FTC and OCR Caution Against Use of Online Tracking Technologies

The warning for hospitals and telehealth providers is that these technologies could pose privacy concerns.

By HFT Staff


The Federal Trade Commission and the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) are cautioning hospitals and telehealth providers about the privacy and security risks related to the use of online tracking technologies integrated into their websites or mobile apps that may be impermissibly disclosing consumers’ sensitive personal health data to third parties. 

“When consumers visit a hospital’s website or seek telehealth services, they should not have to worry that their most private and sensitive health information may be disclosed to advertisers and other unnamed, hidden third parties,” says Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “The FTC is again serving notice that companies need to exercise extreme caution when using online tracking technologies and that we will continue doing everything in our powers to protect consumers’ health information from potential misuse and exploitation.” 

“Although online tracking technologies can be used for beneficial purposes, patients and others should not have to sacrifice the privacy of their health information when using a hospital’s website,” says Melanie Fontes Rainer, OCR director. “OCR continues to be concerned about impermissible disclosures of health information to third parties and will use all of its resources to address this issue.” 

The two agencies sent the joint letter to approximately 130 hospital systems and telehealth providers to alert them about the risks and concerns about the use of technologies, such as the Meta/Facebook pixel and Google Analytics, that can track a user’s online activities. These tracking technologies gather identifiable information about users, usually without their knowledge and in ways that are hard for users to avoid, as users interact with a website or mobile app. 

In their letter, both agencies reiterated the risks posed by the unauthorized disclosure of an individual’s personal health information to third parties. For example, the disclosure of such information could reveal sensitive information including health conditions, diagnoses, medications, medical treatments, frequency of visits to health care professionals and where an individual seeks medical treatment. 

HHS highlighted these concerns in a bulletin it issued late last year that reminded entities covered by the Health Insurance Portability and Accountability Act (HIPAA) of their responsibilities to protect health data from unauthorized disclosure under the law. 

Companies not covered by HIPAA still have a responsibility to protect against the unauthorized disclosure of personal health information—even when a third party developed their website or mobile app. Through its recent enforcement actions against BetterHelp, GoodRx and Premom, as well as recent guidance from the FTC’s Office of Technology, the FTC has put companies on notice that they must monitor the flow of health information to third parties that use tracking technologies integrated into websites and apps. The unauthorized disclosure of such information may violate the FTC Act and could constitute a breach of security under the FTC’s Health Breach Notification Rule. 



July 25, 2023


Topic Area: Information Technology , Security


Recent Posts

Sinks, Drains and the Need for Infection Control

The acquisition of infections from sink drains might be more widespread in in-patients than previously thought.


WellSpan Health and Emerus Break Ground on Third Hospital

The new hospital will be in Newberry Township, Pennsylvania.


From Rocks to Sinkholes: Geological Challenges at Construction Site

Unique approaches were needed to construct Morristown-Hamblen West Facility.


When Should Healthcare Facilities Maintenance Their Doors?

Door manufacturers discuss when to maintain doors in healthcare facilities.


Geisinger Medical Center Expansion Project Announced

The $880 million project is slated to be complete and open in 2028.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.