HIPAA Tracker

Tracking healthcare privacy risks before patients pay the price.

We passively scan healthcare websites for third-party trackers, form embeds, and insecure transmission, and publish what we observe — with the date we observed it.

Look up a website

Or browse the full registry →

What we report

Trackers — advertising, analytics, and session-replay scripts loaded by the page.
Form & scheduler embeds — third-party forms and booking tools that receive what visitors enter.
Transmission — pages served without TLS encryption.
Platform — the website builder or CMS the site runs on.

What we don't do

We report observations, not verdicts. Whether anything we observe constitutes a HIPAA violation is for the U.S. Department of Health and Human Services Office for Civil Rights to determine — see its guidance on online tracking. Every scan is passive (we fetch the public page, the same as any browser) and every report carries the date it was checked and a way to request a fresh scan. Read the methodology →