-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0e84725
commit 57a149b
Showing
1 changed file
with
22 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
--- | ||
title: HIPAA Compliance | ||
category: legal | ||
permalink: /hipaa | ||
last_modified_at: 2023-07-11 | ||
--- | ||
|
||
## Is Simple Analytics compliant with HIPAA? | ||
|
||
Simple Analytics can easily comply with HIPAA because **it does not collect any personally identifiable data from your visitors**. When no personally identifiable data are collected, the data we receive are not PHI and do not fall under the HIPAA Privacy Rule’s disclosure limitations. | ||
|
||
In other words, **you don’t need to worry about HIPAA**. | ||
|
||
## Why doesn’t Simple Analytics receive PHI? | ||
|
||
Because we do not use cookies or other identifiers, we do not fingerprint users, either. In other words, **Simple Analytics is 100% tracking-free** and privacy-friendly. We only use visitors’ IP addresses for communication and drop them right after we serve requests- in other words, IP is never stored or used to track. | ||
|
||
Using IP for communication without storing them is not considered collecting personal data. However, this could even be avoided altogether by implementing a proxy. This can be done easily by implementing a few lines of code on your website- click here for a [step-by-step guide](https://docs.simpleanalytics.com/proxy). | ||
|
||
## Does Simple Analytics need a BAA? | ||
|
||
You do not need a BAA to use Simple Analytics. You only need a BAA when an associate receives PHI from you. Since we do not receive any PHI, this is not relevant for Simple Analytics. Therefore, we do not qualify as Business Associates and do not require a BAA. |