A new directive by the Office of Civil Rights (OCR) puts direct onus on a covered entity under HIPAA to take measures to protect PHI from getting shared with third-party analytics and marketing platforms by way of on-line tracking codes commonly added to healthcare websites.

We created a solution in Google Tag Manager for a covered entity under HIPAA that utilized a server side setup of Google Tag manager (GTM) to route all protected health information (PHI) from being distributed to third-party platforms, such as Google & Meta. The solution also allowed us to anonymize Personally Identifiable Information (PII), such as IP address, but still retain city-specific information that was needed for marketing purposes.

This clean solution led to tracking clean data in Google Ads platform, Facebook as well as in Google Analytics 4, while staying compliant with the new directive by the OCR.

Horizontal Capabilities:

• Google Tag Manager (server-side)
• Google Analytics 4
• Google Cloud Platform Setup & Mangement
• Google Ads platform
• Meta Business Suite