Compliance Dashboard

HIPAA

Plan availability

Available as an add-on service. Contact sales for details.

Overview

HIPAA requires covered entities to protect electronic PHI (ePHI). Third-party scripts on patient-facing pages can access data entered or displayed on the page, including PHI.

HHS OCR guidance

HHS OCR has clarified that tracking technologies transmitting PHI to third parties without authorization may violate HIPAA.

Relevant HIPAA sections

SectionRequirementcside Feature
§164.312(a)Access controlsScript blocking (Gatekeeper mode)
§164.312(b)Audit controlsScript activity logs
§164.312(c)Integrity controlsChange detection
§164.312(e)Transmission securityNetwork request monitoring
§164.308(a)(1)Risk analysisScript inventory, behavioral analysis

What cside tracks

  • All scripts loaded on designated PHI pages
  • Data access (form inputs, cookies, localStorage)
  • Network requests and destinations
  • Script payload changes

Configuration for PHI pages

  1. Use Gatekeeper mode on pages handling PHI
  2. Designate PHI pages in the dashboard
  3. Enable alerts for script changes
  4. Review scripts before authorization

BAA

Enterprise customers can request a Business Associate Agreement. Contact [email protected].

Previous

CCPA

Next

Testing cside on staging Environments

On this page

OverviewRelevant HIPAA sectionsWhat cside tracksConfiguration for PHI pagesBAARelated pages