Blog
Notes on healthcare website risk.
Careful, sourced writing about the part of HIPAA risk that lives on your public website — third-party trackers, what regulators have actually said, and how to vet a site before it goes live. We cite primary sources and avoid giving legal advice.
- 5 min read
Does Google Analytics violate HIPAA? What the OCR guidance actually says
Google Analytics is not automatically a HIPAA violation — but on patient-facing pages it can be. Here is what the HHS OCR online-tracking guidance actually says, what changed after the 2024 court ruling, and how to decide what belongs on your site.
google-analyticshipaatrackingguidance - 5 min read
The Meta Pixel hospital enforcement actions, explained
How a single advertising pixel on appointment pages triggered breach notifications to millions of patients, multi-million-dollar settlements, and a joint FTC/OCR warning — and what the pattern means for any healthcare website.
meta-pixelenforcementtrackinghipaa - 4 min read
A practical pre-launch website risk checklist for healthcare practices
Launching or redesigning a practice website? Here is a concrete, ordered checklist — transport security, trackers, forms, privacy policy, and hygiene — that catches the issues regulators and plaintiffs have actually pursued.
checklistlaunchformssecurity-headers