Webinar Recap: HIPAA Compliance with Piano Analytics

HIPAA compliance has been a hot topic recently, in light of recent HHS guidance which has created a very broad definition of Protected Health Information (PHI). HIPAA-covered entities are looking for analytics solutions that support use-cases like robust measurement, attribution, and optimization — and maintain compliance. That’s why Merkle | Cardinal Path has partnered with Piano Analytics, an analytics platform that not only provides its customers with powerful analytical capabilities, but is HIPAA-compliant by default, and signs BAAs.

In our recent webinar with the team at Piano, we took stock of how data collected for web analytics and similar programs can create risk from a HIPAA-compliance standpoint, then started to explore what the “migration path” to Piano Analytics from other platforms can look like. We’ve listed a few key takeaways below, and if you’re interested in learning about these in more detail, the full recording of the event is available here.

1. Even anonymous browsing data can constitute PHI
2. Sharing PHI with tracking vendors for “marketing” purposes is an impermissible disclosure
3. Because Piano Analytics is HIPAA-compliant “out of the box,” it can solve the challenges of HIPAA compliance posed by other tracking vendors
4. Migrating to Piano Analytics can be simpler and easier than you might expect, if planned carefully.

Moving from one analytics platform to another is a major decision, and one that shouldn’t be taken lightly. At the same time, organizations shouldn’t overestimate the “switching costs.” Much of the underlying infrastructure for web analytics — think data layers, tagging logic, data taxonomies, etc. — can be recycled for use with multiple vendors. If you’re interested in learning more about what migrating to Piano Analytics might look like for your organization, contact us and we’d be happy to help you explore your options.