HIPAA Online Tracking Gap Assessment
Is your website, patient portal, or mobile app compliant with the HHS OCR guidance on online tracking technologies? Find out in 60 seconds.
Compliance Score
HIPAA OCR
72%
ASSESSED
Privacy Rule
PHI Tracking Controls
Security Rule
Technical Safeguards
PHI EXPOSURE
Tracker on Portal
Meta Pixel on /patient-login
TRACKERS
23
Third-party tags
What type of HIPAA-regulated entity are you?
Covered Entity
Healthcare provider, hospital, clinic, health plan — directly regulated under HIPAA
Business Associate
EHR vendor, billing service, cloud hosting, analytics provider, telehealth platform serving covered entities
What healthcare vertical are you in?
🏥 Hospitals & Health Systems
🧒 Urgent Care
🦷 DSO & Dental
🦴 Orthopedics
💊 Specialty Providers
📱 Telehealth / Digital Health
🏦 Health Plans / Payers
💊 Pharma & Med Devices
Digital properties you operate (select all that apply)
🌐 Website(s)
Public-facing marketing sites, provider directories, service pages
🔒 Authenticated Portal(s)
Patient portals, member dashboards, telehealth logins
📱 Mobile App(s)
iOS + Android each count as separate assets
iOS+Android=2
Common: Firebase, Mixpanel, AppsFlyer, Crashlytics, Braze, OneSignal. Avg healthcare app: 15–30 SDKs.
⚠️ All digital properties operated by or on behalf of a HIPAA covered entity or business associate are subject to HIPAA Rules when tracking technologies have access to PHI.
0%
0 of 0
✓ 0✕ 0? 0