Health care providers must be cautious when they use website tracking technology, especially when you consider federal regulation.
2024 Updated HHS/OCR [HIPAA] Guidance
- Clarification: Tracking technologies should not result in the disclosure of Protected Health Information (PHI).
- Non-Identifiable Information: It should be noted that connecting an IP address with a health-related webpage visit may not be considered PHI, if the data is unrelated to an individual’s health or health care.
Use of Tracking Technology
- Authenticated Webpages: If login information contains PHI, then tracking technology must comply with HIPAA privacy rules.
- Unauthenticated Webpages: Generally, this information does not contain PHI, unless the data is linked to identifiable information, with specific patient healthcare information, and in such cases, HIPAA applies.
- Mobile Apps: HIPAA rules apply to PHI disclosures regarding mobile apps from covered entities.
Non-Covered Entities
- Exclusions: HIPAA generally does not apply to non-health plans, non-health care clearinghouses, or non-health care providers. Other regulations, as set forth by the FTC, may apply.
Compliance Requirements
- HIPAA Rules: Disclosures of PHI must comply with privacy rules and then only the minimum necessary PHI should be disclosed.
- Transparency: The use of tracking technology should be disclosed in patient privacy statements.
- Business Associate Agreements: A BAA is required for vendors that handle PHI.
Steps for Compliance
- Assess Usage: Evaluate the parts of a website or apps that utilize tracking technology.
- Legal Compliance: Ensure that the process of collecting data complies with state and federal privacy laws.
- User Consent: The user could consent to the collection of their data.
- Vendor Contracts: Contracts with third-party vendors should be reviewed in order to ensure compliance.
- Breach Response: Conduct risk assessments and make the necessary disclosures if a data breach occurs.
By adhering to collection data guidelines, health care providers can protect themselves from governmental enforcement actions and lawsuits.
About Us
Oberman Law Firm represents clients in a wide range of practice areas, including private equity, M&A, healthcare, corporate transactions, intellectual property, data privacy and security, regulatory compliance and governance, cross-border transactions, labor and employment, construction law, litigation, private clients’ services, corporate restructuring, and white-collar and governmental disputes.
As a firm, we offer the highest quality legal advice coupled with extraordinary and tailored service to deliver exceptional results to our clients. Our philosophy is to invest deeply in the brightest legal talent and build dynamic teams that operate at the pinnacle of respective practice areas. We believe in empowering our attorneys, encouraging entrepreneurialism, operating ethically and with integrity, and collaborating to bring the very best to every client engagement. These principles have guided us in building extraordinary and successful long-term partnerships with our clients.
Author(s)
Stuart J. Oberman, Esq.
Stuart J. Oberman is the founder and President of Oberman Law Firm. Mr. Oberman graduated from Urbana University and received his law degree from John Marshall Law School. Mr. Oberman has been practicing law for over 30 years, and before going into private practice, Mr. Oberman was in-house counsel for a Fortune 500 Company.
Read More =>
