Google Analytics is an industry-standard in website analytics. Its widespread use stems from its ability to track visitor behavior, identify conversions, and measure website performance. Like many healthcare companies, our client’s marketing strategies were founded on insights gathered from Google Analytics.
The healthcare industry was shocked by the OCR bulletin in late 2022. The OCR's directive was clear: PHI could not be sent to third-party trackers without a signed Business Associate Agreement (BAA).
The obvious fix would be to sign a BAA with Google Analytics. However, Google's policies clarify that although they will sign a BAA for Google Cloud Platform (GCP), they will not sign a BAA for Google Analytics – and have no interest in storing PHI in GA. Our client needed a different solution if they were to keep Google Analytics.
Complying with the OCR's strict guidelines around the use of Google Analytics
Penrod's HIPAA-compliant tracking solution and Salesforce Data Cloud
OCR compliance and unified visitor profiles
The dilemma hinged on differing perspectives from legal and marketing. The legal team aimed to minimize compliance risks, whereas the marketing team insisted that eliminating Google Analytics would undermine a crucial component of their digital strategy.
Penrod sought to balance risk with the marketing team’s reliance on Google Analytics for behavior analysis, experience enhancement, and results measurement. Penrod's solution contains three key components: a secure server-side container for data processing, a data redaction engine – and a customer data platform (CDP) based on the OCR’s recent statements recommending CDPs for compliance.
First, our client needed a secure environment to process, redact, and control PHI. Penrod leveraged Amazon Web Services (AWS) based on two key criteria: AWS signs BAAs, and it seamlessly integrates with Google Tag Manager.
Penrod's HIPAA-compliant web tracking solution uses a redaction engine based on opt-in logic. By default, the system prevents the transmission of PHI to Google Analytics and anonymizes identifiers like IP addresses or device IDs using a secure hashing algorithm.
Additionally, the solution can redact any default or custom parameter, giving our client complete control over its website visitors’ privacy.
Our client's marketing team was concerned that the OCR bulletin would hinder their ability to track campaign performance with historical data. Penrod alleviated these concerns by integrating Salesforce Data Cloud, a cutting-edge customer data platform (CDP) that could store every data point they needed.
Unified Web Visitor Profiles
After signing a BAA with Data Cloud, our client could send un-redacted visitor data into the platform. As a result, all visitor information is now stored in a HIPAA-compliant CDP – and is ready for deep analysis. Utilizing a universal identifier, hashed data in Google Analytics can be re-identified within the CDP.
Salesforce Data Cloud will empower our client to create robust unified profiles by ingesting data from other systems, including EHRs, ERPs, and marketing automation platforms.
Friendly Configuration Interface
Data Cloud functions as a configuration engine for the opt-in redaction system. With an intuitive user interface, our client’s users can easily choose which parameters are safe for Google Analytics and which should be redacted, hashed, or removed. This approach ensures the solution remains adaptable to any future updates or guidelines issued by the OCR regarding third-party trackers.
Every vendor with PHI-access has a signed BAA
PHI is de-identified from website visitors
Google Analytics only receives de-identified data