Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates Bulletin Released

The office of Civil Rights (OCR) at Health and Human Services (HHS) issued a bulletin and resource: “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.”  As a reminder and in summary, it is impermissible to use tracking technologies in a manner that would result in an impermissible disclosure of protected health information (PHI) to tracking technology vendors or any other violations of the HIPAA Rules.

This Bulletin provides a general overview of how the HIPAA rules apply to regulated entities’ use of tracking technologies, including:

• What is tracking technology?
• How do the HIPAA Rules apply to a covered entity’s ability to use tracking technologies?
• Tracking on user-authenticated webpages
• Tracking on unauthenticated webpages
• Tracking within mobile apps
• HIPAA compliance obligations for regulated entities when using tracking technologies