Blue Trust
Knowledge CenterQuick Reference

Quick Reference.

Single-screen primers a practice administrator can read in five minutes. Every piece anchors on a dollar amount, a court, or a deadline — the artifacts a sales rep pastes into an outbound email or attaches to an RFP.

7 articles

Quick Reference

The 5 ways your hospital's website is probably leaking patient information right now

The five HIPAA leaks we find most often on healthcare sites — each tied to a settlement in the last three years, several into the eight figures.

5 min readRead

Quick Reference

BAA-required vendors most healthcare practices forget about

The vendors most practices forget. Mailchimp, Calendly, Clarity, Hotjar, Zoom standard, Slack standard, Notion, JotForm, Typeform — none include a BAA on their default plan.

6 min readRead

Quick Reference

What to do in the first 30 days after finding tracking pixels on your healthcare website

A 30-day playbook for the moment you find a tracking pixel. Document, get counsel, scope the disclosure, remove, audit governance — before OCR moves the tier from "corrected" to "not corrected."

6 min readRead

Tracking & Pixels

Meta Pixel and HIPAA, in plain English

The Meta Pixel sends visitor data to Facebook. On a healthcare site, that can be a HIPAA violation — and over 660 U.S. hospitals are already named in the federal MDL.

6 min readRead

Foundations

What counts as PHI on your website

Protected health information isn't only the chart. OCR treats an IP plus a clinical-context URL as PHI — and a 2024 court ruling narrowed it less than most marketing teams realize.

5 min readRead

Foundations

HIPAA penalty tiers, and how OCR decides what to fine you

The four-tier penalty structure under 45 CFR §160.404. From $137 per violation to $2.13M per year — and the three things that decide which tier OCR puts you in.

6 min readRead

Web Security

Section 1557 of the ACA, and the May 2026 healthcare website accessibility deadline

The first federal accessibility deadline specific to healthcare. WCAG 2.1 AA, May 11, 2026 for large entities — and most healthcare sites built before 2024 won't pass.

6 min readRead

See your own posture

Find what’s on your practice’s public surface in 60 seconds.

No script to install, no credentials to share. The same external scan an underwriter or plaintiff firm runs.

Browse all pillars