Freshpaint
HomeLogin
  • Documentation
    • What is Freshpaint?
    • ⚕️HIPAA Mode
    • 🏗️Building Out Your Account
    • 🌐Overview of Features
    • Guides
      • 📡Add Autotrack to your website to collect data from your users
        • Installing the Freshpaint Javascript SDK
        • Installing the Freshpaint SDK with a Content Security Policy (CSP)
        • Installing the Freshpaint Javascript SDK with Server-Side Rendering (SSR) + React
        • Autocapture + React
        • Configuring a Destination
        • Labeling User Actions
        • How do I install Freshpaint with Typescript?
      • 🔁Send historical data to any destination with Time Machine
      • Next.js Quickstart Guide
      • Android Quickstart Guide
        • Installing the Freshpaint Android SDK
        • Configuring a Destination
        • Instrumenting Your App
      • iOS Quickstart Guide
        • Installing the Freshpaint iOS SDK
        • Configuring a Destination
        • Instrumenting Your App
      • React Native Quickstart Guide
        • Installing the Freshpaint React Native SDK
        • Configuring a Destination
        • Labeling User Actions
        • Configuring Property Capture
    • Setting up Properties
    • Setting up Your Destinations
      • Enabling and Disabling a Destination
      • Deleting a Destination
    • Setting up Your Events
    • User Identification
      • Designated Identify Properties
    • Maps
    • Analytics (Beta)
      • Web Analytics Dashboard
      • Campaigns
      • Service Lines
      • Data Glossary
    • Translations
    • Web Tracker Monitoring
      • Tracker Resolution Types
      • Historical Scans
  • Integrations
    • Destinations
      • Demand Side Platforms (DSPs)
        • Basis
          • Basis Quick Start Guide
          • Basis Reference
        • Google Campaign Manager 360
        • StackAdapt
          • StackAdapt Quick Start Guide
          • StackAdapt Reference
        • theTradeDesk
          • theTradeDesk Quick Start Guide
          • theTradeDesk Reference
          • theTradeDesk with CM360 Configuration Guide
        • Viant
          • Viant Quick Start Guide
          • Viant Reference
      • Direct Response Ads
        • Facebook Conversions API
          • Facebook Conversions API Quick Start Guide
          • Facebook Conversions API Reference
        • Google Ads Conversion API
          • Google Ads Conversion API Quick Start Guide
          • Google Ads Conversions API Reference
        • Google Ads
          • Google Ads Quick Start Guide
          • Google Ads Reference
        • LinkedIn Ads
          • LinkedIn Ads Quick Start Guide
          • LinkedIn Ads Reference
        • Microsoft Ads (formerly Bing Ads)
          • Microsoft Ads Quick Start Guide
          • Microsoft Ads Reference
          • Microsoft Ads Multi-Config Reference
        • Pinterest Ads (Beta)
          • Pinterest Ads Quick Start Guide
          • Pinterest Ads Reference
        • Pinterest Tag
        • Reddit Ads
          • Reddit Ads Quick Start Guide
          • Reddit Ads Reference
        • TikTok Ads
        • Twitter Ads
      • Data Activation
        • ActiveCampaign
          • ActiveCampaign Quick Start Guide
          • ActiveCampaign Reference
        • Amplitude
          • Amplitude Quick Start Guide
          • Amplitude Reference
        • Braze (formerly Appboy)
          • Braze Quick Start Guide
          • Braze Reference
        • Customer.io
          • Customer.io Quick Start Guide
          • Customer.io Reference
        • Freshsales
        • Google Analytics 4 Proxy
          • Google Analytics 4 Proxy Quick Start Guide
          • Google Analytics 4 Proxy Reference
          • Google Analytics 4 Proxy Advanced Tracking Configurations
        • Google Analytics 4 Server-Side
          • Google Analytics 4 Server-Side Quick Start Guide
          • Google Analytics 4 Server-Side Reference
        • Heap
        • Hotjar
        • HubSpot Cloud
        • HubSpot Web
        • impact.com
          • Impact.com Quick Start Guide
          • Impact.com Reference
        • Intercom
          • Intercom Quick Start Guide
          • Intercom Reference
        • Iterable
          • Iterable Quick Start Guide
          • Iterable Reference
        • June
        • Klaviyo
        • Mixpanel
          • Mixpanel Quick Start Guide
          • Mixpanel Reference
        • OneSignal
          • OneSignal Quick Start Guide
          • OneSignal Reference
        • Sendinblue
        • Sentry
        • Vero Cloud
        • Webengage
        • Webhooks
        • Woopra
        • Zendesk
      • Data Warehouses
        • Azure Warehouse Setup
        • BigQuery Warehouse Setup
        • Databricks Warehouse Setup
        • Postgres Warehouse Setup
        • Redshift Warehouse Setup
        • S3 Warehouse Setup
        • Snowflake Warehouse Setup
      • Consent Management
        • Osano
        • OneTrust
        • Custom Consent Manager
    • Sources
      • Web
        • Autotrack
        • Precision Tracking
      • CallRail
      • Invoca
      • Customer.io
      • Intercom
      • Mailchimp
      • React Native
      • SendGrid
      • Sendinblue
      • Server-Side
      • iOS
    • 🔷Google Tag Manager integration
      • Google Tag Manager migration
      • Quick Start Guide
    • 📺Freshpaint Video Platform
    • 🖼️Impression Pixel
  • Admin Panel
    • Event Library
      • Event Library Bulk Actions
      • Event Definition Filters
      • Event Tester
      • 🔁Time Machine
      • Visual Tagger
      • Advanced Options
        • Tag Manager
        • Disabling Target Text Capture
        • Cross Domain Tracking
    • Projects & Environments
    • Teams
      • Role-Based Access Control (RBAC)
    • Transformations
      • Standard Events
      • Modify Data
      • Modify User Data
      • SQL Transformations
    • 📈Destination Monitoring
    • 🔎Investigate: Testing and Debugging
      • Live View
      • Event Verification
  • Reference
    • Developer Docs
      • Freshpaint Web SDK Reference
      • Freshpaint Web SDK Options
      • Freshpaint React Native SDK Reference
      • Freshpaint iOS SDK Reference
      • Freshpaint Android SDK Reference
      • HTTP API
    • Frequently Asked Questions
      • How do I circumvent ad blockers?
      • Can Freshpaint track users across domains?
      • Can I install Freshpaint on a Chrome extension?
      • What properties are captured with my events?
      • How Do I Switchover From Segment?
      • How Do I Switch From Native Google Analytics to the Freshpaint Google Analytics Destination?
      • Where do I find my Environment ID?
      • Is Freshpaint GDPR & CCPA Compliant?
      • Can I use transformations to anonymize data for client-side destinations?
      • How do I QA or debug my data?
      • Why Do My Numbers Differ Across Different Tools?
      • Billing: How Does Freshpaint Determine MTUs?
      • Can I Use Freshpaint on Multiple Sites?
      • How Can I Export Data From Freshpaint?
      • How Does Freshpaint Identify Users?
      • How Many Events Should I Create?
      • What Should I Name My Events?
      • How do I track scroll depth?
      • What Data Does Freshpaint Collect?
        • Data Collected on Web
        • Data Collected on React Native
      • Does Freshpaint's Autotrack slow my site down?
      • Running Freshpaint with a Proxy
      • Should my Environment ID be treated as a sensitive key?
      • How Does Freshpaint Determine Session Count?
      • What is the difference between client-side and server-side connection mode?
      • What is a Proxy Integration?
      • Where can I view Freshpaint’s Status?
      • Does Freshpaint provide HIPAA audit logs?
      • Freshpaint Cookie Too Large
      • How does Freshpaint compare to server-side Google Tag Manager?
      • If a user re-installs my app, will Freshpaint generate a new device ID?
      • Why doesn't Freshpaint need a BAA before sending data to Google Ads and Facebook Ads?
      • What Implementation Services Does Freshpaint Offer?
      • Single Sign On (SSO) Setup
Powered by GitBook
On this page
  • What is PHI?
  • Enforced Allowlists
  • Project Allowlist
  • Destination Required Properties
  • Destination Recommended Properties
  • Destination Allowlist
  • Built-in Properties
  • Custom Properties
  • User & Group Properties
  • ID Masking
  • Server-side Destinations
  • Restricting PHI without HIPAA mode enabled

Was this helpful?

  1. Documentation

HIPAA Mode

Freshpaint provides several features to restrict and manage Protected Health Information (PHI) in your customer data.

PreviousWhat is Freshpaint?NextBuilding Out Your Account

Last updated 11 months ago

Was this helpful?

HIPAA mode is a feature that Freshpaint provides to give customers full control over what (PHI) is sent to their destinations. Freshpaint allows you to configure explicit lists of properties, called allowlists, for each of your destinations so you opt into what you send and how you send it.

What is PHI?

PHI is the combination of Personal Identifiable Information (PII) and health information. Examples of PII include:

  • Names

  • IP Addresses

  • Non-anonymized user IDs

  • Emails

Examples of health information include:

  • Diagnoses

  • Treatment information

  • Medical test results

  • Prescription information

Enforced Allowlists

The Enforced Allowlists feature allows you to send properties classified as PHI to your HIPAA-compliant destinations, and send only non-PHI properties to non-HIPAA compliant destinations. Freshpaint does this by allowing you to specify a list of properties that are known to not contain PHI. Whenever Freshpaint sees a property that is not in this allowlist, Freshpaint will remove the property before sending the event to non-HIPAA compliant destinations.

Project Allowlist

Navigate to the Project Allowlist page to specify which properties are not considered PHI for your Freshpaint Project.

Properties allowed at the Project level will be automatically applied to all Destination Allowlists.

Destination Required Properties

In addition to the Project Allowlist, each destination that supports server-side connection mode has its own allowlist.

In order for Freshpaint to be able to send data to the destination, you must allow each of the required properties. These settings will not affect any other destination.

For example, the Google Ads destination requires the $gclid and conversion_label properties. Without these properties, Google Ads will not be able to attribute conversions to your ad campaigns, so the destination will not be able to function.

Destination Recommended Properties

Certain destinations have additional functionality that is controlled by certain event properties. Freshpaint indicates these properties as "Recommended" and describes the functionality they enable.

For example, to enable the Conversions Report for Google Analytics 4, you would need to allow the conversion property.

Destination Allowlist

In addition to required and recommended properties, each destination that supports server-side connection mode has a full allowlist, similar to the Project Allowlist. You can use this advanced feature if you need to add properties to the destination's allowlist that are not covered by the Required or Recommended properties.

All of the Required and Recommended Properties that you have allowed will be shown on the Destination Allowlist.

Add properties to the destination's allowlist if they're known to be safe to send to that specific destination. For example you may add the Facebook Ad Click ID to the allowlist for Facebook Conversions API in order to track conversions from your ad campaigns.

Required Properties, Recommended Properties, and Destination Allowlists are available in the latest version of Freshpaint HIPAA Mode. Contact support@freshpaint.io to learn more.

Built-in Properties

Built-in Property Allowlisting is available in the latest version of Freshpaint HIPAA Mode. Contact support@freshpaint.io to learn more.

URL
UTM Term
Other Query Parameters
$current_url property
Notes

http://shoes.com/url-redacted-by-freshpaint

When URL is not on the allowlist, Freshpaint will still send the domain name to destinations, along with a fake path that indicates the real path was redacted.

http://shoes.com/the/best/shoe

The domain name and path are preserved but all query parameters are removed

http://shoes.com/the/best/shoe?utm_term=shoes

The page query parameter is removed.

http://shoes.com/the/best/shoe?page=2

Since Other Query Parameters are allowlisted, any query parameters that aren't UTM parameters are preserved, in this case, page=2. The utm_term query parameter is removed.

http://shoes.com/the/best/shoe?utm_term=shoes&page=2

The entire URL is allowed to be sent to the destination.

Custom Properties

User & Group Properties

ID Masking

Here's an example. Suppose you identified a user by their email address:

freshpaint.identify("some_distinct_id", {
  "email": "ada.lovelace@example.com",
  "browser": "Chrome"
});

Masking would send values like ada.lovelace@example.com in a hashed form, scrambled in such a way that a reader at the destination will be unable to determine the original value. This hashing is consistent for a given value. If ada.lovelace@example.com is hashed into iuUwhqIm1kEriZsVlu5TsGgX6/y5Pwfn, then you can count on it being that value every time in your destinations.

ID Masking is automatically performed on builtin user identifiers for non-HIPAA compliant destinations. To turn on ID Masking for additional properties, you must configure the allowlist for your destination. Add the property you want to allow, then check the Hashed? option.

Server-side Destinations

Freshpaint's HIPAA mode requires your destinations be configured with a server-side connection. If one of your destinations only supports a client-side connection, you will not be able to use them in HIPAA mode.

Restricting PHI without HIPAA mode enabled

You may want to send events to a non-HIPAA compliant destination without applying ID Masking or Allowlists. This might be the case when:

  • You want to send events to a non-HIPAA compliant destination that only supports Client-side connection mode, so you need to disable HIPAA mode to use the client-side destination.

Example: you want to send events to Hotjar, which only supports client-side connections.

  • You want to send events to a non-HIPAA compliant destination, and the destination needs the original user identifier, so you need to disable ID masking.

Example: you want to send events to your email marketing platform, and you need to preserve the user's email address.

To avoid sending PHI to a non-HIPAA compliant destination, you must restrict PII, health information, or both. Note that this restriction is scoped to all API calls made for a user. For example:

  • You attach PII (but not health information) to an anonymous user in a destination with a Freshpaint.identify() API call

  • Later on, you send a Freshpaint.track() API call containing health information (but not PII) to the same destination for this anonymous user

You're still sending PHI to the destination, since the destination has received both PII and health information for the same user, even though this information was received in different requests.

When determining whether a destination may collect PHI, it's important to understand exactly what metadata and properties a destination collects, and whether these metadata and properties contain PII or health information.

If you're unsure whether one of your destinations is collecting PHI, don't hesitate to reach out to support@freshpaint.io.

And of course, you should always consult with your legal team.

Freshpaint captures a number of properties automatically for each event, for example the URL of the page on which the event occurred. These are known collectively as . You can use the PHI Allowlist to specify which ones are known not to contain PHI.

Most of these built-in properties are documented under . Special attention should be paid to URL, UTM Parameters, and Other Query Parameters. Suppose an event occurs on http://shoes.com/the/best/shoe?utm_term=shoes&page=2. The following table illustrates the value of the $current_url property under different allowlist configurations.

Events may have additional custom properties beyond those automatically captured by Freshpaint, for example if you're using to add data layer properties to your events. You can use the PHI Allowlist to specify the custom properties that are known not to contain PHI.

There are separate allowlists for user properties, which are attached to calls, and for group properties, which are attached to calls.

ID Masking allows you to in Freshpaint without sending the identifier to non-HIPAA compliant destinations. Freshpaint does this by hashing the user identifier before sending events to non-HIPAA compliant destinations. This anonymizes the user identifier, while still associating events with a single identified user and preserving functionality like identity resolution.

Freshpaint uses the for ID masking

For example, the Freshpaint destination, when configured in client-side connection mode, collects IP addresses, Freshpaint event names, and page URLs (alongside other metadata). Because an IP address is PII, it's important to ensure the event names and page URLs collected by Bing Ads do not include health information.

⚕️
identify users
SHAKE3 hash algorithm
Bing Ads
Protected Health Information
Watch this video to learn how to use allowlists in Freshpaint
addEventProperties
freshpaint.identify
freshpaint.group
built-in properties
What Data Does Freshpaint Collect?
Navigating to the Project HIPAA Allowlist page
Some destinations offer Required Properties for you to add to the allowlist
$gclid and conversion_label are Required Properties for Google Ads
Some destinations offer Recommended Properties for you to add to the allowlist
To enable the Conversions Report in Google Analytics 4, allow the conversion property
Navigating to the Destination Allowlist
The Facebook Conversions API Destination Allowlist
Built-in and Custom Property Allowlist
Event, User, and Group Allowlists