Links

Tracker Resolution Types

The Web Tracker Monitoring UI allows you to choose different options to mark a tracker as resolved. This document describes your options for mitigating the risk presented by having a Web Tracker installed on your site.

Resolution 1: Sign a BAA

Many vendors will sign a Business Associate Agreement with you. If you are able to set up a BAA with the vendor, then their trackers no longer present a HIPAA risk on your site.

Resolution 2: Mark as Safe

If you decide to allow the tracker to remain on your site, you can select “Mark as Safe” in Freshpaint’s Web Tracker Manager. This will move the tracker to a “low risk” status, allowing you to focus on any remaining high risk items.
If a tracker is installed only on the Job Postings page and the About Us page, you may decide along with your compliance and legal teams that there is little risk of HIPAA violation. Freshpaint’s Web Tracker Report shows you which pages on your site have the tracker installed, and which ones do not.

Resolution 3: Uninstall the tracker

You may need to completely uninstall the tracker from your site. The removal process depends on how the tracker is installed:
  • If the tracker is set up via a tag manager such as Google Tag Manager, locate the tracker in the tag manager and remove it.
  • Otherwise, your IT team will need to remove the tracker. You can send them the Freshpaint Web Tracker Report along with the following note:
Please remove the tracker <tracker name> from our organization’s website(s). I’ve attached a report listing all of the pages that the tracker is installed on, which should help you find the tracker and make sure that it is completely removed from every page. This task is critical for maintaining our organization’s HIPAA compliance.

Resolution 4: Replace with Freshpaint

Freshpaint integrates with advertising platforms, analytics tools and other services. If you replace the third party tracking technology with Freshpaint, you can continue using your tools while maintaining HIPAA compliance.
If Google Analytics is found on your site, you can replace it with Freshpaint’s Google Analytics 4 Proxy integration.

Resolution 5: My organization owns this domain

Your site may be retrieving resources from or sending information to additional first-party domains. There is no risk of violating HIPAA if PHI is shared with these domains since they are owned by your organization.
If your organization’s homepage is freshhealth.co, there may be trackers on your site such as myfreshhealth.co or freshhealth-schedule.co. These domains belong to your organization, so there is no risk of violating HIPAA if PHI is shared with them.