Written by Matt FielThe first step in assessing your company’s risk of non-compliance is figuring out which trackers are running on your website by running a website tracking audit.
One of the easiest ways to find them is to use a self-service vendor that tracks the use of technologies across the Internet. Some require paid plans, and the ones with free versions may have limitations. Here are the top three we recommend.
Unfortunately, these tools don’t always provide a real-time snapshot of your website. Thankfully, with a bit of elbow grease, you can find out which third-party trackers are running on your website with some applications you probably use daily.
Let’s get started.
Requirements
- Google Chrome [Download Here]
- A Spreadsheet Program
- Elbow Grease
Start with a Spreadsheet
A spreadsheet will keep your findings organized and ready to share with other team members. We recommend keeping track of the following:
- URL of the page
- Tracker Name
- Tracker Website
- Whether you have a business associate agreement with the tracker
- Whether the tracker may send PHI
- Additional Details
It should look something like this:
Find the Trackers
Finding all the trackers on your website can feel like a treasure expedition. It’s not just about one page…each page may have different trackers running. However, simple website implementations utilize one header file that consistently references all the trackers, so your mileage may vary.
To get the most accurate results, we recommend following the steps below for various pages on your website.
- Open Google Chrome
- Navigate to your website’s homepage
- Right-click in the middle of the page.
- In the menu that appears, select “inspect“.
- A new window will appear. These are your developer tools. In the new window, click the “sources” tab.
- On the left, a list will appear. This list contains all your website requests – some requests are to your website, while others could be from other sites. While many requests simply involve receiving web files that help your website function, some could send PHI to third-party trackers.
- Go through each item on the list…this is where you get to be a detective. Usually, your website is the first item on the list, so you can skip this.
- Document each item in the spreadsheet you created. If you’re unsure of what an item is, Google is your friend.
Simply search the URL of the item. For instance, if we wanted to know what cdn.jsdelivr.net does, we could put “cdn.jsdelivr.net” into a Google Search. Searching this shows us that it’s a common web framework.
![Google search for web tracking technology](/wp-content/uploads/2024/06/google-search-300x124.png")
Want to see what kind of data these your trackers are sending? Learn how in our guide “How to See if Third-Party Trackers are Sending PHI from Your Website” by clicking here.
What’s Next?
If you discover any trackers with which your organization doesn’t have a BAA, it’s important to take immediate action to avoid non-compliance fines. Penrod can help you out here.
Penrod’s HIPAA-compliant web tracking service ensures that your website won’t disclose protected data to third-party trackers.