netflix.com
HIPAA Website Scan Report
There are no results.
Analytics
Tools like Google Analytics may collect visitor data considered PHI under HIPAA, requiring a signed BAA to be compliant.
Google Analytics
Medium
Google Analytics tracks user behavior. Google will not sign a BAA for standard analytics use, this makes it a HIPAA risk.
Global Site Tag
Medium
Used to send tracking data to Google services, including Google Ads and Analytics, without HIPAA compliant controls.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Google Universal Analytics
High
Legacy Google analytics tool. It shares visitor data with Google and lacks HIPAA compliance support.
Trackers
Marketing trackers can capture user behavior tied to health interests, which may violate HIPAA without proper safeguards and agreements. This is typically high risk, since you can’t control what data is collected or shared—and patient consent is usually not obtained.
Facebook Pixel
High
Tracks website visitors and may result in unauthorized disclosure of PHI—specifically addressed in HHS guidance.
Facebook Conversion Tracking
High
Tracks user behavior after ad clicks. May share sensitive data with Meta.
Facebook Signal
High
Facebook content insights. If used on patient pages, could transmit visit behavior.
Hotjar
High
A web session recording tool that captures user activity, including form inputs which may expose Protected Health Information (PHI).
Facebook Domain Insights
High
Shows how users interact with your site. HIPAA implications depend on placement.
Forms
Website forms collect sensitive information like names, symptoms, or contact details—making them high risk if PHI is submitted without a Business Associate Agreement or proper security.
Klaviyo
High
Email marketing platform that tracks user behavior. No Business Associate Agreement (BAA) offered, HIPAA data should not be sent.
MailChimp
High
Marketing tool that collects user data and behaviors. Will not sign a Business Associate Agreement and cannot be used with PHI.