HIPAA Compliance 
Is Simple Analytics compliant with HIPAA?
Simple Analytics can easily comply with HIPAA because it does not collect any personally identifiable data from your visitors. When no personally identifiable data are collected, the data we receive are not PHI and do not fall under the HIPAA Privacy Rule’s disclosure limitations.
In other words, you don’t need to worry about HIPAA.
Why doesn’t Simple Analytics receive PHI?
Because we do not use cookies or other identifiers, we do not fingerprint users, either. In other words, Simple Analytics is 100% tracking-free and privacy-friendly. We only use visitors’ IP addresses for communication and drop them right after we serve requests- in other words, IP is never stored or used to track.
Using IP for communication without storing them is not considered collecting personal data. However, this could even be avoided altogether by implementing a proxy. This can be done easily by implementing a few lines of code on your website- click here for a step-by-step guide.
Does Simple Analytics need a BAA?
You do not need a BAA to use Simple Analytics. You only need a BAA when an associate receives PHI from you. Since we do not receive any PHI, this is not relevant for Simple Analytics. Therefore, we do not qualify as Business Associates and do not require a BAA.