The FTC and HHS jointly warn 130 health providers against using tracking technologies like Meta/Facebook Pixel and Google Analytics in websites and apps. Concerns include security risks and the unauthorized disclosure of users’ health information to third parties. Even non-HIPAA-governed companies must protect health data. Recent enforcement actions are cited as reminders for compliance. Monitoring health information flow is advised to avoid potential violations of FTC regulations.
In a collaborative effort, the Federal Trade Commission (FTC) and the Department of Health and Human Services (HHS) have jointly issued a letter to approximately 130 hospital systems and telehealth providers, urging caution regarding the use of tracking technologies such as the Meta/Facebook Pixel and Google Analytics.
The agencies expressed concerns about the potential security risks associated with these technologies, which are commonly integrated into websites and mobile apps. They highlighted that these tracking tools often collect users’ identifiable information, and consumers may find it challenging to avoid such data collection. Of particular concern is the disclosure of health data to third parties, a process frequently unbeknownst to users.
Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, emphasized that consumers should not have to worry about their private health information being disclosed to advertisers and undisclosed third parties when visiting hospital websites or seeking telehealth services. He stressed that companies using online tracking technologies need to exercise extreme caution.
HHS had previously issued a bulletin last year warning health systems and telehealth providers about the risks associated with such tracking technologies, citing possible violations of the Health Insurance Portability and Accountability Act (HIPAA).
The agencies underscored that even entities not governed by HIPAA are still responsible for safeguarding personal health information from unauthorized disclosure, especially when a third party is involved in developing their website or mobile app.
The letter cited recent FTC enforcement actions against BetterHelp, GoodRx, and Premom, serving as a reminder to the recipients about the importance of compliance. Additionally, the FTC’s Office of Technology cautioned that companies must actively monitor the flow of health information to third parties to avoid potential violations of the FTC Act and the FTC’s Health Breach Notification Rule.