The Escalating Concern Around Tracking Technologies
In the modern digital age, healthcare professionals and organizations face an evolving landscape of opportunities and challenges. Among the most discussed issues is the use of online tracking technologies in the healthcare sector. Notably, the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR), and Federal Trade Commission (FTC) have issued warnings about the potential privacy and security risks these technologies present.
Now that several in-depth US federal investigations have proven the realities of previously unthinkable, senators and federal agencies have stepped in to clarify the issues and issue clear warnings to clinicians and their organizations. This article will summarize these events and explain the federal government’s recent actions.
Unpacking the Function of Tracking Technologies
Tracking technologies are commonly used to collect and analyze how users interact with websites or mobile apps. This data aids healthcare providers in refining their services and enhancing user experience. However, the use of these technologies can also have unintended consequences. Particularly concerning is that some tracking technologies, often developed by third parties, may continue to gather and relay user PHI to these marketing websites even after users have left the original website.
Since January, Telehealth.org readers will have noted several articles devoted to the topic. See BetterHelp Investigation by FTC & Privacy Update by DOJ. An earlier Telehealth.org report described a research study naming 50 top telehealth platforms potentially using tracking technologies to share protected health information (PHI) with Google, Amazon, and Facebook for marketing purposes. See Some Telehealth Platforms Are Tracking Sensitive Patient Data: Are They Violating HIPAA? for details.
Upholding Privacy and Security Standards with Tracking Technologies
The OCR administrates and enforces the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. These rules set forth the minimum standards for safeguarding identifiable health information. Parallel to this, the FTC is tasked with protecting the public from deceptive or unfair business practices, emphasizing the criticality of preserving patient privacy in the era of tracking technologies.
Assessing the Influence of Tracking Technologies on Patient Privacy
Melanie Fontes Rainer, the OCR Director, has been outspoken about balancing the potential benefits of tracking technologies with preserving patient privacy. Her office is dedicated to enforcing HIPAA and tackling concerns over improper disclosures of health information to third parties.
Similarly, Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, insists that when patients visit a hospital’s website or use telehealth services, they should be able to trust in the privacy of their health information.
Regulatory Directives and Enforcement Regarding Tracking Technologies
The OCR and FTC jointly issued a letter to approximately 130 hospital systems and telehealth providers to underscore their concerns. Downloadable from the FTC website announcement, the letter highlighted the potential risks associated with specific technologies such as Meta/Facebook pixel and Google Analytics. These tracking technologies can trace a user’s online activities, often without explicit knowledge.
Sending their warning to hospital systems and providers is particularly noteworthy, given the research article reported by Telehealth.org on May 1, describing the study by
