Navigating Healthcare Analytics Tracking HIPAA
The U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR), which enforces Health Insurance Portability and Accountability Act (HIPAA), has issued a bulletin (Dec 2022) on the use of third-party cookies, pixels, and other tracking technology by healthcare companies.
This comes as a result of a growing number of class action lawsuits concerning healthcare companies and tracking technology. Most recently lawsuits around META.
The bulletin sets regulatory expectations for website and mobile app development for a wide range of companies subject to HIPAA-Covered Entities (hospitals, physician groups, health insurance plans, pharmacies, and others).
Healthcare companies should be prepared to perform a risk-based assessment of their use of third-party tracking technology to determine Protected Health Information (PHI) is properly secured.
In addition, they should work with their privacy and security departments to assess and mitigate ongoing risk as well as reassess their strategy with respect to third-party tracking.
While we’re unable to give legal advice, Hero Digital’s Healthcare Tracking Compliance Report outlines potential risks and possible solutions to ensure that your company’s web analytics meets HIPAA compliance.