Protect Patient Data With or Without GA4

Protect Patient Data With or Without GA4

GUIDE

This guide discusses the declaration made by the Office for Civil Rights regarding Protected Health Information (PHI), the appropriate use of Google Analytics for healthcare organizations, the risk of data breaches, and options to ensure HIPAA compliance while still utilizing web analytics.
Protecting Patient Data With or Without GA4: First Three Pages
With this guide, you will learn: 
  • Clarification on the new OCR declaration. The Office for Civil Rights (OCR) declared in December 2022 that basic information about a health system's public webpages combined with a user's IP address is now considered Protected Health Information (PHI). This declaration raises concerns within the healthcare marketing space, as it means that what was once considered benign first-party data is now forbidden.
  • The three elements of digital data that can be controlled in healthcare: individual demographic identifiers, health information, and the processing environment - services like Google Analytics or Acquia CDP that transform raw data into valuable information. 
  • Three options for healthcare organizations to ensure HIPAA compliance when using GA: using a web analytics provider who will sign a Business Associate Agreement (BAA), using an analytics proxy, or using a Customer Data Platform (CDP) with a provider who will sign a BAA.