Back to blog

Is your analytics project HIPAA-compliant? A complete checklist with 32 questions

Analytics Data privacy & security Healthcare

Written by

Published February 25, 2021 · Updated May 10, 2024

Is your analytics project HIPAA-compliant? A complete checklist with 32 questions

Webinar on-demand

A practical guide to digital analytics and advertising under HIPAA

Healthcare organizations want their services to be patient-centric and provide the best quality experience. To achieve this aim, they expand their marketing stacks, gather data and measure the performance of their websites and apps. Using analytics in healthcare doubtlessly brings benefits, as it allows organizations to apply the collected insights to improve their services and the patient experience.

But it also creates new challenges. Organizations must know the ins and outs of their digital ecosystem, especially if they operate in the US or deal with data of US residents.

This is because data gathered by analytics in many cases qualify as protected health information (PHI).

Data is considered PHI if:

  • It is created or received by a covered entity (such as a health care provider, public health authority, life insurer, etc.)
  • It relates to the health or condition, provision of health care and payment for it of an individual
  • It contains identifiers that can connect it to an individual who is its subject.

And if a healthcare entity processes American patients’ data, it is subject to the Health Insurance Portability and Accountability Act (HIPAA).

If you’re a healthcare organization that works with US patients, you already know that HIPAA is demanding. You also know that it establishes strict rules on gathering, processing and storing PHI. 

But do you know which areas you should evaluate when working with protected health information in your analytics ecosystem? Do you know what obligations you are under when working with de-identified, aggregated data?

Download the checklist, answer 32 questions and assess the compliance of your analytics setup. 


Evaluate the HIPAA compliance of your next analytics project

Evaluate the HIPAA compliance of your analytics stack 

This checklist is for you if you want to evaluate the HIPAA compliance of your current and future analytics setup. Staying in line with HIPAA gives you peace of mind. It also shows your patients that your organization is trustworthy and takes data privacy and security seriously.

Assess the HIPAA compliance of your analytics setup in these 7 key areas:

  • PHI/ePHI & backup storage
  • Hosting types
  • Business associate agreement (BAA)
  • Data encryption & transmission
  • Audit log & change log
  • 100% data control
  • Security review

Are you already using Google Analytics and want to evaluate it in the context of HIPAA? Read this blog post

3 benefits you get with this checklist

  • You save time on research. The checklist provides you with all the important information in one place. You can revisit the document whenever you need. 
  • You gain a better understanding of your obligations under HIPAA. This awareness can help you train your employees and avoid violations or fines. 
  • You know the dos and don’ts of implementing marketing tools and working with third-party vendors. Finally, you’ll adjust your analytics stack to improve the quality of your data while staying in line with obligations under HIPAA.

If you have any questions about how to use analytics and ensure HIPAA compliance, get in touch. We’ll be happy to give you a personalized demo of HIPAA-compliant analytics platform


Karolina Lubowicka

Senior Content Marketer and Social Media Specialist

An experienced copywriter who takes complex topics of data privacy & GDPR and makes them understandable for all. LinkedIn Profile

See more posts by this author

Core – a new plan for Piwik PRO Analytics Suite

Privacy-compliant analytics, built-in consent management and EU hosting. For free.

Sign up for free

Upcoming live webinar

June 27, 2024

Real-time dashboards in Piwik PRO: A hands-on use case

This summer, we’re introducing new real-time dashboards in Piwik PRO Analytics Suite, empowering our clients to make informed decisions in time-sensitive projects. Would you like to learn how to use them in your daily work? Join our webinar to see how our partner agency, Netlife, used real-time insights to streamline the registration process for a major national event, ensuring a smooth user experience and preventing system breakdowns. Stay for a Q&A session where our experts will address all your questions.

Sign up for this webinar