You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Simple Analytics can easily comply with HIPAA because **it does not collect any personally identifiable data from your visitors**. When no personally identifiable data are collected, the data we receive are not PHI and do not fall under the HIPAA Privacy Rule’s disclosure limitations.
In other words, **you don’t need to worry about HIPAA**.
## Why doesn’t Simple Analytics receive PHI?
Because we do not use cookies or other identifiers, we do not fingerprint users, either. In other words, **Simple Analytics is 100% tracking-free** and privacy-friendly. We only use visitors’ IP addresses for communication and drop them right after we serve requests- in other words, IP is never stored or used to track.
Using IP for communication without storing them is not considered collecting personal data. However, this could even be avoided altogether by implementing a proxy. This can be done easily by implementing a few lines of code on your website- click here for a [step-by-step guide](https://docs.simpleanalytics.com/proxy).
## Does Simple Analytics need a BAA?
You do not need a BAA to use Simple Analytics. You only need a BAA when an associate receives PHI from you. Since we do not receive any PHI, this is not relevant for Simple Analytics. Therefore, we do not qualify as Business Associates and do not require a BAA.
