New HHS bulletin clarifies when HIPAA may apply to the use of pixel trackers
The Biden administration has actually provided a publication cautioning that pixel trackers might come up against federal privacy law.
Health care organizations regulated under the HIPAA might use third-party tracking tools, such as Google Analytics or Meta Pixel, to carry out analysis on data secret to operations. What they can't do, nevertheless, is utilize these tools in such a way that might expose patients' protected health information to these suppliers, according to the bulletin from the Department of Health and Person Services' Office for Civil Liberty (OCR).
For instance, a healthcare company can not permit a third-party entity to gain access to secured data for marketing purposes without HIPAA-compliant approval from clients, OCR stated.
Facebook parent company Meta's Pixel has been the source of controversy in the market in current months as numerous health systems revealed the tool led client information to be shown several third-party companies. Supporter Aurora Health System, for example, exposed that sensitive health information on 3 million patients might have been compromised and shown vendors.
The tech giant's Pixel tool was discovered on the websites of about a 3rd of the nation's largest healthcare facilities, according to an examination from The Markup.
In the publication, OCR warned service providers that utilizing pixel-tracking tools in client portals might make up a HIPAA offense. Entites covered by HIPAA can't utilize these tools if they'll be used to transfer client data without their understanding, and they're required to participate in business associate contracts with the suppliers of these innovations to make sure HIPAA compliance.
OCR stated this extends to protected health info gathered through mobile apps too.
"Providers, health insurance and HIPAA-regulated entities including innovation platforms need to follow the law. This suggests thinking about the risks to patients' health details when utilizing tracking innovations," stated OCR Director Melanie Fontes Rainer in a news release. "Our Publication answers concerns for those using tracking innovations, significantly how to safeguard the privacy and security of the health details they hold."
