HIPAA
Using cside for HIPAA compliance monitoring of third-party scripts on pages handling PHI.
Plan availability
Available as an add-on service. Contact sales for details.
Overview
HIPAA requires covered entities to protect electronic PHI (ePHI). Third-party scripts on patient-facing pages can access data entered or displayed on the page, including PHI.
HHS OCR guidance
HHS OCR has clarified that tracking technologies transmitting PHI to third parties without authorization may violate HIPAA.
Relevant HIPAA sections
| Section | Requirement | cside Feature |
|---|---|---|
| §164.312(a) | Access controls | Script blocking |
| §164.312(b) | Audit controls | Script activity logs |
| §164.312(c) | Integrity controls | Change detection |
| §164.312(e) | Transmission security | Network request monitoring |
| §164.308(a)(1) | Risk analysis | Script inventory, behavioral analysis |
What cside tracks
- All scripts loaded on designated PHI pages
- Data access (form inputs, cookies, localStorage)
- Network requests and destinations
- Script payload changes
Configuration for PHI pages
- Designate PHI pages in the cside dashboard
- Enable alerts for script changes
- Review scripts before authorization
BAA
Enterprise customers can request a Business Associate Agreement. Contact sales@cside.dev.
Related pages
Was this page helpful?
Thanks for your feedback!