Does anyone know of a HIPAA compliant URL shortening service? (e.g. bit.ly)
Ooof - PHI in your URLs?
URLs that point to locations that contain PHI …does that require a BAA?
Can you give an example? (make it up)
Sure: a Verification URL (includes a token) that will ultimately redirect to a page containing PHI, i.e. patient name & provider name.
Ok, so anyone who hits the link will see that PHI?
correct
That’s tricky. There are a few open source shorteners, you might self-host
Thanks, that’s what we’re considering at this point 
Not sure if this is derailing as the question seems to have been answered, but what if the URL shortener obfuscates the ePHI from URL, and redirects to a page that does not contain explicit ePHI?