Your practice website logs patient IP addresses on every visit. SecurePHI replaces GA4 in five minutes — same traffic insights, zero PHI, BAA included.
Who It's For
Large hospital networks have full-time compliance teams and enterprise HIPAA agreements with every vendor. Independent and group practices don't — and standard analytics tools were never designed with them in mind. SecurePHI was.
Mental health websites carry the highest sensitivity. Patient search intent — depression, anxiety, trauma — is itself protected information. You need analytics built knowing that.
High appointment volume means more tracking exposure. Every campaign conversion tracked through GA4 is a potential audit finding. Replace it without losing the data.
Heavily advertised services and competitive markets mean you need real campaign data. SecurePHI gives you the insights without the compliance debt.
Operating in the grey zone between wellness and healthcare. HIPAA still applies to your website. Standard analytics tools still don't know that.
Not intended for:
If that describes your organization, we're not the right fit — and we'd rather tell you that upfront than oversell.
The Risk
Standard analytics tools weren't designed for healthcare. They were built for e-commerce. Running them on a patient-facing website creates compliance exposure your practice may not even know exists.
GA4 logs IP addresses and sets persistent cookies — two of HIPAA's 18 Safe Harbor identifiers. Running it on a patient-facing site is a compliance violation waiting to happen.
Turning off analytics entirely means you can't track which campaigns drive appointments. Most practices choose the risk over the blind spot. There's a third option.
HHS OCR issued guidance in 2022 specifically naming pixel tracking tools on patient-facing websites as a potential HIPAA violation. This is active enforcement territory — not a hypothetical.
Recent regulatory guidance: HHS OCR has increased scrutiny on the use of tracking technologies on patient-facing healthcare websites. Several practices have received corrective action plans specifically citing third-party analytics tools. This is not a hypothetical risk.
How It Works
SecurePHI's Ghost Script captures the analytics you need — page paths and referrers — and anonymizes everything at the server edge before a single byte reaches the database. No cookies. No patient identifiers. No compliance exposure.
The ghost script never reads or writes a cookie, touches localStorage, or accesses any browser storage API.
An HMAC-derived salt changes every UTC midnight. No two days' hashes can ever be linked to the same visitor.
IP + User-Agent + DailySalt → a 64-char hex digest. Mathematically irreversible. Raw identifiers are discarded before any write occurs.
A fire-and-forget sendBeacon call. Loads async, never blocks your page, never delays a patient trying to book an appointment.
The Anonymizer
Our core hashing logic is the only path between a visitor's identity and our analytics store. It is one-way, salted, and time-bound.
// anonymizer.ts — runs on the Vercel Edge before any DB write
Hash = SHA‑256(IP + UA + Daily_Salt)
IP Address
Extracted from x-forwarded-for
User-Agent
Extracted from request headers
DailySalt
HMAC-SHA256(SECRET, YYYY-MM-DD) — rotates every UTC midnight
The 64-char hex digest is the only identifier stored. Raw IP and User-Agent are immediately discarded — they never appear in any log, row, or trace.
HIPAA Safe Harbor — All 18 identifiers addressed
After You Install
Remove Google Analytics and replace it in under 5 minutes. Your marketing team sees the same data. Your compliance exposure disappears.
Add one script tag to your website. No developer required beyond copy-paste. Works with any CMS, website builder, or custom HTML.
<script src="…/tracker.js" data-site-id="YOUR-SITE-ID" async></script>Delete the GA snippet from your site. You immediately stop logging patient IP addresses, persistent cookies, and cross-session identifiers tied to health-related browsing.
Your marketing team still sees traffic, campaign sources, and referrer data. Same reports. Zero PHI in the database. Nothing to re-learn.
Audit Coverage
Regulators, insurance carriers, and EMR compliance audits increasingly ask practices to document their website tracking setup. SecurePHI gives you everything you need to answer that question confidently — before it's ever asked.
A countersigned BAA is delivered within 24 hours of signup — not buried in a sales process. Accessible directly from your dashboard, ready to produce for any auditor.
A plain-English document explaining how visitor data is anonymized — written for compliance officers and practice administrators, not engineers.
A formal written statement confirming that no protected health information is stored, transmitted, or accessible through SecurePHI at any point.
A completed mapping of all 18 HIPAA Safe Harbor identifiers showing exactly how each one is handled — or never collected in the first place.
BAA included on HIPAA Clinic, Growth, and Enterprise plans
Your Business Associate Agreement is available immediately after signup — no negotiation, no waiting for a sales call to return. It covers SecurePHI's role as a business associate in your HIPAA compliance program and is ready to produce for any auditor on demand.
Review our full compliance documentationDeployment
No npm install. No API keys in the browser. No developer sprint required. Our edge function handles anonymization, salt rotation, and compliance automatically.
Drop this into your <head> or before </body>. Loads async — zero render-blocking.
<!-- SecurePHI Analytics — HIPAA Safe Harbor -->
<script src="https://securephi.app/tracker.js"
data-site-id="YOUR-SITE-ID" async></script>Place this empty element anywhere on your page. Our script automatically injects the SecurePHI privacy badge into it.
<!-- renders the SecurePHI Trust Seal automatically -->
<div id="securephi-badge"></div>Common Questions
Is Google Analytics actually a HIPAA risk on my website?
Yes — and HHS has said so explicitly. In 2022, HHS OCR issued formal guidance identifying pixel tracking technologies on patient-facing websites as a potential HIPAA violation. Google Analytics logs IP addresses, sets persistent cookies, and can build cross-site visitor profiles. All three are HIPAA concerns when the visitors are patients or prospective patients researching health conditions.
Is switching analytics tools actually necessary for my practice?
That depends on your risk tolerance. Most practices won't face scrutiny until an audit, a breach notification, or a patient complaint triggers a review. At that point, having a documented, compliant tracking setup is the difference between a clean report and a finding. SecurePHI costs considerably less than the response to a single OCR inquiry — and it replaces a tool you're already paying for.
What if regulators disagree with your Safe Harbor interpretation?
SecurePHI's architecture doesn't depend on interpretation. Under HIPAA's Safe Harbor standard (45 CFR §164.514(b)), de-identified data is not PHI — period. We collect no IP addresses, no cookies, no persistent identifiers, and none of the 18 enumerated Safe Harbor identifiers. We also sign a BAA and maintain audit documentation. There's no grey area to argue about.
Do we have to remove Google Analytics, or can we run both?
You should remove Google Analytics from patient-facing pages. Running both defeats the purpose — GA would still be logging IP addresses and setting cookies regardless of what SecurePHI does. SecurePHI gives you equivalent traffic and campaign attribution data, so there's nothing to lose by making the switch complete.
SecurePHI replaces Google Analytics to protect your practice and document your tracking for compliance purposes — starting at $99/month.
This isn't a software subscription. It's a compliance expense — and it costs less than a single hour of healthcare attorney fees.
No cookies. No patient data stored. BAA included.
Built by a software engineer who kept asking why healthcare practices were forced to choose between marketing visibility and patient privacy.
Free Manual Review
Enter your email and website URL. A real human on our team will manually audit your current tracking setup and send you a plain-English HIPAA risk report — completely free, no strings attached.