Healthcare Tracking Compliance

Navigating Healthcare Analytics Tracking HIPAA


Ensure your company's web analytics meets HIPAA compliance.

The U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR), which enforces the Health Insurance Portability and Accountability Act (HIPAA), has issued a bulletin (Dec 2022) on the use of third-party cookies, pixels, and other tracking technology by healthcare companies.

This comes as a result of a growing number of class action lawsuits concerning healthcare companies and tracking technology. Most recently lawsuits around META.

The bulletin sets regulatory expectations for website and mobile app development for a wide range of companies subject to HIPAA-Covered Entities (hospitals, physician groups, health insurance plans, pharmacies, and others).

Graphic with text written, Work with your privacy and security departments to assess and mitigate risk.


Healthcare companies should be prepared to perform a risk-based assessment of their use of third-party tracking technology to determine Protected Health Information (PHI) is properly secured.

In addition, they should work with their privacy and security departments to assess and mitigate ongoing risk as well as reassess their strategy with respect to third-party tracking.

While we’re unable to give legal advice, Hero Digital’s Healthcare Tracking Compliance Report outlines potential risks and possible solutions to ensure that your company’s web analytics meets HIPAA compliance.

Related Resources

Related Resources

Scroll to Top