Why Entities Should Review Their Online Tracker Use ASAP

Nick Heesters of HHS OCR on the Agency's Top Areas of HIPAA Scrutiny Marianne Kolbasuk McGee (HealthInfoSec) • September 19, 2023 12 Minutes

Any healthcare organization that embeds tracking technologies in its website should carefully review whether it is inadvertently violating HIPAA or other federal regulations, said Nick Heesters, senior adviser for cybersecurity at the Department of Health and Human Services' Office for Civil Rights.

Over the last few months and weeks, HHS OCR and the Federal Trade Commission have warned healthcare firms - whether covered by HIPAA or not - of potential privacy violations caused by web trackers that send sensitive health data to third parties such as social media and marketing firms.

Those warnings have included recent letters jointly sent by the agencies to more than 130 hospital systems and telehealth providers (see: Feds Publicly Name 130 Healthcare Firms Using Web Trackers ...