Your Google Analytics is probably leaking PHI. Here's how to fix it.
A field guide to safely instrumenting a behavioral health website without losing the data you need.
If your site has an assessment, an insurance verification form, or condition-specific landing pages, your default GA4 configuration is almost certainly sending protected health information to Google. Google does not sign a BAA for Analytics. That is a HIPAA problem.
Where the leaks happen
URL paths that contain the diagnosis or the patient's name. Form field values captured by enhanced measurement. Referrer strings from gated portals. User IDs that map back to a CRM record. Each of these, on its own, can constitute PHI when combined with the identifiers GA already collects.
A safer setup
Move tagging server-side. Strip query parameters, hash any identifier before it leaves your domain, and allowlist the events and parameters that are permitted to reach Google. Disable enhanced measurement features that capture form contents. Redact URL paths for sensitive routes at the tag layer, not in GA filters.
You keep the conversion data your marketing team needs. You stop shipping PHI to a vendor that will not stand behind you if it goes wrong.
Working through this in your own program?
Talk with our team