Gating Mechanisms for HCP Digital Assets

Designed in collaboration with Health Canada.

In the recent years, it has come to the attention of PAAB and Health Canada, that there has been variance in the application of "sufficient barrier" when it comes to limiting healthcare professional advertising from being accessible by consumers. Considering this, PAAB has worked with Health Canada to generate guidance on the creation and implementation of gating mechanisms which would qualify as presenting a sufficient barrier between the general public and healthcare professional advertising.

The gating requirements have not changed. This guidance clarifies the existing Health Canada requirements and provides insight into how those requirements can be met. In fact, a new option is outlined to further assist advertisers in meeting gating requirements. The new option is modeled after the gating methodology that is currently predominantly used across this industry. However, as the option addresses areas in which current gates fail to meet requirements, some gates will need to be fortified. It is understood that this will take time. Until January 2024, insufficiently robust gating mechanism noted through our monitoring activities will simply trigger a courtesy email informing the manufacturer of the gating deficiencies and providing potential solutions where applicable.  

Where relevant during preclearance reviews, the PAAB will continue to remind advertisers that an effective gating mechanism will be required.

PAAB will not provide "approvals" for gates, however we can assess if the approach and guardrails proposed by the company would appear to be sufficient in the context of a formal opinion submission. 

This table outlines two options that we feel are likely to be selected. Additional options and context are provided in the attached PDF (see below). Additional questions can be submitted in the PAAB Forum thread below. 

HISTORIC OPTION (CONTINUES TO BE AN OPTION):
The primary licence-based HCP gating option has historically been to check that the licence field entry is an exact match for the HCP user based on the name field entry.    

NEW OPTION: 
Cross-checking licence field entry with the format expected for the HCP type in that province. Includes essential guardrails designed to render the gate sufficiently robust.
Collect:
  • HCP Name
  • Licence

Cross-check via database that the entered licence matches the licence corresponding to the entered name. The cross-check therefore occurs on the level of the user's identity. 


The user is permitted entry into the website only if the entered licence number matches the entered name.

 Collect:
  • Province (e.g., dropdown field)
  • Health Profession type (e.g., dropdown field)
  • Licence (e.g., open alphanumeric field)

Cross-check that the entered licence format matches the format expected based on the combination of HCP-type and province entries.

The user successfully enters the site only if BOTH are TRUE:

  • The format of the licence field entry matches the format expected for the combination of selected HCP-type and province, i.e., correct length + correct composition (when the licence includes one or more letter(s), their position should also be considered).
  • The entered licence is not unrealistic (e.g., 00000, 00001, 99999, -3261). See Guardrail 3 below.

HCP status is confirmed through abstraction by comparing the expected licence format to the entered licence format. As the user's identity is not confirmed, additional gardrails must be in place to ensure that this gating mechanism is executed in a sufficiently robust manner.  

This mechanism is likely acceptable if guardrails 1 through 4 are always implemented, and guardrail 5 is implemented where needed based on stress-testing.

Guardrail 1: No cues or hints!!
No cues/hints are provided regarding the expected format for the licence entry. 

E.g.: a licence example must not be provided (as this would provide a hint about the required format)

E.g.: When an incorrect entry is made, no guidance is provided to cue appropriate format (e.g., returning an error state that reads "Licence number must be 6 digits").


Guardrail 2: Don't format the field in a manner that makes it harder to guess incorrectly!!
The licence field accepts any combination (of many possible lengths) of alphanumeric keys. Users must be provided all opportunities to unknowingly deviate from the expected format.  

E.g.: The field must not be locked to allow a maximum of 6 digits if the expected licence format is a 6-digit number.


Guardrail 3: Unrealistic patterns = wrong!!
Entries that match the expected licence length and composition for the entered HCP-type and province pairing (e.g., 5 numeric keys), fail entry if they are unrealistic. For example, entries like 00000, 00001, 12345, 99999, and so on, should not result in successful gate crossing unless these are actual licence numbers.


Guardrail 4: Test your gating creation!!
Health Canada is more concerned with gating effectiveness than the selected gating methodology. It is therefore advisable to test the gate robustness. This can be done by ensuring that random licence field entries are much more likely to result in blocked access to the post-gate website content.

Guardrail 5: Based on testing, consider the need to narrow the range of access-resulting licence field entries.
If random licence field entries frequently result in website access, the gate is strengthened by further narrowing the range of access-resulting licence field entries. For example, this can be accomplished by disqualifying website access for licence field entries that are much lower and/or higher than expected for currently living or practicing members of a given HCP-type + province pairing. This goes beyond disqualification of individual unrealistic numbers/patterns in Guardrail 3. Guardrail 5 likely won't be needed for the vast majority of HCP-type + province pairs. However, it is an important approach to consider whenever the gate is readily traversed with random licence field entries.  

Some licensing bodies provide the entire updated set of active licence numbers on a spreadsheet that is downloadable from their website.  Others will provide a spreadsheet of active licence numbers on request, particularly if individually identifying information (such as names, addresses…) can be excluded.  

Refer to the Guidance on Gating Mechanisms for HCP Targeted Digital Assets for more information about these and other gating mechanisms.

Code Application
https://forum.paab.ca/category/212/hcp-gating

TOPICS

 View in Full Forum

PAAB Q&A

Do you have questions? We have answers!

Learn More

POPULAR TOPICS

Powered by Innovasium