Back to blog

Is your analytics project HIPAA-compliant? A complete checklist with 32 questions

Analytics Data privacy & security Healthcare

Written by

Published February 25, 2021 · Updated March 1, 2021

Is your analytics project HIPAA-compliant? A complete checklist with 32 questions

Healthcare organizations want their services to be patient-centric and provide the best quality experience. To achieve this aim, they expand their marketing stacks, gather data and measure the performance of their websites and apps. Using analytics in healthcare doubtlessly brings benefits, but it also creates new challenges. Organizations must know the ins and outs of their digital ecosystem, especially if they operate in the US or deal with data of US residents.

This is because data gathered by analytics in many cases qualify as protected health information (PHI). And if a healthcare entity processes American patients’ data, it is subject to the Health Insurance Portability and Accountability Act (HIPAA).

If you’re a healthcare organization that works with US patients, you already know that HIPAA is demanding. You also know that it establishes strict rules on gathering, processing and storing PHI. 

But do you know which areas you should evaluate when working with protected health information in your analytics ecosystem? Do you know what obligations you are under when working with de-identified, aggregated data?

Download the checklist, answer 32 questions and assess the compliance of your analytics setup. 


Evaluate the HIPAA compliance of your next analytics project

Evaluate the HIPAA compliance of your analytics stack 

This checklist is for you if you want to evaluate the HIPAA compliance of your current and future analytics setup. Staying in line with HIPAA gives you peace of mind. It also shows your patients that your organization is trustworthy and takes data privacy and security seriously.

Assess the HIPAA compliance of your analytics setup in these 7 key areas:

  • PHI/ePHI & backup storage
  • Hosting types
  • Business associate agreement (BAA)
  • Data encryption & transmission
  • Audit log & change log
  • 100% data control
  • Security review

Are you already using Google Analytics and want to evaluate it in the context of HIPAA? Read this blog post

3 benefits you get with this checklist

  • You save time on research. The checklist provides you with all the important information in one place. You can revisit the document whenever you need. 
  • You gain a better understanding of your obligations under HIPAA. This awareness can help you train your employees and avoid violations or fines. 
  • You know the dos and don’ts of implementing marketing tools and working with third-party vendors. Finally, you’ll adjust your analytics stack to improve the quality of your data while staying in line with obligations under HIPAA.

If you have any questions about how to use analytics and ensure HIPAA compliance, get in touch. We’ll be happy to give you a personalized demo of HIPAA-compliant analytics platform


Joanna Kamińska

Content Marketer

Joanna is a curious marketer who specializes in email automation and copywriting. She’s fascinated by new ideas and believes every word should deliver value to the reader.

See more posts by this author

Core – a new plan for Piwik PRO Analytics Suite

Privacy-compliant analytics, built-in consent management and EU hosting. For free.

Sign up for free