Are your Analytics HIPAA Compliant? A look at Google Analytics 4(GA4)

A look at Google Analytics(GA4)

By Marc Heffner

The HHS advisory for December 2022 made it plain that the tracking technologies that power web analytics products like Google Analytics put your healthcare institution at danger of violating HIPAA.

Your website’s trackers automatically collect HIPAA identifiers such as IP addresses and device IDs. They also gather data that includes health information, such as website URLs and button text. Protected Health Information (PHI) is defined as the combination of these two components. Sharing them with a non-HIPAA-compliant tool is when the difficulties begin.

Google states, “Google Analytics is a measurement solution that can be used to obtain business insights about traffic on your websites and apps. It is important to ensure that your implementation of Google Analytics and the data collected about visitors to your properties satisfies all applicable legal requirements.”

This means you as a practice owner are responsible to make sure your trackers are HIPAA compliant not Google. Basically, you should not be using GA4 for analytics, which is different from all other businesses outside of healthcare. Again, Google says,” Customers must refrain from using Google Analytics in any way that may create obligations under HIPAA for Google.”

If you want to use GA4 you need to do the following:

  • Ensure no data is sent to Google that Google could identify as personally identifiable information (PII)
  • Google Analytics data cannot reveal or identify a user’s sensitive information, including IP addresses.
  • If you find you are collecting sensitive data through GA4 you can request to delete data from the analytics servers, but you need to schedule that request with Google.

When it comes to HIPAA compliance, Google is not your friend. Dental and medical organizations must make sure there are no attributions with patient data and perform any analytics. This means to do any analytics practices need to deploy new HIPAA compliant strategies and programs.

What we do

About us

Marc Heffner is the founding partner of DSO Marketing Xcelerator TM and is a Fractional CMO in the DSO vertical.  Through developing strong marketing teams and introducing new technology platforms needed to achieve ambitious goals, Marc creates growth opportunities for private equity firms working in the healthcare space and self-funded growing practices willing to invest in their future. 

  • 25+ Years of Experience
  • Over $1 Billion in Revenue
  • Fortune 500 Experience