The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) on July 20 sent a letter to approximately 130 health systems and telehealth providers emphasizing the privacy and security risks associated with the use of online tracking technologies.
In the letter, the agencies highlight that online tracking technologies used on health care provider websites can send information to third parties that track and gather sensitive user information. The agencies reminded health care providers of their obligation under HIPAA to protect health data from unauthorized disclosure under the law. In 2022, OCR released guidance about the use of online tracking technologies by HIPAA-regulated entities and provided a general overview of how the HIPAA rules apply.
“Although online tracking technologies can be used for beneficial purposes, patients and others should not have to sacrifice the privacy of their health information when using a hospital’s website,” said OCR Director Melanie Fontes Rainer. “OCR continues to be concerned about impermissible disclosures of health information to third parties and will use all of its resources to address this issue.”
The agencies urge health care providers that use online tracking technologies to review their practices and ensure they comply with HIPAA laws to protect the privacy and security of individuals’ health information.
Contact Director of Policy Rob Nelb, MPH, at rnelb@essentialhospitals.org or 202.585.0127 with questions.