1. Are you working in the healthcare industry?

2. Are you part of the marketing team, IT, or management?

3. Do you know how HIPAA rules affect marketing?

4. Do you use Google Analytics or Google Tag Manager in your organization?

5. Do you collect any Protected Health Information (PHI) about your website visitors, leads, or customers (like ongoing health issues, recent stress levels, sleep habits, or activity levels)?

6. Have you enabled IP address anonymization in your GA4 tracking code?

7. Do you ensure no PHI is shared through website links or special data tags?

8. Is the data transmitted between your website and GA4 encrypted with secure protocols?

9. Have you set up strict user permissions and access controls in GA4?

10. Do you regularly audit your GA4 implementation for compliance?

11. Have your team members who configure GA4 and data analysis been trained on HIPAA regulations and data privacy?

12. Have you set up data retention controls in GA4 to keep data only for the needed period?

13. Have you consulted with legal and compliance experts about HIPAA compliance for your GA4 practices?

14. Does your GA4 setup complete data deletion requests from users?

Do you ensure sensitive data like medical records, PHI, or personal and financial information is not tracked in user-accessible areas after login?
15. (Remember that the list of what’s considered PHI keeps evolving daily!)