Is your site leaking PHI? Find out in 60 seconds.

Run the free HIPAA analytics self-audit below to see where your site stands against the safeguards a compliant setup requires.

HIPAA Analytics Self-Audit
Answer honestly. Nothing is sent anywhere.
Not started
0 / 8

You have a signed BAA with your analytics provider.

PHI is stripped from URLs, page titles, and form fields before storage.

All analytics data is stored on US-based infrastructure.

IP addresses are anonymized or hashed, never stored raw.

Visitors have a clear consent mechanism for analytics.

Granular access logs and audit trails are available.

You can export or permanently delete your data on request.

Session recordings automatically mask sensitive inputs.

Answer the questions to see your result

Each item is a HIPAA best practice for website analytics. The more you can honestly check "Yes," the lower your exposure.

Get a full audit

What HIPAA-compliant analytics requires

The six areas every compliant measurement setup has to cover.

01

What counts as PHI online

The 18 identifiers and the everyday ways they leak into analytics data.

02

Why Google Analytics is not compliant

What "no BAA" really means and the risk it creates for your practice.

03

The Business Associate Agreement

What a BAA covers, who needs one, and what to look for before signing.

04

Technical safeguards

Encryption, 100% US-hosted infrastructure, PHI redaction, and access controls.

05

Consent & patient rights

Consent mechanisms, data export, and the right to deletion.

06

Your ongoing audit checklist

A repeatable checklist to keep every property compliant over time.

Your audit questions, answered

Is the self-audit a real compliance assessment?
It is a quick directional self-check based on HIPAA best practices for analytics, a great first read on your exposure. For a formal review of your specific setup, book a full audit with our team.
Do you store my answers?
No. The audit runs entirely in your browser. Nothing is transmitted or saved.
What does a full audit include?
Our team reviews your live tags, data flows, and storage against HIPAA requirements, then delivers a prioritized remediation plan, and a signed BAA if you move forward.

Turn your audit into action.

Book a full HIPAA analytics audit with our compliance team, and get a signed BAA on day one.