Keep Google Analytics and Meta ads. Stop sending patient data.
Tracking scripts like the Meta pixel and Google tag quietly hand an ad network the pages your patients read, their IP and their device — with no BAA covering any of it. See what your site is leaking below, then fix it with a single tag.
Free during beta · No credit card · Works with any website platform
Why this exists
The tracking pixel became healthcare's biggest privacy liability.
The standard Meta pixel and GA tag run in your visitor's browser and report the pages they read, their IP, and their device — straight to an ad network, with no BAA covering any of it.
OCR and the FTC have treated "this person visited a health page" as a reportable disclosure. Hospitals and telehealth companies have paid multi-million-dollar settlements over exactly this.
Remove tracking entirely and your ads stop optimizing, your analytics go dark, and every marketing dollar gets harder to justify. Practices shouldn't have to choose.
How it works
One tag on your site. A relay in the middle. Clean data out the other side.
Sign in and connect Google Analytics with one click, your Meta pixel too if you run Facebook or Instagram ads. Either one unlocks your tag.
Add the minusPHI tag before </head> and remove your old pixels. Phone
clicks, booking links and contact forms are detected as conversions automatically.
Traffic shows up in your GA4, conversions land on your Meta pixel, and your ad campaigns keep optimizing — with nothing identifying the patient or their browsing.
<!-- your entire analytics stack, after minusPHI -->
<script src="https://app.minusphi.com/mphi.js" data-site-key="mphi_XXXXXXXXXX"
data-ingest="https://ingest.minusphi.com/"></script>
What we send
Deny by default. Every field that forwards is on an allow-list; everything else is stripped.
- Page views & traffic sources to your GA4 (public marketing pages only)
- Page views to Meta as domain-only — never which page was visited
- Conversions: leads, booking clicks, phone clicks — the signal ad delivery needs
- Ad-click IDs (gclid / fbclid) on conversions, so campaigns keep attributing
- A random first-party ID so sessions count correctly — never tied to a person
- IP addresses, device fingerprints, third-party cookies
- Names, emails, phone numbers — hashed or not
- Page URLs to Meta, form contents, anything typed by a visitor
- Anything from patient portals, intake, scheduling or confirmation pages
- Health-condition terms — pages mentioning them are suppressed entirely
The relay only forwards what it can prove is safe. A page it can't classify, a field it doesn't recognize, a URL carrying a condition term — all suppressed, automatically. Built around HIPAA Safe Harbor de-identification and the FTC's health-data enforcement pattern, and verified by an independent self-check on every single event before it leaves.
Pricing
Simple: one price per domain.
- De-identifying relay for GA4 + Meta Conversions API
- One-click Google Analytics & Facebook connection
- Automatic conversion detection — no developer needed
- Unlimited events
- Early adopters keep beta pricing perks
Questions
The honest answers.
Will my Meta ads still optimize without the pixel?
Yes — for what matters. Lead and appointment campaigns optimize on conversion events, which minusPHI delivers server-side with the ad-click ID attached, so attribution keeps working. What you give up is visitor retargeting, because that inherently requires handing Meta the browsing data this product exists to protect. Any vendor promising both is fudging one of them.
Do Google or Meta sign a BAA for this?
No — and with minusPHI they don't need to. A BAA is required when a vendor receives protected health information. The relay's job is to make sure they never do: events are de-identified before either company sees anything, and sensitive pages are suppressed entirely.
What happens on sensitive pages, like a patient portal?
Nothing is sent at all. Portals, intake forms, scheduling flows, confirmation pages, and any URL carrying a health-condition term are suppressed before forwarding — not scrubbed, simply never sent. You'll see marketing traffic in your analytics; nobody sees care activity.
Does it work with my website platform?
If you can paste one script tag — WordPress, Squarespace, Wix, Webflow, custom — it works. There's nothing to install server-side and no developer required. Conversions like phone clicks, Calendly/Zocdoc bookings and contact forms are detected automatically.
Is this legal advice or a compliance guarantee?
No. minusPHI is engineering: it controls exactly what data leaves your site, using allow-lists and de-identification aligned with HIPAA Safe Harbor. Your compliance program is still yours — we just make the tracking-pixel part of it defensible instead of dangerous.
Your ads keep learning. Your patients stay private.
Start free — connect in 5 minutesFree during beta · No credit card