HIPAA & Tracking Technologies
Tracking technologies such as Google Analytics and Meta Pixel are designed to collect and analyze user data for online activity. The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) recently issued a notification regarding these and the obligation to HIPAA from the covered entities and business associates that use the technologies.
Why It Matters
The patient data that is shared by these entities is electronic protected health information (ePHI). And when ePHI is collected and transferred, it is covered by HIPAA. The process in which that information is tracked may be a violation of HIPAA rules and regulations. Therefore, it is impermissible to use tracking technology in any way that would result in the disclosure of the ePHI.
The bulletin that was issued addresses any tracking on web pages or within mobile apps. OCR Director Melanie Fontes Rainer said “Providers, health plans, and HIPAA-regulated entities, including technology platforms, must follow the law. This means considering the risks to patients’ health information when using tracking technologies”.
Details of the bulletin that was issued can be found here. Ensure that your healthcare business is following the rules and regulations of HIPAA and enforcing strong cybersecurity habits. HIPAA Secure Now is here to help with both. Contact us today to identify any gaps or risk factors that may expose you to security breaches or HIPAA violations.