LEARN HOW TO IMPLEMENT GA4 WITH HIPAA GUIDELINES IN MIND WITHOUT PUTTING YOUR PATIENTS’ DATA AT RISK
Healthcare providers face a challenge when using Google Analytics 4 because they must keep HIPAA guidelines in mind. GA4 is a powerful tool that can help providers keep track of website traffic, user behavior and marketing efforts. However, it can also collect personally identifiable information (PII) which is regulated by HIPAA.
HHS March 2024 Update
Customer Data Platforms (CDPs) as Alternatives
The Department of Health and Human Services (HHS) now recognizes CDPs as legitimate alternatives to web tracking technologies lacking BAAs. This opens the door to HIPAA-safe website analytics with solutions like our partner Freshpaint.
Unauthenticated Pages
Pages with health context, like conditions pages, can still risk HIPAA violations.
Consent Managers vs. HIPAA Authorization
Consent managers are not replacements for written HIPAA authorization and serve a different purpose.
IP Addresses
IP addresses alone don't constitute PHI (Protected Health Information).
Removing PHI After Capture
Simply removing PHI after capture is insufficient; capturing it itself presents a risk.
Cookie Consent is Not Enough
New guidelines state that cookie consent alone doesn't ensure compliance.
Schedule your free consultation
Learn How To:
Prevent PPI Collection
Data that could be recognized as PII should not be transmitted.
Minimize Sensitive Info
GA4 shouldn’t collect data revealing sensitive user information or identities.
Data Deletion
Utilize data deletion requests or the User Deletion API to remove data from Google’s servers.
Avoid Login Page Tracking
Don’t install tracking tools (including GA) on login-protected pages.
Scan my Site
Ask a Healthcare Lawyer: HIPPA Compliance for Healthcare Marketers
Since HHS issued guidance on online tracking technologies, healthcare organizations have faced uncertainty, leaving marketers, compliance and legal teams without clear directives. To address this, our partner Freshpaint, consulted Doriann Cain, a Partner at Faegre Drinker, who answered a wide range of questions addressing the issue in their blog post linked below.