Web Analytics

Web analytics in healthcare: why consider implementing Piwik PRO?

29 May 2026 5 minutes read

A hospital or clinic website has become more than a digital business card. With the right features, it serves as a fully fledged communication channel for patients. Online registration, e-visits, sign-up forms, patient portals, content about specific conditions – each of these areas not only improves patient service but also generates data.

Analysis of the data collected on the website makes it possible to discover which services attract the most interest, where patients abandon the registration process, or what is the success rate of a prevention campaign.

The problem is that this is not ordinary traffic data. In a healthcare organization, web analytics can very quickly come close to health data – one of the most protected categories of information under the GDPR. This is exactly where standard tools, with Google Analytics at the forefront, become a real area of risk.

In this article, we explain why the healthcare sector needs a different approach to web analytics than marketing websites in other sectors, and why Piwik PRO is one of the solutions worth considering in this context.

Health data as special category data

The GDPR treats health data in a specific way. It is classified as special category data, commonly referred to as sensitive data, and is subject to a general prohibition on processing, with specific exceptions provided by law – for example, the provision of healthcare or the patient’s explicit consent.

It is worth noting that health data is not limited to diagnoses recorded in medical documentation. It also includes information collected at the stage of registering for medical services and while using healthcare. In digital practice, even seemingly technical data – such as the URL of a page about a specific condition, a cookie identifier, an IP address, or an event in a registration form – may become health data if it makes it possible to connect online behavior with a specific or identifiable person.

In practice, risky data may include:

the URL of a page about a specific condition combined with a user identifier,
link parameters revealing the selected clinic, doctor, or type of appointment,
events tracking interaction with the profile of a specific specialist,
registration form data linked to an IP address, cookie, or patient account.

In other words, a patient does not need to type “I have diabetes” for an analytics system to process information that may suggest their health condition or interest in a specific medical service. It is enough for them to visit the diabetology clinic page and for that visit to be linked to an identifier. For the data controller – meaning the healthcare organization – this is already an area that requires particular caution.

Where the problem with standard analytics begins

Google Analytics 4 (GA4) was designed primarily for marketing, measuring the performance of online activities, and integrating with Google’s advertising ecosystem. It is an effective measurement tool with many use cases, but its use in the healthcare sector raises significant concerns. Why?

First – data is transferred to a large external provider

When sending data to GA4, a healthcare organization transfers it to Google’s infrastructure. Google itself clearly states that entities subject to the US HIPAA law should not use Google Analytics in a way that could give Google access to Protected Health Information / PHI, and that Business Associate Agreements are not offered for Google Analytics.

For European healthcare providers, HIPAA is usually not a direct legal requirement, but Google’s position should prompt attention and caution. GA4 should not be treated as a tool intended for processing health data, data identifying patients, or information that, in the context of a visit, could be considered particularly sensitive.

Second – data transfers and regulatory uncertainty

After the CJEU judgment in the Schrems II case in 2020, European data protection authorities, including those in Austria, France, Italy, and Sweden, questioned the use of Google Analytics in specific configurations due to transfers of personal data to the US. In some cases, controllers were ordered to stop using the tool or change the way data was processed.

Since 2023, a new transfer mechanism has been in place – the EU-US Data Privacy Framework – which has again created a basis for data transfers to certified entities in the US, including Google LLC. This does not change the fact that the events of recent years have shown how legally sensitive this area is.

For a healthcare organization, a more reasonable choice may be a solution that limits or even fully eliminates transfers outside the EEA at the architecture level, while also minimizing the risk of passing data from URLs, parameters, forms, or events to the analytics tool where that data may indicate a health condition, visit, or specific medical service.

Third – interpretation and operational limitations in reporting

GA4 allows raw events to be exported to BigQuery, but this requires additional configuration, technical skills, and work with data outside the standard interface. In the GA4 interface itself, large datasets, advanced explorations, or exceeded query limits may lead to issues such as sampling, thresholding, or other limitations that make it harder to fully analyze the patient journey.

There is also one factor no pricing list can account for: patient trust. Health information belongs to the most intimate categories of personal data. Sharing data about the medical content a patient views with a global advertising technology provider creates a serious trust issue. And in healthcare, reputation is a currency that cannot be rebuilt overnight.

What a healthcare organization really needs

Let’s look at the requirements an analytics tool should meet when used by a hospital, clinic network, or telemedicine provider:

Data sovereignty – the organization, as the controller, must have full control over where data is stored and who has access to it.

No use of data for third-party purposes – data should not be passed on to advertising networks “along the way” or used for the needs of an external advertising ecosystem.

GDPR-compliant consent management – informed patient consent should be collected and documented in a way that can be demonstrated.

Granular access control and logs – only authorized individuals should have access to data, with the ability to trace who accessed the data or changed the configuration and when.

Data minimization mechanisms – IP anonymization, control over what is collected, and the ability to limit sensitive data in URLs, parameters, and events.

Access to complete analytics data – so that reliable analysis of patient journeys is not limited only to ready-made reports in the tool’s interface.

In this context, Piwik PRO becomes a particularly valuable alternative.

Piwik PRO as analytics designed for regulated industries

Piwik PRO is an analytics platform that from the beginning has positioned itself in sectors where privacy is not an add-on but a necessary condition: finance, public administration, the public sector, and healthcare. Piwik PRO clients include public institutions and organizations operating in highly regulated industries.

This comes from the product’s design, built around user privacy.

Data stays where you want it

Piwik PRO offers a choice of hosting models:

cloud in the European Union,
dedicated private cloud,
and, if needed, deployment on the organization’s own infrastructure, meaning on-premises.

For a healthcare provider, this means patient data can remain within European jurisdiction. In the most restrictive setup, it can stay entirely within infrastructure controlled by the organization.

Limiting or eliminating transfers outside the EEA significantly reduces the legal risk connected with international transfers. Of course, this does not release the organization from assessing the entire implementation under the GDPR, including the legal basis, consents, data minimization, and data processing agreements. But it removes one of the most problematic elements of standard analytics based on global advertising platforms.

Full control over data and no use for third-party purposes

Piwik PRO states that it does not share customer data with third parties and that the customer retains control over where data is stored and who has access to it. The data therefore remains an asset of the healthcare organization, not fuel for someone else’s advertising ecosystem.

For a hospital or clinic, this is not just a technical detail. Data showing that a patient was interested in a specific service, appointment, or clinic should not be treated like an ordinary marketing cue. It should remain under the control of the controller responsible for information security and patient trust.

Built-in consent management

The Piwik PRO package includes Cookie Information, a tool for collecting and processing user consents. This means the consent layer can remain consistent with the analytics layer instead of being integrated from several separate solutions. In practice, the organization gets one complete and fully compatible analytics package.

For the team responsible for GDPR compliance, this means fewer risk points and fewer potential failure points, as well as simpler configuration and easier accountability. Consent is not just a banner on the website but part of the entire data collection process.

Control, anonymization, and audit trail

The platform makes it possible to limit the scope of collected data, anonymize IP addresses, control data in URLs, and precisely decide what information is sent to the analytics system. In addition, it provides granular access permissions and audit logs showing who changed what in the configuration and when.

Certifications that matter in procurement and for customer data

Piwik PRO communicates external security audits and certifications, including ISO 27001 and SOC 2 Type II. It also points to the possibility of supporting HIPAA-compliant deployments, including signing a BAA in relevant scenarios.

Although HIPAA is not a legal requirement for Polish and European healthcare providers, the presence of such standards is evidence of mature security processes. In procurement processes, discussions with compliance teams, or consultations with a Data Protection Officer, this can be a far stronger argument than general assurances about “data security.”

A complete package in one place

Analytics, Tag Manager, Consent Manager, and data activation modules operate within a single platform. Instead of combining several tools from different vendors – and multiplying data processing agreements, integrations, and potential gaps – the organization gets a consistent environment for managing analytics.

This does not mean that implementation automatically becomes simple. But it does mean that many key elements – measurement, consents, access control, hosting, and data management – can be designed within one architecture, instead of being assembled from random components.

Summary

In most industries, choosing an analytics tool is a matter of convenience, integrations, and price. In healthcare, it is primarily a decision about risk management and patient trust. Standard tools based on global advertising ecosystems may put the organization in a difficult-to-defend position, especially when analytics starts to involve data that may reveal health-related information.

Piwik PRO reverses this logic: data can remain in Europe or on the organization’s infrastructure, the customer keeps control over it, and privacy and regulatory compliance are built into the product architecture. For a hospital, clinic network, or telemedicine provider, this simply means greater operational security – and a better position in every conversation with the legal department, compliance team, or Data Protection Officer.

If you are not sure whether your organization’s current analytics setup is safe, it is worth starting with an audit. We’ll analyze what data is currently being collected, where risks appear, and what a transition to a solution designed with sensitive data in mind could look like.