Removing PHI for Google Analytics Website Tracking

How healthcare customers can use Twilio Segment to remove HIPAA identifiers before sending data to Google Analytics.

Made by Jeff Eiden

What do you need?

  • Segment Connections

  • Google Analytics 4 Account

Easily personalize customer experiences with first-party data

With a huge integration catalog and plenty of no-code features, Segment provides easy-to-maintain capability to your teams with minimal engineering effort. Great data doesn't have to be hard work!

On this page

Please note that this post merely provides an overview of possible uses of Twilio Segment and is not considered legal advice or methods of compliance with HIPAA. It should not be taken or used as legal advice about the privacy, security, protection or use of data in healthcare or in compliance with HIPAA.You should consult with your legal and/or security experts as needed before implementing solutions for any use case. 

Recently, The U.S. Department of Health and Human Services (HHS) updated guidance on the use of web tracking technologies by HIPAA Covered Entities. This update reinforces that additional safeguards are required when processing Protected Health Information (PHI) with tracking platforms like Google Analytics (GA). While certain provisions were legally challenged in June, most of the Bulletin remains intact and is actively enforced by HHS.

This increased stringency leaves healthcare organizations in a difficult position. Google Analytics is vital to their digital marketing strategies, offering critical insights into patient engagement. However, to comply with HIPAA, Covered Entities are rethinking how they use these tools and exploring features that can limit the risk of PHI disclosure.

As part of this bulletin, HHS explained that such tracking technologies may be subject to HIPAA and healthcare organizations that use such tracking technologies must ensure they comply with the applicable obligations under HIPAA. In addition, the updated guidance addressed the use of  Customer Data Platforms (CDP) as a possible means to support compliance when using web tracking vendors like Google Analytics.

This Recipe provides an example  of how to configure Segment to strip identifiers from web tracking data before it reaches Google Analytics. Additionally, we’ll cover how to replace problematic tracking pixels with Segment’s CDP, ensuring only specific event properties of interest are collected, rather than indiscriminately tracking everything by default. 

How You Can Configure Segment to Remove PHI for Website Tracking

By configuring Segment to remove HIPAA identifiers before sending data to web tracking vendors, healthcare organizations can reduce risk of unauthorized PHI disclosures.  

There are two main capabilities of Segment that support PHI removal:

  1. PHI Filters that support removal of HIPAA Identifiers before sending any data to GA as a Destination. 

  2. Cloud-Mode Destinations that replace indiscriminate pixel tracking with a server-to-server architecture where all disclosed data must be specifically allowlisted.

Diagram showing data flow from a website to Google Analytics with de-identification options.
This diagram illustrates how website event data is collected and processed in Google Analytics while protecting patient data.

Let’s now walk through how to configure the Google Analytics Destination with these features enabled, so you can continue tracking patient website activity.

Step 1: Set up your Website as a Source

If you haven’t done so already, the first step is to add your organization’s website as a Source. This allows website analytics data to flow from your site to Segment, rather than from your site to Google Analytics directly. 

This involves installing Segment on your website. To do this, please follow the steps outlined in the Basic Segment Installation guide. For most customers, we recommend setting up your website as a JavaScript source, which is the most straightforward configuration that allows you to send tracking data from a front-end web browser to Segment. 

Once you’ve installed Segment on your site, your Connections overview page in your Workspace should list your website as an enabled source, as shown below:

Dashboard showing segment overview with Owl Health Website listed as source.
This image displays a dashboard with an overview of segment sources, featuring Owl Health Website as a listed source.

The next step is to use Segment primitives to record page views and track the visitor actions you’re interested in. Here are the core Segment APIs you can call from your website:

  • Page: What web pages are being visited?

  • Track: What are visitors doing on my site?

  • Identify: Who are the visitors?

As a best practice, you should only collect traits and properties that you deem necessary for your use cases, and ensure these PHI/PII traits and properties are removed before transmission to a Segment Destination like Google Analytics.

Once this is done, be sure to remove any existing Google Analytics tracking code snippets you’ve previously added to your website. 

Step 2: Enable Google Analytics Cloud-Mode Destination

Once you have Segment set up on your website, and have confirmed data is successfully flowing into the CDP (you can verify this using the Source debugger), the next step is to add Google Analytics as a Destination in your Workspace. 

 Enable the GA Cloud Destination rather than the Web Destination. Whereas the Web Destination sends data directly to Google, the Cloud-Mode Destination uses server-side tracking – sending analytics first to Segment, then onto GA. This is important for two main reasons:

  1. This eliminates the use of risky client-side cookie or pixel tracking that could result in unintended exposure of PHI

  2. Enables application of a filter to events to remove PHI before transmitting to Google Analytics (covered in Step 3 below)

Add the Destination

To enable the GA Cloud Destination, navigate in your Segment Workspace to Connections > Catalog and search for “Google Analytics 4 Cloud”. Click on the search result as shown below:

Screenshot of a data catalog interface showing Google Analytics 4 Cloud as a destination option.
Segment interface displaying Google Analytics 4 Cloud destination under the Destinations tab.

This will kick off a process to configure the Destination. You’ll first be asked to select a data source for the Destination. Be sure to choose the Website Source you set up in the previous step, this will connect your site’s data entering Segment to forward onto Google Analytics:

Google Analytics 4 data source selection page showing a list of sources with options for connection types.
Google Analytics 4 Cloud interface for selecting and managing data sources and connection types.

You’ll give your Destination a friendly name, then you’ll need to add your Google Analytics Measurement ID and API Secret so Segment can successfully authenticate with your GA instance. For more information on finding these secrets, please see the docs on the GA Cloud Destination.

For now, you can leave the Destination Disabled. You should flip this to Enabled only when you have the Destination Filters set up to avoid any potential data leaking.

When done, your Destination Settings page should look like this:

Screenshot of Google Analytics Healthcare Integration settings page showing measurement ID and API secret fields.
Google Analytics Healthcare settings configuration screen with fields for Measurement ID, API secret, and enabling destination.

Set up Mappings

Once the Destination has been added, you’ll need to set up Mappings. This is what allows you to configure how the data from your website is mapped to Google Analytics. With Mappings, you have fine-grained control over precisely what events, properties, and metadata are transmitted to GA.

There are many available pre-built Actions you can choose from, including Page View, View Promotion, Login, Search, and more. Please see the GA Cloud Destination docs for more details on available Action Mappings you can enable and the specific data signature sent to Google.

To add an Action Mapping, click on the Mappings tab and click the +New Mapping button. As an example, here’s how you can set up the ‘Page View’ Action to stream a page view event when a user views a page:

Interface for setting up mapping in a data activation tool with options for Add to Cart, Purchase, and Page View.
The setup screen for defining streaming behavior in a data activation tool, showing options for tracking user actions.

Once you finish setup including giving the Mapping a friendly name, you should see it enabled on your Mappings list:

Interface showing data mapping from Epic to Google Analytics 4 Cloud with Page View trigger and action.
The Mappings tab allows users to configure data mappings from Epic to Google Analytics 4 Cloud.

Step 3: Apply Destination Filters to Remove PHI

Once we have the GA Cloud Destination set up, the final step is to apply a Destination Filter. Destination Filters are used to prevent certain data from flowing into a destination. This is where you will  remove HIPAA identifiers from events that flow from Segment to Google. Healthcare organizations should conduct a thorough review of the data they send to ensure that all HIPAA identifiers are properly handled in compliance with their own assessments and compliance obligations.

Note that it is also possible to use data encryption for the purposes of removing PHI, but this guide will focus on the use of Destination Filters.

You will have full visibility into the PHI that you are sending from your website into Segment, and how this data is named/formatted. Therefore, it is your responsibility to set up the Destination Filter rules to target all the PHI that will be sent into the CDP, so it is blocked from entering Google Analytics.

To create a Destination Filter, Click on the Filters tab in the GA Cloud Destination screen, then click the +New Filter button:

Screenshot of Google Analytics Healthcare platform showing Destination Filters with the option to create a new filter.
The Google Analytics Healthcare interface allows users to manage destination filters with ease, featuring an option to add a new filter.

This will open up a window to configure the Destination Filter rules. Because we’re wanting to remove certain fields containing PHI but still send events to GA, change the filter type to “Do not send Field(s)” using the dropdown:

Dropdown menu options for sending or not sending fields in Google Analytics Healthcare.
Configuration screen showing options to send events or fields in Google Analytics for Healthcare tracking.

You must also remove the default conditional logic by clicking on the x icon. This will apply the field filter to all events:

Interface with options to set conditions for sending 'Order Completed' event name to GA Healthcare
Conditional configuration interface for sending data to GA Healthcare when 'Order Completed' event is true

Now, you’ll select the Event Fields you want to filter out of the events flowing from Segment to GA. For instance, select user traits > name from the Event Field dropdown to remove the person’s name from GA events as shown below:

Close-up of a user interface showing options to send or not send fields to GA Healthcare, highlighting user traits name field.
The interface displays options to manage event fields, specifically focusing on the 'name' trait under user traits.

This is where you’ll want to be sure you select all user traits and properties that are recognized under the list of 18 HIPAA identifiers

Here is a list of Segment Default PII properties that are recognized as HIPAA identifiers that you should add to your list of fields to filter, in addition to your own additional PHI fields: 

name, ssn, phone, email, address, street, city, zipcode, ip, gender, sex, sexual orientation, credit card, disability, passport, ethnicity, citizenship, race, identification, mac, photo, veteran, certificate, license, medication, allergy, condition, diagnosis, procedure

Note that the above list is just a starting point. You will need to assess any and all data included in events contained in your GA Action Mappings (See Step 2), and ensure they are targeted in the Destination Filter Rules.

Once you’ve added all of your appropriate PHI fields to be stripped, you can use the Load Sample Event button to preview how your filter will work, as shown stripping out name as a field below:

Screenshot showing the process of setting up rules and integrations for Google Analytics on a dashboard.
Dashboard view where rules are being configured along with JSON code for Google Analytics integration setup.


When done adding your Event Fields, click Next Step to give your Filter a name and description. Be sure to use the toggle to Enable the Destination:

Interface showing form with settings to save PHI filter enabled and description for Google Analytics
Screenshot of a form to save and enable a PHI filter with a description for Google Analytics usage.

Save your Destination Filter. Congrats! You should now be set up to send analytics data from your website to Google Analytics, using filters to remove the data  you identified.

As a last step you will need to Enable the Destination so Segment will start to send data to Google Analytics. Go back to the Google Analytics Destination settings page, and toggle the Destination to be Enabled, then Save your Destination settings as shown below:

Segment interface with Enable Destination toggle and Save Changes button for Google Analytics 4 Cloud.
The Segment interface option to enable data sending to Google Analytics 4 Cloud with a toggle and save changes button.

Wrapping Up

We’ve just walked through an example of how some healthcare organizations have configured Segment for use of Google Analytics for website tracking. In particular, we showed examples of how to:

  1. Replace problematic web pixels with a Cloud-Mode Google Analytics Destination that provides fine-grained control over data transmission.

  2. Apply a Destination Filter to strip out PHI before transmitting data to Google Analytics.

Please note the above example is just one example and it is vital that you and your team perform your own assessment of how to address your obligations under HIPAA and the HHS Bulletin regarding use of web tracking platforms. 

This is all made possible by Segment’s powerful and flexible CDP!

Want more information on getting a BAA in place with Twilio for the use of Twilio Segment?

Please Contact Us for more information.

Getting started is easy

Start connecting your data with Segment.