A heatmap uses color codes to visually represent how a user interacts with a website. The color scale ranges from blue (least interaction) to red (most interaction).
Heatmaps allow you to assess which website elements users click on and scroll through and which ones they ignore.
Read more on heatmaps in our help center: Piwik PRO site inspector for Chrome
Here is an example of a heatmap:
The post The Health Insurance Portability and Accountability Act (HIPAA) appeared first on Piwik PRO.
]]>The HHS Office for Civil Rights enforces HIPAA, conducts audits, and imposes penalties for noncompliance. HIPAA violation penalties are primarily financial but may also include incarceration in severe cases.
HIPAA compliance
To ensure HIPAA compliance, companies that deal with protected health information (PHI) must implement physical, process, and network security measures. All organizations providing treatment, payment, and operations in healthcare are considered covered entities. Business associates who have access to patient information and provide support in treatment, payment, or procedures must meet HIPAA requirements as well.
HIPAA Privacy Rule
The Privacy Rule standards address the use and disclosure of PHI by covered entities.
Covered entities are specified in the HIPAA Privacy Rule as healthcare clearinghouses, health plans, and healthcare providers.
The Privacy Rule sets out standards for how patients can understand and control the use of their health information and ensures its protection. This is done while allowing the flow of health information needed to provide high-quality healthcare. The Privacy Rule permits substantial uses of data while protecting the privacy of people seeking medical care.
The Privacy Rule guarantees individuals the right to receive upon request their PHI from healthcare providers covered by HIPAA.
Covered entities must also sign an agreement with a HIPAA business associate that imposes specific safeguards on the PHI that the business associate uses or discloses.
What information is protected under HIPAA?
Under the HIPAA Privacy Rule, any identifiable health information held by a covered entity or business associate is protected. The information may be digital, paper-based, or verbal.
When health information is combined with a personal identifier, the data becomes PHI. There are 18 HIPAA identifiers, including:
- Name, address, birthdate, social security number, biometric identifiers, Web URL and IP address.
- A past, present, or future physical or mental health condition.
- Payment information concerning past, current, or future care.
PHI is a subset of Personally identifiable information (PII) that refers explicitly to information processed by HIPAA-covered entities.
The US Department of Health and Human Services (HHS) issued the HIPAA Privacy and HIPAA Security rules to implement HIPAA requirements.
HIPAA Security Rule
The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a set of requirements for all individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form. This kind of information is called electronically protected health information or ePHI.
To comply with the HIPAA Security Rule, covered entities are obliged to:
- Ensure the integrity, confidentiality, and availability of all ePHI.
- Protect against impermissible uses or disclosures not allowed by the rule.
- Detect and safeguard against anticipated information security threats.
- Certify workforce compliance.
HIPAA defines three other significant rules that all organizations (including online software) must follow to store, record, or share PHI. Read about them here:
You may also like:
- Is Google Analytics HIPAA-compliant?
- A review of HIPAA-compliant analytics platforms
- How PHI and PII impact your HIPAA compliance and marketing
The post The Health Insurance Portability and Accountability Act (HIPAA) appeared first on Piwik PRO.
]]>The post HIPAA certification appeared first on Piwik PRO.
]]>The Department of Health and Human Services (HHS) doesn’t formally recognize the certification, it can be issued by private companies that specialize in HIPAA certification. HIPAA certification is not an obligatory training program; it is granted after a successful audit. The HIPAA certification audit proves that healthcare organizations met the standards of HIPAA and didn’t violate HIPAA guidelines at the time of the audit. It must be noted that HIPAA certification doesn’t mean the organization is HIPAA compliant. Third-party auditors give the certification, while the official HIPAA compliance process must be completed internally to properly secure patients’ data and avoid penalties and fines.
The course is not official but may better prepare a facility and its workers for achieving and maintaining compliance. It also may serve as a confirmation to patients and business associates that the organization is patient-first and approaches PHI with privacy and care.
Learn more about HIPAA: A review of HIPAA-compliant analytics platforms Is your analytics project HIPAA-compliant? A complete checklist with 32 questions HIPAA, marketing and advertising: How to run compliant campaigns in healthcare
The post HIPAA certification appeared first on Piwik PRO.
]]>The post Hypertargeting appeared first on Piwik PRO.
]]>Hypertargeting is also the ability of social network sites to target ads based on specific criteria. Facebook offers an ad-targeting service through its ads platform. Ads can be hyper-targeted to users based on keywords from their profiles, pages they’re fans of, events they responded to, or applications used. Some of these examples involve the use of behavioral targeting.
Hypertargeted advertising raises some privacy concerns. Since 2018 the General Data Protection Regulation (GDPR) has regulated the handling of EU residents’ personal data, including its use for hypertargeted advertising. Under this EU’s law, using people’s personal data requires explicit, unambiguous, informed, and active consent. One of the examples is the recent ruling concerning illegal Meta’s ad practices.
To understand hyper-targeting better, check out the following definitions:
- Retargeting / remarketing in marketing campaigns
- Behavioral targeting
- Click path in web analytics
- Cross-channel tracking
Read more on marketing and advertising on the Piwik PRO blog: Marketing and advertising
The post Hypertargeting appeared first on Piwik PRO.
]]>