HIPAA and Google Analytics
Google Analytics is a measurement solution that can be used to obtain business insights about traffic on your websites and apps. It is important to ensure that your implementation of Google Analytics and the data collected about visitors to your properties satisfies all applicable legal requirements.
Please remember that to protect user privacy, Google Analytics policies and terms mandate that no data be passed to Google that Google could recognize as personally identifiable information (PII), and no data you collect using Google Analytics may reveal any sensitive information about a user, or identify them. If you need to delete data from the Analytics servers for any reason, you can schedule a data-deletion request or use the User Deletion API.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US federal law that applies to HIPAA-regulated entities. The law and its implementing regulations typically are not relevant to Google Analytics customers operating exclusively outside of the US, nor are they relevant to every customer operating within the US. Analytics customers are responsible for determining whether they are HIPAA-regulated entities and what their obligations are under HIPAA.
