Analytics
Tools like Google Analytics may collect visitor data considered PHI under HIPAA, requiring a signed BAA to be compliant.
Global Site Tag
Used to send tracking data to Google services, including Google Ads and Analytics, without HIPAA-compliant controls.
Google Analytics
Google Analytics tracks user behavior. Google will not sign a BAA for standard analytics use—this makes it a HIPAA risk.
Trackers
Marketing trackers can capture user behavior tied to health interests, which may violate HIPAA without proper safeguards and agreements. This is typically high risk, since you can’t control what data is collected or shared—and patient consent is usually not obtained.
This Is a Title
Risk
Edit this paragraph to add any content you would iike to share about your company or service.
Forms
Website forms collect sensitive information like names, symptoms, or contact details—making them high risk if PHI is submitted without a Business Associate Agreement or proper security.
This Is a Title
Risk
Edit this paragraph to add any content you would iike to share about your company or service.