HIPPA Compliant Website Tracking

Tuesday, 07 May 2024

Google corners the online search market and online search tracking with Google Analytics, their software that tracks website visitor data. They are the leading players driving web traffic, so it makes sense that they figured out innovative ways to track their success. However, these analytics have recently been put under fire by the healthcare industry, as it's shown that the basic analytics themselves are not 100% HIPPA compliant. Why and should we be concerned?

First, to put it in perspective, here is how it works. Visitors to a website and their IP (Internet Protocol) address are captured. This is a unique number assigned to every device on the internet. While it's just a number, it is an identifier used to track where someone goes online, what they look at, and even for how long. This is a good thing from a marketing, sales, and business perspective. It enables organizations to tailor their online presence and pages to what makes the most sense for their market.

However, from a HIPPA compliance perspective, this could be better. While the IP address is just a number, the moment one takes an action such as filling out a form or submitting an inquiry, we've got clarity on identity. For example, say that a web visitor reviews multiple pages on a healthcare provider's website about giving birth to twins. They learn about the potential complications, read the physician's biography, who handles multiple births, and use the online form to schedule an appointment with this doctor. From a tracking perspective, we can now connect this IP address with a real person and know that she is likely pregnant with twins.

This "Healthcare Protected Information," or HPI, may or may not be something that she cares if anyone knows. However, she did not offer expressed permission for this information to be available or revealed to any parties. When you think about all of the illnesses, conditions, and needs that individuals may have, it is certainly understandable why it's essential and correct to protect one's privacy.

With this understanding, the fact that the standard application of Google Analytics website tracking is not HIPPA compliant is not a healthcare crisis. And it is certainly not a reason to build a new site or completely abort the current marketing and sales methodology. You have many options!

First, Google offers methods that can be utilized to keep their analytics tracking rolling while being 100% compliant. Your web developers can work with you and Google to make this happen. However, the feature is easy to uninstall if you don't want to continue using Google Analytics. Also, many alternatives will allow you to track visitor data and meet all compliance requirements. Here are a few:

Matomo: Matomo (formerly Piwik) is an open-source analytics platform that can be self-hosted, giving organizations complete control over their data. It offers features similar to Google Analytics and can be configured to comply with HIPAA regulations.

Adobe Analytics: Adobe Analytics offers robust tracking and analysis capabilities and can be configured to meet HIPAA requirements. Adobe provides tools for data governance and security to ensure compliance.

Mixpanel: Mixpanel is a user analytics platform that provides event tracking and segmentation capabilities. It offers enterprise-grade security features and may be suitable for HIPAA-compliant implementations with proper configuration and contractual agreements.

Snowplow Analytics: Snowplow is an open-source event analytics platform that allows organizations to collect and analyze event data across multiple platforms. It can be deployed on-premises or in the cloud, providing flexibility and control over data processing and storage, which can facilitate HIPAA compliance.

Heap Analytics: Heap Analytics offers an alternative approach to analytics by automatically capturing and organizing user interactions on websites and mobile apps. While Heap does not explicitly claim HIPAA compliance, it provides data governance and security features that may support compliance efforts with proper configuration.

Organizations should consider updating their methods when tracking and analyzing data in a healthcare context while adhering to HIPAA regulations. Thankfully, there are many ways to make this happen. It is possible to be compliant while not losing the pulse of your market and the valuable data needed to make sound marketing and sales decisions. Wise web partners can work with you to find ideal, HIPPA-compliant solutions to suit your needs.