Piwik PRO is an advanced, privacy-focused web analytics platform. Designed as an alternative to platforms like Google Analytics, it offers in-depth insights into website traffic while ensuring user data privacy. Prioritizing data ownership and GDPR compliance, Piwik PRO provides both on-premises and cloud hosting options. It caters to businesses wanting granular data without compromising user trust or regulatory requirements.
Significant features:
Third party integrations: Piwik PRO supports many integrations with other CMS, data visualization and data storage tools, and marketing platforms like Google Ads.
Piwik PRO is a first-party data platform that uses a similar framework to Universal Analytics. The biggest difference between Piwik PRO & other analytics platforms is the data ownership. This means that the owner of the website always retains ownership of the data, which is fairly uncommon in similar products. What the platform collects is entirely dependent on the tool’s setup, but the following are almost always collected:
Every organization’s definition of HIPAA-compliance is dependent on their legal team’s interpretation of the guidelines set by the U.S. Department of Health and Human Services. That being said, Piwik PRO falls pretty low on the risk scale because they offer self-storage and are willing to enter into a Business Associate Agreement (BAAs).
Piwik PRO is a data-forward, privacy-focused product, whose risk mitigation options go beyond entering into a BAA. That being said, it is a good idea to ensure you have the following in place in order to catch some common missteps:
It’s always important to connect with your legal team to determine how best to move forward. Listen to our HIPAA & FTC 101 podcast for more information about changes for healthcare companies.
Mixpanel is a popular analytics platform, similar to Google Analytics. It’s widely used by marketers who want an alternative to Google Analytics, an upgrade to GA’s free version without taking the steep price hike to Analytics 360, as well as product teams wanting to improve their users’ experience. Mixpanel can also offer a more customized analytics or reporting system without going “around the system” in the way you sometimes need to in Google Analytics (Google Analytics was to provide very basic insights out of the box for just about any user who was willing to complete a simple setup guide).
Mixpanel, however, is not intended for beginners, and instead focuses on marketers & product team members who are looking for a highly customizable product that exists outside of the Google ecosystem. Mixpanel’s popularity has grown further since the release of Mixpanel Marketing Analytics.
Healthcare marketers use Mixpanel to do the following:
Mixpanel is a first-party data platform that, much like GA4, operates on an event-based framework. What the platform collects is entirely dependent on the tool’s setup, but the following are almost always collected:
Every organization’s definition of HIPAA-compliance is dependent on their legal team’s interpretation of the guidelines set by the U.S. Department of Health and Human Services. That being said, Mixpanel falls fairly low on the risk scale, largely because Mixpanel is willing to enter into Business Associate Agreements (BAAs) with its customers.
Mixpanel is a data-forward, privacy-focused product, whose risk mitigation options go beyond entering into a BAA. Mixpanel is built on Google Cloud Platform, which is subjected to regular, independent verification of security, privacy, & compliance controls against HIPAA. That being said, it is a good idea to ensure you have the following in place in order to catch some common missteps:
It’s always important to connect with your legal team to determine how best to move forward. Listen to our HIPAA & FTC 101 podcast for more information about changes for healthcare companies.
GA4 is the latest version of Google Analytics, the most popular analytics tool in the world. It is also the biggest change to the tool since its original release in 2005. For the first time ever, Google Analytics will not be backwards compatible with previous versions of the platform’s tags. GA4 requires a complete reinstallation of tracking tags, which has many users reevaluating their tracking platforms. Paired with OCR’s recent bulletin which identified IP addresses as PHI, this shift in the ecosystem has made the question of how Google Analytics fits in HIPAA-compliance a hot topic for healthcare marketers
Google Analytics, unsurprisingly, collects a lot of data about your user:
Google Analytics 4 has made a lot of improvements that make it easier for companies to utilize stronger data privacy standards and move further into the age of cookieless tracking. These changes allow the tool to be used more in line with GDPR, CCPA, & other privacy policies. Despite these changes, however, Google Analytics is not HIPAA-compliant, as it still receives and stores PII/PHI, including device IDs, browser information, and location data, and does not offer a BAA. Google even explicitly states that “Google makes no representations that Google Analytics satisfies HIPAA requirements” and instructs users to refrain from exposing the software from any information that could be considered PII/PHI.
There are several ways to make Google Analytics safer with strong data privacy standards. These are available in the Privacy Controls section of your Google Analytics settings. While enabling these settings will not satisfy HIPAA guidelines, it could help safeguard some user data while you determine a path forward (see our blog, Auditing your marketing plan for HIPAA compliance)
PRO TIP: Server-side tagging is a data tracking method that can help organizations protect user data. While it requires a well thought out digital infrastructure, it can give organizations more control over their data and help them comply with privacy regulations while still using Google Analytics.