The Federal Trade Commission (FTC) and Department of Health and Human Services sent letters to approximately 130 hospital systems and telehealth providers regarding potential patient privacy violations and security risks stemming from online tracking technologies.
The use of technology such as the Meta pixel code snippet or Google Analytics could “gather identifiable information about users, usually without their knowledge and in ways that are hard for users to avoid, as users interact with a website or mobile app,” said the agencies in a joint press release Thursday.
Unauthorized disclosure of an individual’s personal health information to third parties could violate the Health Insurance Portability and Accountability Act, while companies not covered by HIPAA still have a responsibility to protect against such disclosure under laws including the FTC Act and Health Breach Notification Rule, the agencies warned.
In their letter, the agencies said they are “closely watching” developments related to use of online tracking technologies.
“To the extent you are using the tracking technologies described in this letter on your website or app, we strongly encourage you to review the laws cited in this letter and take actions to protect the privacy and security of individuals’ health information,” the agencies wrote.