HHS Redefined PHI

Recent HHS guidelines limit moved the goalposts on PHI for regulated entities using tracking technology from Google, Facebook, and others.

Download the ebook to learn:

🏥 What is PHI now?
📈 How tracking technologies work (and why they violate HIPAA)
✍️ Why a BAA alone isn't enough to protect you
🗣 How to make Google and ad platforms HIPAA-compliant

Get the Ebook

TRUSTED BY HEALTHCARE

Google & Facebook are not HIPAA-compliant.
But they can be

December's guidance from HHS on tracking technologies was a gut punch to marketers at healthcare providers. Suddenly, tools like Google Analytics, Google Ads, and Facebook Ads are not okay to use because they risk leaking PHI.

That’s where Freshpaint comes in. We replace the non-compliant Google and Facebook tracking technologies with a behavioral tracking platform that keeps you HIPAA-compliant by default.

Freshpaint Makes Google & Facebook Tools
HIPAA-Compliant

Freshpaint replaces your existing tracking technologies that could run the risk of HIPAA violations. Since Freshpaint signs a BAA all visitor and user behavioral data can be collected from your website and stored safely using Freshpaint instead of Google’s and Facebook's tracking technologies.

In order to ensure a safe connection between tools like Google Analytics, Google Ads, and Facebook, Freshpaint loads all the data server side. To eliminate human error and ensure that PHI is never shared with Google Analytics – especially things like appointment date, IP address, and zip code that live in the metadata – the default setting is that Freshpaint doesn’t share any data.

Enter your email to connect with an expert:

Automatically Apply De-Identification


For a tool like Google Analytics where it’s not safe to send health data AND personal identifiers, Freshpaint removes the identifiers that HIPAA considers as personally identifiable information and assigns a new identifier that can never reveal the identity of the individual. 

Now Freshpaint can send anonymous user actions to Google Analytics without the identifiers. This is how you use Google Analytics in a HIPAA compliant way.

Allowlists Reduce Your Security Footprint

Allowlists are safer because the default is nothing is happening–no data is being sent to destinations. Allowlists aren’t just on the integration level, they are on the event, user, and group level. By reducing the overall flow of PHI across your tech stack you are dramatically reducing your security footprint.

Free Ebook: Ultimate Guide to PHI

Enter your email to download the free ebook👇

A BAA that's not BS


Since Freshpaint signs a BAA all visitor and user behavioral data can be collected from your website and stored safely using Freshpaint instead of Google’s and Facebook's tracking technologies.

In order to ensure a safe connection between tools like Google Analytics, Google Ads, and Facebook - Freshpaint loads all the data server side.

To eliminate human error and ensure that PHI is never shared with non-compliant tools- especially things like appointment date, IP address, and zip code that live in the metadata - the default setting is that Freshpaint doesn’t share any data.

Enter your email to connect with an expert:

A HIPAA Compliant Customer Data Stack Doesn't Have To Be Hard

HIPAA compliance is hard. Freshpaint makes it easier by allowing us to decide where we want to send PHI. But the magic is for destinations where we don’t want to send PHI we can can still track user behavior without revealing who that user is.

Scotty Abramson
Director of Growth, Two Chairs