OCR Publishes Updated Guidance on the Use of Online Tracking Technologies

4/30/2024
On March 18. 2024, the U.S. Department of Health & Human Services, Office for Civil Rights (OCR) published updated guidance regarding the use of online tracking technologies by HIPAA covered entities and business associates. In short, “[r]egulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of PHI to tracking technology vendors or any other violations of the HIPAA Rules. For example, disclosures of PHI to tracking technology vendors for marketing purposes, without individuals’ HIPAA-compliant authorizations, would constitute impermissible disclosures” under HIPAA.
With the proliferation of tracking technologies and tracking technology vendors, and the OCR’s increasing attention to the use of such technologies and vendors in the health care sector, HIPAA covered entities and their business associates should take heed and examine how their websites and mobile apps are actually functioning and make appropriate changes to ensure HIPAA compliance.
Click Here to read the entire April 2024 Healthcare Law Update now!
For additional information or for assistance with your organization’s privacy and security program, contact:
Lani M. Dornfeld, CHPC | 973.403.3136 | ldornfeld@bracheichler.com