Tracking & Pixel Audit
Healthcare practices routinely deploy marketing tools — Google Analytics, Meta Pixel, HubSpot, Hotjar, and others — without understanding that these tools may be transmitting protected health information (PHI) to third parties without a business associate agreement (BAA).
The OCR bulletin on tracking technologies (December 2022) made clear that this is a HIPAA violation. Enforcement actions have followed.
What the audit includes: a complete inventory of every tracker, pixel, script, and third-party tag on your website and patient-facing forms; an assessment of which tools are transmitting PHI and to whom; a BAA gap analysis for each vendor; and a prioritized remediation roadmap.
The audit is delivered as a written report within 10–15 business days of engagement start. It is priced as a fixed fee based on website complexity.
For practices that need help implementing the remediation roadmap, a Pixel Remediation Sprint is available as a follow-on engagement.