PII/ePHI for heat/click maps


We are a healthcare app and display patient information.
If I enable heat or click maps, will Piwik end up collecting PII/ePHI data?


hi @chaitanya! For Piwik PRO heatmaps/clickmaps, the data collected consists of unique JS paths for the elements clicked - you can see it in custom events report.

So basically, my answer is “no” but you have to consider whether maybe your code wouldn’t create such situations, for example if you have an element that is identified with some descriptive IDs or classes like, I don’t know, maybe some button for your brain scans can include some label like “#open_brain_scan” and then we could imagine this could be more specific… then this can be an issue.

The labels of clicked elements are not collected so you’re safe on front of people clicking some descriptive items like their name/surname or descriptions related to their health.

1 Like

Thank you, that is helpful. Through collected JS paths, we won’t be creating situations where we inadvertently log PII/ePHI.

1 Like

To add on top of what gonerator said, you might also verify whether things such as page URLs would be considered PHI/PII by your legal department or DPO. Every event in Piwik PRO includes the page URL on which this event happened, so perhaps there are certain sections of your app that expose such information in the URL (e.g. https://example.com/surgeries/cataract-surgery).

1 Like

good point! I forgot about most obvious thing which are URLs :smiley: FYI @chaitanya