HHS OCR, and the Federal Trade Commission (FTC) have jointly issued new warnings to hospitals and Telehealth providers regarding the use of online tracking technologies on their websites or mobile apps. These technologies, such as Google Analytics and Meta Pixel, may violate HIPAA requirements by disclosing sensitive patient data to unauthorized third parties.

Online tracking pixels collect and analyze user interactions with websites and apps, but they can also send information to third-party developers and continue tracking users even after they leave the original site.

OCR Director, Melanie Fontes Rainer, said that “although online tracking technologies can be used for beneficial purposes, patients and others should not have to sacrifice the privacy of their health information when using a hospital’s website.”

The OCR had previously issued a bulletin reminding covered entities of their responsibilities to protect health data, and they confirmed ongoing investigations to ensure compliance with HIPAA. The FTC has also taken enforcement actions and provided guidance to companies to monitor the flow of health information to third parties using tracking technologies integrated into websites and apps.

The message from these agencies is clear: healthcare professionals should be careful when using online tracking technologies to avoid a potential breach or the misuse or exploitation of PHI.

If you haven’t checked your website for data-gathering pixels yet, you should. It’s especially important to secure and protect pages where patients or staff may be entering information such as patients’ and providers’ names, diagnoses, and visit details

In many of  our blog posts we talk about the latest changes in technical threats and cybersecurity. It’s important for you and your team to be aware of new and emerging threats as you prepare to conduct your HIPAA Security Risk Assessment. A complete SRA must include administrative, physical, and technical safeguards that are in place to protect PHI. 

The Medcurity HIPAA compliance platform offers the most intuitive HIPAA compliance tools and resources for healthcare providers and business associates. In order to facilitate and streamline HIPAA compliance in the healthcare industry, Medcurity offers a robust set of tools and features to help organizations ensure that they are meeting the necessary requirements to safeguard patient data and maintain regulatory compliance. Here are some key aspects of the Medcurity platform:

  • Security Risk Assessment: Medcurity provides a comprehensive risk assessment process that helps organizations identify potential vulnerabilities in their systems and processes. This assessment is essential for understanding where data breaches or non-compliance might occur.
  • Policy and Procedure Management: Medcurity enables organizations to develop, manage, and distribute policies and procedures that align with HIPAA regulations. These policies serve as a foundation for ensuring employees are aware of the standards and practices required to maintain compliance.
  • Training and Education: The platform offers training modules and resources to educate staff members about HIPAA regulations, best practices, and the importance of data security. Well-informed employees are better equipped to handle patient information appropriately and reduce the risk of breaches.
  • Vendor Management: Healthcare organizations often work with various vendors who have access to patient data. Medcurity assists in assessing the compliance status of these vendors and managing their agreements to ensure they also adhere to HIPAA regulations.

In an increasingly digital and interconnected healthcare landscape, protecting patient information is critical. The Medcurity HIPAA compliance platform plays a vital role in helping healthcare organizations navigate the complex landscape of HIPAA regulations, ensuring that they meet the necessary standards to safeguard patient data and maintain the trust of their patients.

If you have questions about how to ensure your organization is HIPAA compliant, reach out to our team at Medcurity. We’re here to bring clarity and confidence to HIPAA compliance, so that you can focus on providing the best patient care!