Tracker Resolution Types
The Web Tracker Monitoring UI allows you to choose different options to mark a tracker as resolved. This document describes your options for mitigating the risk presented by having a Web Tracker installed on your site.
Once you choose and submit and a resolution status, we'll let you know if there are any next steps you should take to resolve the tracker. These next steps will appear in the "Action Items" section underneath the Resolution Picker. When you complete these action items, Freshpaint will automatically adjust the tracker's risk level to "Low Risk" accordingly.
All trackers will continue to be scanned and will show up in your weekly report, regardless of whether they have been "resolved" or not. Our aim is to show you the full view of which trackers still need your attention and which you've already resolved.
Resolution 1: Signed BAA
Many vendors will sign a Business Associate Agreement with you. If you are able to set up a BAA with the vendor, then their trackers no longer present a HIPAA risk on your site. Choosing this resolution will move the tracker to a “low risk” status, allowing you to focus on any remaining high risk items.
Resolution 2: Mark as Safe
If you decide to allow the tracker to remain on your site, you can select “Mark as Safe” in Freshpaint’s Web Tracker Manager. Choosing "Mark as Safe" will immediately move the tracker to a “low risk” status, so you can focus your attention on any remaining high risk items.
If a tracker is installed only on the Job Postings page and the About Us page, you may decide along with your compliance and legal teams that there is little risk of HIPAA violation. Freshpaint’s Web Tracker Report shows you which pages on your site have the tracker installed, and which ones do not.
Resolution 3: Remove Tracker
You may need to completely uninstall the tracker from your site. The removal process depends on how the tracker is installed:
If the tracker is set up via a tag manager such as Google Tag Manager, locate the tracker in the tag manager and remove it.
Otherwise, your IT team will need to remove the tracker. You can send them the Freshpaint Web Tracker Report along with the following note:
Please remove the tracker <tracker name> from our organization’s website(s). I’ve attached a report listing all of the pages that the tracker is installed on, which should help you find the tracker and make sure that it is completely removed from every page. This task is critical for maintaining our organization’s HIPAA compliance.
Resolution 4: Replace with Freshpaint
Freshpaint integrates with advertising platforms, analytics tools and other services. If you replace the third party tracking technology with Freshpaint, you can continue using your tools while maintaining HIPAA compliance.
If Google Analytics is found on your site, you can replace it with Freshpaint’s Google Analytics 4 Proxy integration.
Resolution 5: Owned By My Organization
Your site may be retrieving resources from or sending information to additional first-party domains. There is no risk of violating HIPAA if PHI is shared with these domains since they are owned by your organization. Choosing this resolution will immediately move the tracker to a “low risk” status.
If your organization’s homepage is freshhealth.co, there may be trackers on your site such as myfreshhealth.co or freshhealth-schedule.co. These domains belong to your organization, so there is no risk of violating HIPAA if PHI is shared with them.
Last updated
