The HIPAA Privacy, Security and Breach Notification Rules for Online Tracking Technologies


The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services recently issued a bulletin to highlight the obligations of Health Insurance Portability and Accountability Act of 1996 (HIPAA) on covered entities and business associates under the HIPAA Privacy, Security, and Breach Notification Rules when using online tracking technologies.  These online tracking technologies, like Google Analytics or Meta Pixel, collect and analyze information about how internet users are interacting with a regulated entity’s website or mobile application.

Some regulated entities regularly share electronic protected health information (ePHI) with online tracking technology vendors and some may be doing so in a manner that violates the HIPAA Rules.  The HIPAA Rules apply when the information that regulated entities collect through tracking technologies or disclose to tracking technology vendors includes ePHI.  Regulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of ePHI to tracking technology vendors or any other violations of the HIPAA Rules.

The bulletin addresses potential impermissible disclosures of ePHI by HIPAA regulated entities to online technology tracking vendors. The Bulletin explains what tracking technologies are, how they are used, and what steps regulated entities must take to protect ePHI when using tracking technologies to comply with the HIPAA Rules.  Specifically, the Bulletin provides insight and examples of:

  • Tracking on webpages
  • Tracking within mobile apps
  • HIPAA compliance obligations for regulated entities when using tracking technologies

“Providers, health plans, and HIPAA-regulated entities, including technology platforms, must follow the law.  This means considering the risks to patients’ health information when using tracking technologies,” said OCR Director Melanie Fontes Rainer. “Our Bulletin answers questions for those using tracking technologies, importantly how to protect the privacy and security of the health information they hold.”

READ:  The Biden-Harris Administration Proposes New Rules to Expand Access to Birth Control Coverage

Read the Bulletin here:

For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News.

Thanks for visiting! Looking for some Chester County pride? We got you covered! Shop our MyChesCo store and show your love for Chester County, Pennsylvania. We got shirts, hats, and more – all with a unique ChesCo flair. Plus, proceeds from each purchase helps support our mission of bringing reliable information and resources to the people of Chester County.