Dan Rushton
CARTO Contributors
Dan Rushton
·
May 14, 2020
Dan Rushton
Dan Rushton
and
CARTO Contributor
·
May 14, 2020
Dan Rushton
Dan Rushton
,
and
·
May 14, 2020

HIPAA Compliance in Geospatial Healthcare Analytics

Use cases
4
mins read

Summary

Read how HIPAA compliance is maintained across the CARTO platform & about key use cases for customers working in the healthcare space.

This post may describe functionality for an old version of CARTO. Find out about the latest and cloud-native version here.
HIPAA Compliance in Geospatial Healthcare Analytics

Location Intelligence and Spatial Analysis is more and more frequently being leveraged by companies and organizations working in healthcare. In fact the healthcare industry is one of the areas where Location Intelligence technologies are actively being put to use in saving lives.

For example a city Department of Health may use Location Intelligence to assess coverage gaps optimize routes for emergency response and put plans into place to reach at risk citizens during a crisis. A hospital system may use analysis to inform budgeting and expansion plans as well as outreach and geomarketing. Like in many industries the benefits of analyzing location data are countless.

But often these organizations will be working with data that falls under HIPAA's Privacy Rule and they therefore must be compliant. Luckily Spatial Data Science best practices always involve processes for anonymization and aggregation. In fact not performing common operations for aggregation can make insights less accurate and more anecdotal.

What is HIPAA Compliance

HIPAA or the Health Insurance Portability and Accountability Act was legislation passed by the US Federal Government in 1996. In addition to serving as a way of streamlining the flow of data in the healthcare industry HIPAA also directly addresses data security. The legislation refers specifically to Personally Identifiable Information maintained by the healthcare and health insurance industries and how that data must be secured to help prevent instances of fraud identity theft and abuse.

HIPAA compliance directly protects data that they classify as falling under any one of the following 18 identifiers:

  1. Patient names
  2. Geographical elements (such as a street address city county or zip code)
  3. Dates related to the health or identity of individuals (including birthdates date of admission date of discharge date of death or exact age of a patient older than 89)
  4. Telephone numbers
  5. Fax numbers
  6. Email addresses
  7. Social security numbers
  8. Medical record numbers
  9. Health insurance beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers
  13. Device attributes or serial numbers
  14. Digital identifiers such as website URLs
  15. IP addresses
  16. Biometric elements including finger retinal and voiceprints
  17. Full face photographic images
  18. Other identifying numbers or codes

The Challenge with HIPAA Compliance and Geocoding

After reviewing the 18 protected identifiers above it’s easy to see why using health information in spatial analysis can be a challenge.

With geocoding specifically there are two schools of thought. Some organizations interpret the legislation in that if the electronic protected health information (ePHI) such as address is removed from other identifiable information such as health status it is had been “deidentified” and is no longer a restricted ePHI under HIPAA. Other organizations believe that address data is always a protected data type under HIPAA and deidentification is therefore impossible. As HIPAA has some flexibility in the interpretation it is up to the organization to determine how they can geocode their data while remaining compliant.

HIPAA Compliance and CARTO

In order to maintain HIPAA compliance the only data that is sent to CARTO's geocoding provider is the address string column. For example to geocode '123 Main Street New York NY 10001' that is the only text that will be sent to the geocoding provider and the only thing that will be received by CARTO is the geocoding accuracy data and the geometry (lat/lng).

Based on this process it is unlikely that any individual can be re-identified with any degree of certainty just via this standalone location information (lat/lon) without any link to end-users or additional data. This qualifies as de-identification and meets the requirements set forth in the Privacy Rule.

CARTO also has offices and customers within the European Union and as a result ensures strict compliance to GDPR in regards to all personal and personally identifying data. The previous example of standalone address data is not considered personal information and falls outside the scope of GDPR. While HIPAA and GDPR differ the removal of additional personally identifying and patient information as well as the encryption processes described above have allowed our customers to use CARTO on-premises and LDS services successfully.

Key Use Cases

Social Determinant of Health Analysis

Seeking an understanding of resident health based on the social factors within a neighborhood is not a new concept. But efforts to do so have long been overly simplistic with analysis that largely explores only common factors such as poverty education and minority status.

In a recent study “Quantification of Neighborhood-Level Social Determinants of Health in the Continental United States ” Marynia Kolak from the Center for Spatial Data Science at the University of Chicago and colleagues from the Center for Health Innovation at the American Hospital Association sought out a deeper understanding of the social factors that determine health outcomes in the US.Read more about the study in our recent blog post.

Healthcare Access Analysis

Gaining spatial context on patients allows public & private healthcare systems to optimize resource allocation & provide superior services. Spatial analysis allows your organization to identify which location-factors may be the root cause of certain health problems allowing you to improve outreach services & intervention with a more detailed picture of healthcare access.

Medical Site Selection

Whether it's hospitals primary care residential homes or dental clinics selecting optimal locations to serve citizens & clients is fundamental to ensure quality service & profitability. By using spatial analysis with new data streams to enrich Open Data & your existing CRM data you will be able to monitor consolidate & expand effectively - avoiding expensive site selection mistakes.

Animation showing Medical Site Selection Tool


For many of CARTO's customers working in the healthcare space maintaining HIPAA compliance is critical. These clients are often using our on-premises solution as well as third party Location Data Services.

Given our experience in the Healthcare and Insurance verticals CARTO is able to advise on which is the best option for your projects. No matter which is the right fit for your organization CARTO is able to provide a solution.

Want to find out more?

Visit our Healthcare Analytics page

What divides the U.S.? The 2016 Presidential Election Visualized
Data Through Design Opening Reception: Kicking-Off NYC Open Data Week 2018 in Style
80 Data Visualization Examples Using Location Data and Maps
How our solutions team engineered WaterHack 2018
Who is who at CARTO’s Design Team
CARTO 2018: Our Year In Review
Using Location Data to Identify Communities in Williamsburg, NY
Patching Plain PostgreSQL for Parallel PostGIS Plans
Mapping the Impact of Madrid's Line 5 Shutdown
What We Learned About Open-Source Geospatial Technology at FOSS4G
4 Ways Data Enrichment Can Improve Your Raw Business Data
COPY'ing with the Python SDK
How to use CARTO.js with React
Location Intelligence conferences to attend this spring
Global Partnership: Democratizing Data & Location Intelligence for Development
Why spatial analysis is key to ending pharmacy deserts and the opioid epidemic
Using Spatial Interaction Models to Predict Behaviors
4 solutions to common problems when making location data maps
3 Internet of Things (IoT) Location Trends in 2018
Survivalists & Selectionists: How CPGs Understand Demographic Divides Through Location
CARTO's Use of Foreign Data Wrappers
Predicting Collisions in NYC with New Data Streams and Spatial Analysis
Design Principles for Making Maps on the Web
40 Brilliant Open Data Projects Preparing Smart Cities for 2018
Three Ways Retailers Increase Revenue with Location Intelligence
How Location Data is Helping Solve Water Insecurity
Mapping City Data Shows Link Between Redlining and Foreclosures
Celebrate Earth Day with Resource Watch
Bulk CARTO Import Using COPY
The Dreamforce 2017 Sessions We're Most Excited About
Airship: A New Front-End Library for Location Intelligence Apps
Drive Omnichannel Retail Success with Location Intelligence and New Data Streams
Working with CARTO VL
The 4 Types of Analytics Shaping Location Data Today
Discover Location Intelligence with CARTO at MWC 2018
4 Simple Steps Enigma Took to Turn Public Data into Insight
Introducing CARTO SalesQuest: Location-Based Sales Analytics
3 Ways Maps Can Transform Your Digital Marketing Campaigns
An update on MVT encoders
The Best Conferences for Location Intelligence in 2017
7 Maps Deriving New Insight From Mobile Data
Map of the Month: City Health Dashboard
How to Use Location Intelligence for Civic and Social Good
3 Spatial Data Science Trends to Watch in 2018
Designer’s table. How a lunch became the Design team’s signature
Creative Maps Made with the New CARTO.js 4.0
Real-time updated map of addresses inside LA wildfires perimeter
Build A Clicks-to-Bricks Strategy Using Spatial Data Science
Harness the Power of Vector with CARTO VL
A Better Approach to Sales Territory Management Using Spatial Clustering
How Vodafone & CARTO are providing Location Insights at MTV Music Week Bizkaia
Mark your calendars for CARTO’s Spatial Data Science Conference 2018
How to Use Spatial Analysis In Your Site Planning Process
6 industry leaders on the state of Location Intelligence today
12 Maps That Tell the Story of 2017
Mobile Data 101: 15 Questions to Answer Using Mobile Data
Sneak Preview: CARTO Locations Madrid
Q&A: A Look at NYC's Open Data Approach with Mayor's Senior Project Manager
Get Smarter About Retail Site Monitoring
Data Viz Hacks We Learned While Mapping Drought Data
Happy PostGIS day!
Opportunity Zones in the Wake of Amazon HQ2
What Online Retailers Can Learn by Mapping Sales Data
A Really Good Guide on Location Intelligence Implementation
Our Game of Thrones Basemap is here to unite the Seven Kingdoms
The Future of Location Intelligence
Map of the Month: Pi Project - Connecting the World Through Art
Introducing CARTOframes: A Python Interface for CARTO
This map shows the communities most vulnerable to Hurricane Irma
Using Mapbox Vector Tiles in CARTO for Maps & Location Apps
Lessons Learned from Analyzing Over a Million Points of GPS Data
California Wildfire Maps: How fires and smoke are spreading
Driving down distribution costs with Location Intelligence
Meet the growing demand for senior care facilities with a modern site planning approach
CARTO in QGIS using OGR
Map of the Month: Where Are All The New Houses
From clicks to bricks: the ecommerce companies who reverse engineered Site Selection
How Insurance Uses Location Data to Prepare for Natural Disasters
3 Retailers Proving Brick and Mortar Isn't Dead
Compete on Convenience: Profitable Retail Delivery
Building A Real Estate Investment Strategy With Location Intelligence
CARTO brings geospatial data and analytics to Salesforce Einstein Analytics
Of The Most Clicked Location Intelligence Stories of 2018
What We Learned At NACIS 2017
Visualizing the Olympics: Top Maps and Data Visualizations from Pyeongchang
4 Powerful Historical Maps Every Data Analyst Should Know
A new look for Positron and Dark Matter basemaps
The Biggest Data Trends for Outdoor Advertising in 2017
Map of the Month: World Refugee Day
The Quantified City: A Closer Look at Chicago's Array of Things
What You May Have Missed at CARTO Locations Madrid
Map of the Month: Seattle Poetic Grid
Map of the Month: Landmine Removal in Nagorno-Karabakh
MVT generation: Mapnik vs PostGIS
Modernizing Catchment Areas With Human Mobility Data
How Entrepreneurs are Using Open Data to Start Businesses
A SQL approach to graph coloring applied to maps
5 Skills Every Data Scientist Will Need For Their Job in 2018
Happy Birthday CARTOframes, CARTO's Python Interface
How BBVA is Understanding Cities by Analyzing Credit Card Data

Related Posts

Personalizing services with spatial analytics in Google Cloud
Helen McKenzie
Helen McKenzie
·
Jul 1, 2025
Helen McKenzie
Helen McKenzie
and
·
Jul 1, 2025
Helen McKenzie
Helen McKenzie
,
and
·
Jul 1, 2025

Personalizing services with spatial analytics in Google Cloud

Personalize services at scale with spatial analytics on Google Cloud. Learn how to boost ROI using CARTO for location-based insights.

Use cases
From selection to consolidation: 6 ways to optimize site planning
Helen McKenzie
Helen McKenzie
·
Jun 10, 2025
Helen McKenzie
Helen McKenzie
and
·
Jun 10, 2025
Helen McKenzie
Helen McKenzie
,
and
·
Jun 10, 2025

From selection to consolidation: 6 ways to optimize site planning

Optimize site planning with data, AI, and real-time insights. Discover 6 of the best strategies in this expert guide from CARTO.

Use cases
Telco dashboards: Turning accessible data into actionable insights
Gideon Singer
Gideon Singer
·
Mar 27, 2025
Gideon Singer
Gideon Singer
and
·
Mar 27, 2025
Gideon Singer
Gideon Singer
,
and
·
Mar 27, 2025

Telco dashboards: Turning accessible data into actionable insights

Discover how CARTO enhances data accessibility, empowering decision-makers with actionable insights to improve network access for senior citizens and communities.

Use cases