Is your analytics project HIPAA-compliant? A complete checklist with 32 questions

, ,

Written by Karolina Lubowicka

Published February 25, 2021

Webinar on-demand

A practical guide to digital analytics and advertising under HIPAA

Healthcare organizations want their services to be patient-centric and provide the best quality experience. To achieve this aim, they expand their marketing stacks, gather data and measure the performance of their websites and apps. Using analytics in healthcare doubtlessly brings benefits, as it allows organizations to apply the collected insights to improve their services and the patient experience.

But it also creates new challenges. Organizations must know the ins and outs of their digital ecosystem, especially if they operate in the US or deal with data of US residents.

This is because data gathered by analytics in many cases qualify as protected health information (PHI).

Data is considered PHI if:

  • It is created or received by a covered entity (such as a health care provider, public health authority, life insurer, etc.)
  • It relates to the health or condition, provision of health care and payment for it of an individual
  • It contains identifiers that can connect it to an individual who is its subject.

And if a healthcare entity processes American patients’ data, it is subject to the Health Insurance Portability and Accountability Act (HIPAA).

If you’re a healthcare organization that works with US patients, you already know that HIPAA is demanding. You also know that it establishes strict rules on gathering, processing and storing PHI.

But do you know which areas you should evaluate when working with protected health information in your analytics ecosystem? Do you know what obligations you are under when working with de-identified, aggregated data?

Download the checklist, answer 32 questions and assess the compliance of your analytics setup.

e-book

Evaluate the HIPAA compliance of your next analytics project

Evaluate the HIPAA compliance of your analytics stack

This checklist is for you if you want to evaluate the HIPAA compliance of your current and future analytics setup. Staying in line with HIPAA gives you peace of mind. It also shows your patients that your organization is trustworthy and takes data privacy and security seriously.

Assess the HIPAA compliance of your analytics setup in these 7 key areas:

  • PHI/ePHI & backup storage
  • Hosting types
  • Business associate agreement (BAA)
  • Data encryption & transmission
  • Audit log & change log
  • 100% data control
  • Security review

Are you already using Google Analytics and want to evaluate it in the context of HIPAA? Read this blog post.

3 benefits you get with this checklist

  • You save time on research. The checklist provides you with all the important information in one place. You can revisit the document whenever you need.
  • You gain a better understanding of your obligations under HIPAA. This awareness can help you train your employees and avoid violations or fines.
  • You know the dos and don’ts of implementing marketing tools and working with third-party vendors. Finally, you’ll adjust your analytics stack to improve the quality of your data while staying in line with obligations under HIPAA.

If you have any questions about how to use analytics and ensure HIPAA compliance, get in touch. We’ll be happy to give you a personalized demo of HIPAA-compliant analytics platform