This evaluation should address whether tracking technologies are in use on websites or mobile applications that access PHI or user health data. Given the increasing scrutiny of online tracking technologies, healthcare entities should evaluate if and how they are using these tools. The Markup, a nonprofit tech-focused newsroom, has published reports examining the use of a tracking tool called the Meta Pixel on hospital websites and telehealth platforms. The use of online tracking technology by healthcare entities has also attracted media attention. The letter also follows a December 2022 OCR bulletin cautioning entities covered by HIPAA about the risks of impermissible disclosures of PHI associated with the use of online tracking technologies. The FTC has also alleged that a company’s failure to notify its users of unauthorized disclosures of the users’ identifiable health information to third-party advertising companies and platforms constitutes a violation of the FTC’s Health Breach Notification Rule. In these cases, the FTC has alleged that it is a violation of Section 5 of the FTC Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce,” when a company makes unauthorized disclosures of users’ personal health information to advertisers or other third parties despite representing to its users that it would not make such disclosures. It comes on the heels of recent FTC enforcement actions against BetterHelp, GoodRx, and Premom related to the disclosure of user health data gathered by online tracking technologies to third parties for targeted advertising. The letter is the latest indicator that the use of online tracking technologies by healthcare industry participants is an enforcement priority of the FTC and OCR. It also cautions that the disclosure of a consumer’s health information obtained using online tracking technologies without the consumer’s authorization can, in some circumstances, violate the FTC Act and constitute a breach of security under the FTC’s Health Breach Notification Rule. , a covered entity or business associate) collects through tracking technologies or discloses to third parties, such as tracking technology vendors, includes protected health information (PHI). The letter warns that the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules apply when the information that a regulated entity (i.e. The FTC and OCR’s letter focuses on the use of tracking pixels and other online tracking technologies offered by companies such as Meta and Google that can track a user’s online activities. Department of Health and Human Services Office of Civil Rights (OCR) sent a joint letter to approximately 130 hospital systems and telehealth providers raising concerns about privacy and security risks associated with certain online tracking technologies. In July 2023, the Federal Trade Commission (FTC) and the U.S.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |