Is Google Analytics 4 HIPAA Compliant?

Google Analytics 4, or GA4, has fully replaced the Universal Analytics version most of us used for years. While it might look and feel completely different, this isn't just a simple design update, it's a fundamental shift in how we measure website and app performance. This guide breaks down exactly what GA4 is, how it differs from its predecessor, and how you can start making sense of its powerful new features.

What is GA4? A New Approach to Analytics

At its core, Google Analytics 4 is a new kind of analytics platform designed for the modern, multi-device customer journey. The old way of tracking focused on "sessions" and "pageviews," concepts rooted in a time when people used one device - a desktop computer - to browse the web. GA4 throws that model out. Instead, it’s built around users and events.

This event-based model makes GA4 more flexible, more scalable, and better equipped to handle how users interact with businesses today - across websites, mobile apps, and other digital touchpoints. It also introduces privacy-centric features and machine learning-powered insights to help you understand your audience better and predict future actions, even with less data.

The Biggest Change: It’s All About Events, Not Sessions

If you take away just one thing about GA4, let it be this: everything is now an event. In Universal Analytics (UA), we had different "hit types" - pageviews, events, transactions, social interactions, etc. They were all distinct categories used to measure different things.

In GA4, that distinction is gone. A pageview is an event. The start of a session is an event. A button click is an event. A form submission is an event. A purchase is an event. This unified model simplifies measurement by treating every user interaction, big or small, as a trackable "event."

Imagine reading a book. Universal Analytics was like counting how many times someone opened the book (sessions) and which chapters they read (pageviews). GA4 is like tracking every single action: opening the book (session_start), reading a page (page_view), highlighting a sentence (custom event), folding a corner (custom event), and finishing the book (purchase). This gives you a much richer, more detailed picture of how people are actually engaging with your content.

GA4 vs. Universal Analytics: The Key Differences

For anyone who spent years in Universal Analytics, the move to GA4 can feel jarring. Many familiar reports are gone, and a lot of metrics have changed. Here are the most significant differences you need to know.

Event-Based Model vs. Session-Based Model

We've already touched on this, but it’s the root of every other change. UA's session-based model grouped all user activity within a specific timeframe (e.g., 30 minutes). GA4's event-based model captures each interaction independently. This gives you more granular data and makes it possible to track nuanced user journeys that aren't defined by simple sessions.

Unified Web + App Tracking

Universal Analytics was built for websites. A separate platform, Google Analytics for Firebase, was built for mobile apps. Tying data together from both was a complicated, manual process. GA4 solves this by having a single property where you can collect and analyze data from your website and your iOS/Android apps in one place. This allows you to see the complete customer journey, like a user discovering you on their phone app and later making a purchase on their computer.

Engagement Rate Replaces Bounce Rate

The "Bounce Rate" metric is officially gone in GA4, and it's been replaced by "Engagement Rate" and "Engaged Sessions." A bounce in UA was a session with only a single pageview - a metric that was often misleading. Did the user leave because the page was bad, or did they find the answer they needed and leave happy?

An "Engaged Session" in GA4 is far more intelligent. It’s counted when a user does one of the following:

• Stays on your site or app for longer than 10 seconds (this is customizable).
• Fires a conversion event.
• Has 2 or more page views.

Engagement Rate is simply the percentage of sessions that were engaged. It's a much more positive and insightful metric, focusing on the quality of interactions rather than just tallying quick exits.

Privacy-First Measurement

GA4 was built in response to a changing digital landscape with more privacy regulations (like GDPR and CCPA) and less reliance on cookies. It offers functionalities that allow for measurement without collecting personally identifiable information. Features are being developed to use machine learning to fill in data gaps that occur when users opt out of cookie tracking, helping you maintain a clear picture of performance while respecting user privacy.

Flexible Reporting with "Explorations"

Universal Analytics had over 100 pre-built reports. It was comprehensive but also rigid. GA4 simplifies the standard reports into a few key dashboards (Acquisition, Engagement, Monetization, etc.) and moves the powerful analysis tools into a section called Explore.

This is where you build your own custom reports using a drag-and-drop interface. You can create funnel visualizations, path analyses to see what users do before and after an event, and free-form tables that look a lot like pivot tables. It requires more setup but offers infinitely more flexibility to answer the specific questions your business has.

Understanding the Types of Events in GA4

Since your entire tracking strategy now revolves around events, it's important to know the four different types you'll be working with.

1. Automatically Collected Events

These are events that GA4 collects by default as soon as you install the tracking code. No extra action is needed on your part. Examples include:

• session_start: Fires when a user begins a new session.
• first_visit: Fires the first time a user visits your website or app.
• user_engagement: Fires periodically while your site is in the foreground.

2. Enhanced Measurement Events

This is one of GA4's best features for marketers. With the flip of a switch in your settings, GA4 can automatically track common interactions that used to require custom code. These include:

• Scrolls (scroll): Tracks when a user scrolls 90% of the way down a page.
• Outbound Clicks (click): Tracks clicks on links that lead away from your domain.
• Site Search (view_search_results): Tracks when a user performs a search on your website.
• Video Engagement (video_start, video_progress, video_complete): Tracks interaction with embedded YouTube videos.
• File Downloads (file_download): Tracks clicks on links for common file types like PDFs, documents, etc.

3. Recommended Events

Google provides a list of recommended events with predefined naming conventions for common business scenarios across different industries (like e-commerce, gaming, or travel). Using these names allows you to tap into existing GA4 knowledge and future reporting features.

For example, if you run an online store, Google recommends using events like:

• add_to_cart
• begin_checkout
• purchase

Sticking to these standards makes your data clearer for everyone and unlocks more powerful 'Monetization' reports.

4. Custom Events

If there's an interaction you want to track that isn't covered by the three categories above, you can create your own custom event. This is for tracking actions unique to your business, such as clicking a "Request a Demo" button, completing a specific form, or interacting with a pricing calculator. You name the event yourself (e.g., demo_request_submitted) and can send along custom parameters for more detail.

Final Thoughts

Google Analytics 4 is a significant evolution. It represents a smarter, more flexible analytics framework designed around the user - not the session - and provides a more integrated view of performance across websites and apps. While the learning curve can be steep, embracing its event-based model and custom explorations will ultimately give you deeper insights into your audience.

Mastering a brand-new analytics platform overnight is a tall order, especially when you have campaigns to run and reports due. We believe you shouldn't have to become a data specialist just to find answers in your own data. That's why we built Graphed to connect directly to your Google Analytics 4 account and let you build the exact dashboards you need using simple, natural language. Instead of fighting with the 'Explore' reports, you can just ask for "a line chart showing sessions and new users by source for the last 90 days," and get a live, real-time dashboard in seconds.