Google will not sign a BAA for Analytics. That has been true for years. But most healthcare organizations treated it as a manageable risk rather than an urgent one, especially after the June 2024 AHA v. Becerra ruling narrowed the definition of what counts as PHI on unauthenticated pages. Some marketing teams used that ruling as breathing room to stay on GA4 a little longer.
That breathing room is about to close.
On June 15, 2026, Google removes the Google Signals privacy control in GA4 and moves advertising data authority entirely to Consent Mode’s ad_storage parameter. Healthcare organizations that relied on disabling Google Signals as a partial safeguard will lose that option. The change is not optional and there is no workaround inside GA4.
Between that deadline, active FTC enforcement (BetterHelp paid $7.8M; Cerebral’s CEO was named personally in a consent decree), and state-level consumer health data laws now in effect across Washington, Nevada, Connecticut, and Virginia, the window for treating GA4 as “good enough” has closed. If you are still running GA4 on any property that handles or could reasonably handle PHI, you need a migration plan.
This article covers the realistic alternatives, what each one actually replaces about GA4, and what you give up in the trade.
What GA4 gave you that needs replacing
Before comparing alternatives, it helps to be specific about what GA4 actually does for a healthcare marketing team. Not everything needs a one-to-one replacement, and not every alternative covers all of it.
GA4 provides event-based web analytics with audience building, conversion tracking, path exploration, funnel visualization, and integration with Google Ads for bid optimization. For many healthcare marketing teams, it was also the default reporting layer: the place you went to check how campaigns were performing, which pages were getting traffic, and where visitors dropped off.
The Google Ads integration matters more than people realize. GA4 feeds audience and conversion data back to Google Ads, which uses it for automated bidding. Remove GA4 without replacing that signal, and your paid search campaigns lose their optimization data. Bids get dumber. Cost per acquisition goes up. This is the part of the migration that catches teams off guard.
So the question is not just “what replaces GA4 dashboards?” It is also “what replaces the data pipeline between my website and my ad platforms?”
Two architectures, two different trade-offs
Every GA4 alternative for healthcare falls into one of two camps. Understanding which camp a platform belongs to matters more than comparing feature lists.
Keep GA4 running and filter data through a proxy
The first approach does not actually remove GA4. Instead, it places a server-side proxy between your website and Google’s servers. The proxy intercepts data before it reaches GA4, strips anything that could constitute PHI, and forwards the cleaned events. You still use GA4 for reporting. You still get Google Ads integration. But the data that arrives in GA4 has been reduced.
The appeal is obvious: minimal disruption. Your team keeps the reporting interface they know. Google Ads keeps receiving conversion signals. The compliance layer handles the HIPAA problem.
The cost is data richness. Every field the proxy strips is a signal your team cannot use for analysis. Freshpaint’s own documentation acknowledges that strict parity with native GA4 is not achievable through a proxy architecture. You also now have two vendors to pay for (the proxy plus GA4), and your analytics are only as good as what survives the filtering.
Replace GA4 entirely with a HIPAA-aligned platform
The second approach removes GA4 from the stack. A different analytics platform collects data directly, stores it on HIPAA-aligned infrastructure, and handles reporting, campaign attribution, and (in some cases) ad platform integration from within its own environment.
The appeal: your data stays complete. Nothing gets stripped because there is no third-party destination that cannot handle PHI. You reduce vendor count instead of adding to it. If the replacement platform includes server-side conversion tracking, your ad platforms still get the signals they need for bid optimization.
The cost is migration effort. Your team learns a new interface. Historical data does not carry over (though GA4 data retention is limited anyway). Custom reports and saved explorations need rebuilding. Depending on the platform, the transition can take weeks of parallel running before you are confident enough to cut over.
The alternatives, evaluated honestly
Proxy-based: keep GA4 with a compliance layer
Freshpaint (freshpaint.io) is the most widely adopted proxy in healthcare. The company raised $46M, including a $30.7M Series B in July 2024, and claims more than 250 healthcare organization customers.
The core product intercepts tracking data server-side, strips PHI according to configurable rules, and forwards clean events to GA4, Google Ads, Meta, and other destinations. Freshpaint signs a BAA covering 100+ integrations. Since 2023, the company has expanded beyond pure proxy work into its own analytics dashboard (Freshpaint Insights), EHR-connected attribution that links ad clicks to attended appointments through Epic (Ad Performance), audience segmentation (Audiences), and consent management.
The EHR attribution is the feature worth paying attention to. Connecting an ad click to an actual attended appointment through EHR data is something no general-purpose analytics tool can do. For hospital marketing teams that need to prove patient acquisition rather than just report on clicks, this is a real differentiator.
Pricing is custom and not publicly listed. Total cost of ownership includes Freshpaint plus GA4 plus any other downstream tools in the stack.
Best fit: Healthcare organizations that need to move fast, want to keep their existing GA4 reporting setup, and are willing to accept reduced data richness in exchange for minimal disruption.
Honest trade-off: You are adding a vendor and a dependency, not simplifying your stack. The data your team works with has been filtered before they see it. And you are still dependent on GA4, which means you are still subject to whatever Google decides to change next.
Full GA4 replacements built for healthcare
LightTrail (lighttrail.com) was designed from the start to replace the entire compliance-plus-analytics stack for healthcare marketing teams. One product, one BAA, no proxy layer, no downstream GA4 dependency. First-party data collection on HIPAA-aligned infrastructure with analysis happening inside its own environment.
For teams migrating from GA4, the relevant capabilities are campaign attribution with full UTM tracking (nothing stripped), funnel reports with automatic bottleneck identification, retention cohort analysis, session replay with PII scrubbing, and visitor segmentation with real-time audience estimation. It also includes automated WCAG accessibility monitoring, which is not something you had in GA4 but is increasingly relevant given the Section 504 digital accessibility rule.
The ad platform integration is the part that directly replaces the GA4-to-Google-Ads pipeline. LightTrail’s Signals feature sends server-side conversion events to Google Ads through the Conversions API and to Meta through CAPI. A built-in test tool lets you verify that events are actually being received before you trust it for bid optimization. Centralized logging shows exactly what was sent and whether it landed. This is the piece that keeps your paid search from going blind when GA4 goes away.
The AI assistant, Norman, does something GA4 never did. It queries your live analytics data and generates full reports in plain English: executive summaries, trend analysis, drop-off diagnosis, anomaly detection, engagement pathway analysis, optimization recommendations. Six report types per user journey. Follow-up questions. PDF export. The difference between this and GA4’s Explore tool is the difference between asking a question and getting an answer versus building a custom query and interpreting the output yourself.
Role-based access with an audit trail. Full API. BAA with every customer.
Pricing is custom and not publicly listed.
Best fit: Healthcare organizations ready to fully replace GA4 with a single platform that was built for their industry, including the ad platform data pipeline.
Honest trade-off: This is a full migration, not a bolt-on. Your team learns a new interface. You lose GA4’s Explore tool and its particular way of slicing data. The AI layer compensates for a lot of that, but the transition period is real.
Full GA4 replacements (general-purpose)
Piwik PRO (piwik.pro) is the closest thing to a drop-in GA4 replacement. The interface was deliberately designed to mirror GA4’s reporting structure, which makes the learning curve shorter than almost any other option. The platform includes analytics, tag management, consent management, and a customer data platform.
Piwik PRO earned HIPAA certification in September 2024 through a SOC 2 Type II audit. Data sits on Microsoft Azure in US data centers, with a self-hosted option. Healthcare clients include Shepherd Center (40% increase in patient referrals after switching from GA4) and Rochester Regional Health, a 9-hospital system with 19,400 employees.
Business plan starts around $38/month. Enterprise plan (required for the BAA) starts around $400/month. Pricing as of May 2026 per piwik.pro/pricing. The relatively transparent pricing is unusual in this market and worth noting.
Best fit: Healthcare organizations that want the closest experience to GA4 under a BAA, with predictable pricing and a straightforward migration path.
Honest trade-off: It is a general-purpose analytics tool. No service-line reporting, no appointment attribution, no EHR connectors, no AI-generated insights. You get solid web analytics and privacy controls. You do not get healthcare-specific intelligence or the ad platform signal replacement that LightTrail and Freshpaint offer. If Google Ads bid optimization matters to your team, you will need to solve that conversion signal problem separately.
Matomo is open source and sometimes appears on GA4 alternative lists, but the cloud version is not HIPAA-compliant and Matomo will not sign a BAA. Self-hosted On-Premise is the only viable path, which means your IT team owns installation, database encryption, security hardening, patching, and ongoing maintenance. Total cost of ownership typically exceeds cloud alternatives once DevOps time is counted. Consider it only if you have a dedicated IT team and a hard requirement for full data sovereignty.
Enterprise-scale replacement
Adobe CJA + Healthcare Shield is for large healthcare organizations already embedded in the Adobe ecosystem. CJA connects web, mobile, call center, EHR, and CRM data into a unified view. Healthcare Shield is the paid add-on that enables BAA coverage, customer-managed encryption keys, and extended data governance.
Important: standard Adobe Analytics does not qualify for a BAA. Only CJA with Healthcare Shield is on Adobe’s HIPAA-Ready Services list.
Pricing is custom. Implementation typically requires a systems integrator, adding cost and months to the timeline. Adobe expanded the program in 2025 to cover “Health Data-Ready” use cases including state consumer health data laws like Washington’s My Health My Data Act.
Best fit: Hospital systems with 500+ beds, multiple facilities, existing Adobe investments, and the budget to support an SI-led implementation.
Honest trade-off: If you are evaluating this article because you are a 3-hospital marketing team trying to get off GA4, Adobe CJA is not your answer. The cost and implementation timeline are designed for organizations operating at a different scale.
Product analytics (different category, but worth mentioning)
PostHog, Mixpanel, and Amplitude all offer BAA support and are sometimes listed as GA4 alternatives. They are product analytics platforms built for software teams tracking user behavior inside applications. PostHog is open source with a free tier up to 1M events and BAA add-ons starting at $250/month. Mixpanel and Amplitude offer BAAs on their Enterprise plans at undisclosed pricing.
If you are a digital health company building a patient-facing app, these are worth evaluating. If you are a healthcare organization trying to replace GA4 for your marketing website, they are the wrong category. No campaign attribution. No healthcare-specific reporting. No ad platform integration.
The migration itself
Whichever platform you choose, a few things are true about every GA4 migration.
Historical data does not transfer cleanly. GA4 retains event data for 14 months on the standard tier, and export formats do not map neatly to other platforms. Accept that you are starting fresh on historical trends and plan accordingly.
Run both platforms in parallel for at least two to four weeks. You need overlap to validate that the new platform is capturing events correctly and that your numbers make sense relative to what GA4 was showing. They will not match exactly (different collection methods produce different counts), but they should be directionally consistent.
Fix your ad platform conversion signals before you turn GA4 off. This is the step that trips people up. If Google Ads is using GA4 conversions for bid optimization and you remove GA4 without replacing that signal, your campaigns degrade immediately. Make sure your replacement platform’s server-side conversion tracking is verified and delivering before you pull the plug.
Tag management needs attention. If you were using Google Tag Manager, your new platform may have its own tag management system (Piwik PRO and LightTrail both do) or you may need to reconfigure GTM to point at the new collection endpoint. Do not assume your existing tags will just work.
Regulatory context worth knowing
The AHA v. Becerra ruling in June 2024 narrowed one HIPAA trigger by finding that HHS overstepped when it treated IP addresses on unauthenticated public health pages as PHI. HHS dropped its appeal in August 2024. This ruling is sometimes misinterpreted as making GA4 safe for healthcare. It did not. It did not affect authenticated pages, did not change FTC enforcement, and did not override state privacy laws.
OCR closed over 40 enforcement actions across 2024 and 2025, totaling $6.6M, with risk analysis failures as the dominant finding. For 2026, OCR added tracking technology data flows on authenticated pages, 42 CFR Part 2 substance use disorder regulations, and parental access to minor children’s records to its enforcement priorities.
Washington’s My Health My Data Act has active class action litigation. Nevada, Connecticut, and Virginia have enacted similar protections. New York’s version passed the legislature but was vetoed in December 2025. The trend is toward more state-level enforcement, not less.
Choosing
The right GA4 alternative depends on what you are actually replacing.
If you are replacing dashboards and reporting, almost any platform on this list works. Piwik PRO gives you the most familiar interface. LightTrail gives you healthcare-specific intelligence. Adobe CJA gives you enterprise-scale data unification if you have the budget.
If you are replacing the data pipeline to your ad platforms, your options narrow. LightTrail’s Signals feature and Freshpaint’s server-side tracking both handle this. Piwik PRO and Matomo do not, which means you would need to solve that problem separately.
If you are replacing GA4’s role as the system of record for marketing performance, the question is whether you want a general-purpose tool or one built for healthcare. A general-purpose tool gives you web analytics. A healthcare-specific platform gives you service-line reporting, campaign-to-appointment attribution, and AI that understands your data in context.
Finding your starting point
If you need to replace GA4 dashboards with minimal disruption, start with Freshpaint (proxy) or Piwik PRO (full replacement).
If you need to replace GA4 plus the ad platform conversion pipeline, start with LightTrail or Freshpaint.
If you need to replace GA4 plus healthcare-specific analytics and AI, start with LightTrail.
If you need to replace GA4 within an existing Adobe ecosystem, start with Adobe CJA + Healthcare Shield.
If you need to replace GA4 for a patient-facing digital product, start with PostHog, Mixpanel, or Amplitude.
The June 15 Google Signals change is weeks away. If you have not started your migration, start now.
