HIPAA Compliance and Google Analytics
Don't stop using Google Analytics to build audiences, track behaviors, and measure results – make it HIPAA compliant instead and get a fresh start with GA.
Learn More Schedule a Demo
Questions and Answers
-
What is Google Analytics?
Google Analytics is a web tracking tool used by millions of businesses to analyze website traffic. It provides in-depth insights about visitor behavior, demographics, and website performance.
-
Is Google Analytics HIPAA Compliant?
Not out-of-the-box. According to Google themselves, "Customers who are subject to HIPAA must not use Google Analytics in any way that implicates Google’s access to, or collection of, PHI, and may only use Google Analytics on pages that are not HIPAA-covered."
-
Why isn't Google Analytics HIPAA compliant?
Because without proper configuration, websites with a Google Analytics tag disclose PHI to Google. Something as simple as a page title that contains a health condition could be considered a violation of HIPAA because that data can be paired with a user identifier.
-
Can Google Analytics be used in a HIPAA-Compliant Manner?
Yes, by filtering sensitive PHI from reaching Google's servers. This requires the configuration of a server side container and de-identification of potential PHI.
-
How long does it take to implement a compliant solution.
It depends on the complexity of your Google Analytics environment and the number of events you are tracking. However, compliance can be reached in as little as two weeks.
