HIPAA-compliant analytics,
built for healthcare.

Ghost Metrics gives healthcare teams the visitor insights, funnels, and experiments they need, without leaking protected health information or breaking compliance. Signed BAA included.

Signed BAANo PHI in pixels100% US-hostedSOC 2 Type II
SOC 2 Type II report

Compliance isn't a feature. It's the foundation.

Every line of Ghost Metrics is built so PHI never enters the analytics pipeline in the first place.

BAA · SIGNEDSOC 2 TYPE IIAES-256US-HOSTED

Signed Business Associate Agreement

We sign a BAA with every organization we work with, so you're covered from day one. Premium and Enterprise plans can request redlines to the agreement.

PHI stripped before it's stored

IPs, URLs, and form fields are filtered and hashed at the edge, so sensitive data never lands in our database.

Encrypted in transit & at rest

AES-256 at rest, TLS 1.2+ in transit, hosted entirely within US-based infrastructure.

Full audit logs & consent management

Granular access logs and built-in consent tooling keep your compliance team (and auditors) happy.

Ghost Metrics follows HHS guidance

Federal guidance lays out a compliant path for website tracking: route it through a vendor that signs a BAA, strips the PHI, and shares only de-identified data downstream. That vendor is Ghost Metrics.

“…the regulated entity can choose to establish a BAA with another vendor, for example a Customer Data Platform vendor, that will enter into a BAA with the regulated entity to de-identify online tracking information that includes PHI and then subsequently disclose only de-identified information to tracking technology vendors that are unwilling to enter into a BAA.”
U.S. Department of Health and Human Services seal
U.S. Department of Health & Human ServicesOffice for Civil Rights · HIPAA online tracking guidance

Quoted from public HHS guidance. Ghost Metrics is not affiliated with or endorsed by HHS.

The insights you love. The compliance you can't skip.

Ghost Metrics
Google Analytics
Signed BAA for HIPAA
Included
Not offered
PHI never leaves your control
By design
At risk
100% US-hosted
Always
Global
Real-time, funnels, heatmaps, A/B
Native
Add-ons
0%
PHI exposure, by design
2 min
Average time to install
99.9%
Uptime SLA

Drop in one snippet. Stay compliant forever.

01

BAA Signed

We sign a BAA with every organization as part of your contract. Standard terms sign as-is, with redlines available on Premium and Enterprise.

02

Add the snippet

Paste one lightweight script, or use our Google Tag Manager template. No PHI configuration needed.

03

Watch it flow in

Real-time visitors, funnels, and conversions populate immediately, already sanitized of protected health information.

What healthcare teams ask us first.

Is Ghost Metrics actually HIPAA compliant?
Yes. We sign a Business Associate Agreement with every customer and engineer the product so that protected health information is filtered out before it ever reaches our systems. Compliance is built into the data pipeline, not bolted on.
How is this different from Google Analytics?
Google explicitly will not sign a BAA, which means using GA on pages that may collect PHI puts you out of compliance. Ghost Metrics gives you the same real-time analytics, funnels, and heatmaps, with a signed BAA and PHI stripped at the edge.
Will it slow down my website?
No. Our script loads asynchronously, so it never blocks rendering or hurts your Core Web Vitals.
Where is my data stored?
Entirely within US-based infrastructure, encrypted with AES-256 at rest and TLS 1.2+ in transit. You can export or delete your data at any time through the Reporting API.

Stop choosing between insight and compliance.

Install Ghost Metrics in two minutes, sign your BAA instantly, and start seeing compliant analytics today.