SocialClimb HIPAA Patient Privacy


SocialClimb’s Healthcare Marketing Platform is 100% HIPAA compliant. Read below to find out more.

The U.S. Department of Health and Human Services (HHS) recently issued a bulletin regarding Healthcare’s “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.” HIPAA Compliance is central to SocialClimb and our customers that use our Healthcare Marketing Platform for industry-leading results. One of our recent blog posts contains additional information that may be helpful in understanding the relationship between Google Analytics and HIPAA Compliance.

The Problem

Google Analytics, Google Ads, and Meta (Facebook) use pixels to track visitors to your website or social media.  These pixels gather visitor data that includes IP address, device id as well as specific details of web pages visited. Google or social media pixels are intended to gather and combine this data and can be used to infer a lot about a visitor. Tracking pixels placed on your website for the purpose of marketing to a specified audience are not HIPAA compliant and represent a considerable risk to a practice.

The Solution

SocialClimb employs all necessary safeguards as required by HHA and HIPAA rules and regulations. SocialClimb integrates directly with your practice management or EHR system to track patient attribution in a HIPAA compliant method. SocialClimb integrations eliminate the need for your healthcare organization to use pixels and/or exchange patient data with other third-party applications (like Google and Meta) to accomplish campaign tracking or patient targeting. 

SocialClimb connects with Google Insights to provide information on how people interact with your Google Business Profile and not your website.  Additionally, SocialClimb integrates with Google Ads to set up and manage Search Ad (keywords) campaigns that do not require pixel tracking. SocialClimb does not connect to, consume data from, or transmit PHI to Google Analytics.

We recommend following the guidance provided on the HHS bulletin regarding tracking on user-authenticated web pages and unauthenticated webpages to ensure compliance outside of the SocialClimb platform.

How It Works

Google Business Profiles: 

Identify patients who schedule appointments with you through your Google Business Profiles by placing phone numbers with call tracking capabilities and links with click tracking capabilities on your profiles.

Google Ads:

To track and identify patients who find you through Google Ads, include a call tracking phone number or an ROI tracking link for self-scheduling as the ‘call to action’ on your advertisements.


When patients are targeted via SocialClimb’s Predictive Patient Targeting suite, any conversion of those individual prospective patients, regardless of conversion path, will be tracked and reported on.


Place scannable QR codes that will lead patients to scheduling services on each postcard. This code will include tracking capabilities enabling you to identify which patients engaged with your postcard.

Everything else:

Attach SocialClimb’s click and call tracking tools to any marketing campaign, from billboards to TV ads to newspaper inserts. With SocialClimb, you can track ROI generated by virtually any marketing tactic.

Call Tracking:

Data captured with SocialClimb call trackers does not contain individually identifiable information (PHI) and is only paired with data within our secure platform after integrating with your Practice Management System.

Embracing a Culture of Data Privacy

At SocialClimb, we prioritize the privacy and security of your data. Our team members undergo comprehensive training and testing to adhere to stringent security protocols. We have cultivated an internal culture that places data privacy and security at the forefront, holding ourselves to the highest standards. With our unwavering commitment to protecting your information, you can trust that your data is in safe hands.

Enhanced Security through Proactive Threat Management

At our organization, we prioritize the security of your data through a comprehensive approach. We employ robust encryption measures for all internal devices, regularly conduct automated security scans, and perform frequent penetration tests. By continuously monitoring and addressing potential threats, we ensure the utmost protection for your sensitive information.

Elevating Security with SOC 2 Audit Compliance

Our commitment to SOC 2 compliance goes beyond HIPAA standards, adding robust layers of protection to safeguard your data. SocialClimb is hosted on a SOC 2 compliant platform and we’re currently working towards full SOC 2 certification in 2024. With a more rigorous framework, we ensure that your information remains secure and your organization stays ahead in an ever-evolving security landscape.