Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates Bulletin Released
December 29, 2022
The office of Civil Rights (OCR) at Health and Human Services (HHS) issued a bulletin and resource: “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.” As a reminder and in summary, it is impermissible to use tracking technologies in a manner that would result in an impermissible disclosure of protected health information (PHI) to tracking technology vendors or any other violations of the HIPAA Rules.
This Bulletin provides a general overview of how the HIPAA rules apply to regulated entities’ use of tracking technologies, including:
- What is tracking technology?
- How do the HIPAA Rules apply to a covered entity’s ability to use tracking technologies?
- Tracking on user-authenticated webpages
- Tracking on unauthenticated webpages
- Tracking within mobile apps
- HIPAA compliance obligations for regulated entities when using tracking technologies