HIPAA-Compliant Digital Marketing Tools

by Reilly Phelps   |   May 29, 2024   |   Clock Icon 5 min read
Since GA4 is not HIPAA-compliant, healthcare marketers need other options to analyze data. Learn about other marketing tools that meet HIPAA’s privacy rules.
Abstract geometrical shapes in shades of teal, purple, and salmon with a grainy overlay.

In October 2020, Google announced the launch of Google Analytics 4, a new measurement platform to replace Universal Analytics. The purpose of launching GA4 was to enhance visibility into user behavior by creating an event-based tracking platform. When GA4 was officially implemented in July 2023, worries began to surface in the healthcare industry about whether the new platform meets HIPAA compliance requirements and how data collection will work moving forward.

In this post, we will provide a rundown of GA4 and HIPAA and give suggestions for alternative healthcare marketing tools to use if you can’t use GA4 due to privacy concerns.

What is GA4?

Google Analytics 4, commonly referred to as GA4, is Google’s analytics service that allows you to track traffic and engagement across your website. From seeing real-time user data to running custom reports, GA4 is a great way to gain meaningful insights from your website. But what if your healthcare practice can’t use it because of privacy concerns?

Google Analytics and HIPAA

Regarding private data within GA4, Google stated that they “make no representations that Google Analytics satisfies HIPAA requirements and does not offer Business Associate Agreements in connection with this service”.

However, Google Analytics policies state that no personally identifiable information (PII) can be passed to Google, so there are some rules in place. However, there are still risks that violate HIPAA rules and therefore you may not be able to use it for your healthcare business.

As a result of the lack of privacy conditions, more and more healthcare organizations are turning off their GA4 tracking and looking for alternative

Alternative Healthcare Digital Marketing Tools

Don’t lose hope! You can still get meaningful data from your website and ads without GA4. Here are some of our recommendations for alternative healthcare marketing tools:

Google Search Console

Google’s other analytics tool, Google Search Console, is HIPAA compliant since it only collects data from search results. For example, it can report on impressions, clicks, and what pages people click on. There is no risk of any PII data coming through this platform, as all user activity is within search results. You can also get a sense of how competitive the SERP landscape is by assessing the clicks and impressions.

Google Search Console can also provide specific page information, such as if it is unable to appear in search results or if there are any errors. This platform is a great healthcare marketing tool to start with after shutting down GA4.

Google Business Profile

Similar to Google Search Console, Google Business Profile only collects data from search results, so no PII is collected.

An example of a healthcare practice's Google Business Profile.
Here is an example of a healthcare practice’s Google Business Profile.

Google Business Profile allows you to see direction requests, phone call clicks, and website clicks for each listing you have set up. One note: you can’t see the phone number they are calling from or where they are requesting directions from, which is why it doesn’t violate PII rules. This is a great way to get regional visibility without getting PII.

Google Ads

If you run online ads, you can still collect some data from Google Ads. This includes impressions, clicks, total cost, ad extension calls, and direction clicks. You can also break those down for each campaign to identify where improvements can be made.

With Google Ads, you can also get keyword data to see what queries are receiving the most impressions and clicks.


If your practice receives a lot of calls and form submissions that you want to attribute back to the source, CallRail offers a HIPAA-compliant call tracking option. They will sign a Business Associate Agreement (BAA) with every client and offer various privacy options to keep patients’ PII safe.

CallRail allows you to add tracking to calls and forms, and you can still use their transcription service while following HIPAA guidelines, as seen below:

An example of CallRail's HIPAA-compliant transcription service.
This image from CallRail shows their HIPAA-compliant transcription service. Source: CallRail

HIPAA-Compliant Analytics Tool

If you are searching for more of a replacement for Google Analytics 4, Freshpaint may be a good solution for you. It replaces unsafe tracking technologies with a BAA-protected platform and blocks any data from non-HIPAA-compliant tools. You can still track visitors’ journeys without the risk of collecting identifiable information.

An example of Freshpaint's HIPAA-compliant user journey tracking.
Freshpaint offers user journey information while making sure all data is anonymous. Source: Freshpaint

Protect Patient Information while Gaining Meaningful Insights

Overall, it is important to be careful with each platform you use to analyze any user data, regardless if it is related to digital marketing. The HIPAA Privacy Rule aims to protect health information while still providing high-quality healthcare.

A digital marketing agency can help you with digital marketing tools that provide helpful insights and follow HIPAA guidelines. Contact us today to get started.

Portrait of Reilly Phelps

Reilly Phelps

Reilly joined Workshop Digital in January 2022 after working in marketing for a few companies, ranging from childcare to recruiting. She graduated from James Madison University in June of 2022 with a degree in Marketing concentrating in Digital Marketing, and a minor in Communication Studies. The various organizations at JMU sparked her love of digital marketing, specifically in the organic field.

From small businesses to international corporations, Reilly has had the opportunity to work with a variety of clients across multiple industries. She enjoys putting together strategies and analyzing performance to find the right steps forward. When she isn't working, you can find her spending time with her corgi Maisie, listening to Taylor Swift, or reading.