Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. The Escalating Concern Around Tracking Technologies
In the modern digital age, healthcare professionals and organizations face an evolving landscape of opportunities and challenges. Among the most discussed issues is the use of online tracking technologies in the healthcare sector. Notably, the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR), and Federal Trade Commission (FTC) have issued warnings about the potential privacy and security risks these technologies present.
Now that several in-depth US federal investigations have proven the realities of previously unthinkable, senators and federal agencies have stepped in to clarify the issues and issue clear warnings to clinicians and their organizations. This article will summarize these events and explain the federal government’s recent actions.
Unpacking the Function of Tracking Technologies
Tracking technologies are commonly used to collect and analyze how users interact with websites or mobile apps. This data aids healthcare providers in refining their services and enhancing user experience. However, the use of these technologies can also have unintended consequences. Particularly concerning is that some tracking technologies, often developed by third parties, may continue to gather and relay user PHI to these marketing websites even after users have left the original website.
Since January, Telehealth.org readers will have noted several articles devoted to the topic. See BetterHelp Investigation by FTC & Privacy Update by DOJ. An earlier Telehealth.org report described a research study naming 50 top telehealth platforms potentially using tracking technologies to share protected health information (PHI) with Google, Amazon, and Facebook for marketing purposes. See Some Telehealth Platforms Are Tracking Sensitive Patient Data: Are They Violating HIPAA? for details.
Upholding Privacy and Security Standards with Tracking Technologies
The OCR administrates and enforces the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. These rules set forth the minimum standards for safeguarding identifiable health information. Parallel to this, the FTC is tasked with protecting the public from deceptive or unfair business practices, emphasizing the criticality of preserving patient privacy in the era of tracking technologies.
Assessing the Influence of Tracking Technologies on Patient Privacy
Melanie Fontes Rainer, the OCR Director, has been outspoken about balancing the potential benefits of tracking technologies with preserving patient privacy. Her office is dedicated to enforcing HIPAA and tackling concerns over improper disclosures of health information to third parties.
Similarly, Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, insists that when patients visit a hospital’s website or use telehealth services, they should be able to trust in the privacy of their health information.
Regulatory Directives and Enforcement Regarding Tracking Technologies
The OCR and FTC jointly issued a letter to approximately 130 hospital systems and telehealth providers to underscore their concerns. Downloadable from the FTC website announcement, the letter highlighted the potential risks associated with specific technologies such as Meta/Facebook pixel and Google Analytics. These tracking technologies can trace a user’s online activities, often without explicit knowledge.
Sending their warning to hospital systems and providers is particularly noteworthy, given the research article reported by Telehealth.org on May 1, describing the study by researchers Friedman and colleagues. It concluded that 98.6% of the 6,162 hospital websites analyzed actively used pixel-tracking software. The OCR is now conducting nationwide investigations to ensure compliance.
Tracking Technologies: The Implications for Non-HIPAA Entities
Although many companies had successfully avoided legal action related to the sharing of PHI due to their lack of “covered entity” status, the OCR and FTC’s positions have now officially shifted. The obligation to safeguard against unauthorized disclosure of personal health information extends to business entities not covered by HIPAA.
Recent FTC enforcement actions against startup companies such as BetterHelp, GoodRx, and Premom have reinforced this new stance. The FTC now expects all entities to monitor the flow of health information to third parties, mainly when such information is gathered through tracking technologies.
Ensuring Health Information Protection in Light of Tracking Technologies
The shifting digital landscape requires healthcare professionals and organizations to understand and comply with all federal and state privacy laws associated with their websites and other digital services. Protecting both PHI and consumer trust is becoming increasingly urgent. Practitioners and organizations needing basic HIPAA and additional essential legal professional development can conveniently earn CMEs and CEs at Telehealth.org.
Stay tuned to the telehealth.org newsletters for telehealth and technology news updates. The OCR encourages anyone concerned about potential violations to file a complaint here.
Therapist AI & ChatGPT: How to Use Legally & Ethically
Immerse yourself in our highly-engaging eLearning program and delve into the uncharted territory of Artificial Intelligence (AI) in Behavioral Healthcare!
Essential Telehealth Law & Ethical Issues
Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!
Advanced Telehealth Regulations & Ethical Issues: Best Practices & Informed Consent
Essentials of practice guidelines published by the leading professional associations, explained with a focus on what-to-do rather than theory that leaves you empty-handed.
Telehealth Law & Ethical Course Bundle
This Telehealth Legal & Ethical Course Bundle provides the most important risk management and telehealth compliance training available anywhere to help meed telehealth, regardless of the size of your telehealth services.
