Url shortening + hipaa?

Does anyone know of a HIPAA compliant URL shortening service? (e.g. bit.ly)

Ooof - PHI in your URLs?

URLs that point to locations that contain PHI …does that require a BAA?

Can you give an example? (make it up)

Sure: a Verification URL (includes a token) that will ultimately redirect to a page containing PHI, i.e. patient name & provider name.

Ok, so anyone who hits the link will see that PHI?


That’s tricky. There are a few open source shorteners, you might self-host

Thanks, that’s what we’re considering at this point :disappointed: