most of the healthcare advertisers we work with are being classified into core setup or mid-restricted properties, which means they’ll need to rethink how they optimize campaigns and track engagement.

Here’s what Meta said about these changes:

“”

Starting in January 2025, we will begin rolling out additional restrictions on certain categories of websites and apps that are using the Meta Business Tools as part of our ongoing efforts to help prevent advertisers from sharing information that is not allowed under our terms. It is crucial that you review your data source categories in Events Manager to help ensure they are appropriately categorized.

As you may know, Meta’s systems are designed to help detect and remove information shared through our Meta Business Tools that may not be allowed under our Meta Business Tool Terms. We are also working to categorize data sources, such as websites and apps, that send us data through the Meta Business Tools based on the topics related to the data source and the products and/or services provided. This helps us determine how your data source may be categorized, including if your data source may fall under a category that comes with restrictions.

Based on your current data source categorization, your websites or apps may be fully restricted from sharing all event data via our Meta Business Tools in your target regions. This means that all events from your website or app will not be shared with Meta, or will be subsequently removed when received (if it’s sent server-side, for e.g., CAPI) through any of our Business Tools. Please note that this change may impact your campaign performance. The impact you may observe on your campaigns will depend primarily on if and how you are currently using standard events.

Meta will not pause your ongoing campaigns as a result of these restrictions.

You’ll receive a notification in Ads Manager and Events Manager about which ad sets and events are impacted by these changes.

Your delivery and effectiveness may decline over time if the restricted events are required for campaign targeting, optimization, or measurement.

In light of this update, we recommend: If you think your website or app is appropriately categorized, we recommend adjusting your campaign and events/data source strategy to optimize for certain available actions and/or campaign objectives, such as Awareness (e.g., reach, impressions), Engagement (e.g., likes, comments, shares) and Traffic (e.g., link clicks).

If you think that your website or app is not appropriately categorized, you can request a review in Events Manager.

“”

What Do You Need to Do?

Check Your Data Categorization

There are two easy ways to find out how your data sources are categorized:

1. Check Your Email: Meta has been notifying advertisers via email. Look for a message outlining your categorization status (example below).

2. Review Notifications in Meta Business Manager, and then follow these steps:

• Open Events Manager in Meta Business Manager.
• Select your data source (such as your pixel).
• Go to Settings and click “Manage Categories.”
• Review the assigned categories to confirm their accuracy.
  

3. Check Your Categorization. 

• Categorization began in November and December 2024. If you believe your categorization is inaccurate, you can file an appeal. However, if your categorization is accurate, requesting an appeal is not recommended, as it is unlikely to change the outcome. Instead, focus on adjusting your campaign strategy accordingly. More on that below.

4. Request A Review Period.

• Request a review period, which will give you 30 days to review the restrictions, adjust and confirm custom events, and adapt your strategy. 
• Based on what we’ve seen, not everyone will be granted a 30-day review period. Those with mid and full restrictions are more likely to receive it than those with core restrictions. 

Review & Confirm Custom Events

Under Meta’s new categorization system, custom events must comply with updated policies to avoid being blocked.

To ensure your conversion events remain active, follow these best practices:

• Avoid sensitive data: Do not include parameters related to health, finances, consumer reports, or other personally sensitive information.
• Hash URL parameters: Any data following the primary URL should be encrypted to prevent unintended data sharing.
• Exclude users under 13: Data from children under 13 should not be collected or transmitted.

Meta allows advertisers to confirm or block custom events manually. Here’s how to review and confirm your custom events:

• Go to Business Manager and navigate to Custom Event Manager.
• Review each event and decide whether to confirm or block it.
• Be cautious: If you confirm an event that doesn’t comply with Meta’s rules, it will be permanently blocked.

Before confirming events, we recommend the following:

• Revise your event naming strategy to ensure compliance.
• Using generic names that do not reference personal health information (PHI) or other sensitive data.

By proactively reviewing your custom events now, you can prevent disruptions and keep your campaigns running smoothly.

Adjust Campaign Objectives

If your data source categorization looks correct, but you’re facing restrictions on lower-funnel events due to that categorization, then consider shifting focus to upper-funnel events to maintain campaign performance.

What to Do Based on Your Restriction Level

• Partial Restrictions: Focus on upper-funnel events like awareness, engagement, and traffic-based objectives.
• Full Restrictions: You’ll need to adjust your campaign to optimize for a different ad objective in Meta Ads Manager, as you’ll lose access to Meta Business Tools for optimization. If you don’t, your performance will degrade over time. 

For more details, visit Meta’s official guide.

What’s the Impact?

The first thing to know is that this primarily affects bottom of funnel (BOF) campaign optimization purposes and data pass back for audience creation. 

Audience Creation: 

• Pixel and Conversion API (CAPI) audiences built using BOF events may be restricted or phased out.
• This will limit retargeting and Lookalike (LAL) audience creation.
  

Bottom-of-Funnel Campaigns: 

For website conversion campaigns, optimization will need to focus on events triggered by CTA button clicks (e.g., “Fill Form”) rather than form submissions themselves.

What Stays the Same:

Thus far, we have not seen restrictions for:

• Lead Forms: No mention has been made about restrictions on lead form data sources, so we believe lead form campaigns will remain unaffected for now. 
• Top-of-Funnel Campaigns: Top-of-funnel campaign strategies do not rely on restricted conversion actions and will not be impacted.

Understanding Meta Data Flow

Why are top-of-funnel campaigns and lead forms still allowed while other campaign objectives face restrictions? It all comes down to how data enters Meta’s ecosystem and the role of user consent.

Meta’s new restrictions primarily target data sent from external sources—such as website activity and app interactions—because this data may contain health-related information that advertisers cannot share under Meta’s policies.

On the other hand, data generated within Meta, like engagement with video ads and lead forms, remains permissible. In these cases, users voluntarily provide their information under Meta’s user agreement, making the data collection process compliant.

Meta’s goal is to prevent external health data from being injected into its platform while still allowing users to share information through direct interactions. This distinction explains why some campaign types remain unaffected while others face new limitations.

Future-Proof Your Healthcare Advertising

Don’t let Meta’s policy changes deter you from testing and expanding your presence on the platform.

While paid search remains a powerful channel for patient acquisition, it shouldn’t be the only digital channel you invest in your patient acquisition toolkit. Doing so will limit your ability to scale and reach new unaware audiences. 

A significant portion of the population spends a massive amount of time on social media, where they’re not actively searching for healthcare solutions. Yet these individuals may be ideal patients; they’re just unaware of their condition or are just beginning to question whether they have a problem. Focusing on paid search alone means that you aren’t fully engaging with this audience—but that’s where paid social shines.

Meta’s changes will require adjustments to your strategy. Your benchmarks will need to evolve, and past performance metrics on Meta may no longer be achievable. That doesn’t mean paid social is no longer effective for patient acquisition—it just requires a shift in approach.

Here’s how you can adapt your paid social strategy to continue reaching and converting patients.

Test 3P Audiences

Third-party data providers offer claims-based audiences that allow healthcare marketers to target individuals more precisely on Meta without handling sensitive health information directly. These audiences are built using data on diagnoses, procedures, and prescriptions, helping advertisers reach relevant patients while staying compliant with HIPAA and other privacy regulations.

• Deterministic Audiences: Built from verified healthcare data, such as individuals who have undergone a specific procedure or received a particular diagnosis. These audiences are pushed into Meta via platforms like LiveRamp, ensuring a high degree of accuracy.
• Probabilistic Audiences: Modeled from deterministic seed lists, these audiences expand targeting by identifying lookalike individuals who share similar characteristics. This allows you to scale the campaign while still maintaining relevance. For example, a probabilistic model might identify women at high risk for breast cancer based on behavioral and demographic factors, even if they haven’t been formally diagnosed.

Use Lead Forms

Lead forms allow users to fill out information directly within Meta, eliminating the need to navigate to external websites. This seamless experience reduces friction, making it easier for potential patients to engage with your ad and submit their information.

Meta offers different ways to optimize lead forms, shifting the focus from just getting more leads to getting the right leads:

• Rich Creative Forms: These work like Meta’s Instant Experience, providing additional content before showing the form. More context = better-informed leads.
• Conditional Logic: Using conditional logic allows you to ask custom questions based on previous answers. Asking the right follow-up questions helps qualify leads before they hit submit.

The key? Test and tweak. Try different structures, adjust questions, and experiment with creative elements to see what resonates with your audience.

For healthcare advertisers facing data restrictions, lead forms are a viable solution. They allow for data collection and lead generation within Meta’s ecosystem, bypassing the need for external data transmission and ensuring compliance with stricter advertising policies.

Embrace the Full Funnel

The goal of a full-funnel strategy is to qualify users and guide them through their patient journey with relevant messaging at every step, whether they’re just becoming aware of your services, considering their options, or ready to make a decision.

Full-funnel strategies keep a steady flow of potential leads by consistently engaging new people at the top of the funnel. This helps avoid audience fatigue and ensures scalability over time.

Despite the evolving data restrictions, a full-funnel strategy is still very much possible on Meta. It just looks a little different now. 

The added bonus? Running these campaigns on Meta can actually boost performance across other channels like paid search. Greater brand awareness and engagement on Meta can improve search conversions and overall digital performance.

In short, a full-funnel strategy on Meta offers a flexible, effective approach to patient acquisition, helping marketers navigate restrictions, drive engagement, and optimize conversions throughout the entire patient journey.

If you’re still not sure how to navigate Meta’s new data restrictions, watch our on-demand webinar or request a consultation here.

Let’s work together to develop a strategy that keeps your campaigns effective and compliant.

Note: This article has been updated to reflect the most current information as of February 5, 2025.