Back to News
Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates Bulletin Released
December 29, 2022
The office of Civil Rights (OCR) at Health and Human Services (HHS) issued a bulletin and resource: “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.” As a reminder and in summary, it is impermissible to use tracking technologies in a manner that would result in an impermissible disclosure of protected health information (PHI) to tracking technology vendors or any other violations of the HIPAA Rules.
This Bulletin provides a general overview of how the HIPAA rules apply to regulated entities’ use of tracking technologies, including:
- What is tracking technology?
- How do the HIPAA Rules apply to a covered entity’s ability to use tracking technologies?
- Tracking on user-authenticated webpages
- Tracking on unauthenticated webpages
- Tracking within mobile apps
- HIPAA compliance obligations for regulated entities when using tracking technologies