Explore the nuances of healthcare pixel tracking and privacy concerns, revealing the interplay between pixels, health data, and compliance. Betsy Hodge, Akerman’s partner, advocates vigilance in aligning tracking practices with evolving privacy laws. Pixels, covert digital tools, collate user data, triggering apprehensions regarding unauthorized health information disclosure. The Federal Trade Commission actively pursues non-HIPAA health apps and entities for privacy breaches. Healthcare systems face lawsuits due to alleged improper use of tracking technologies. Organizations must educate and evaluate data practices, emphasizing compliance with HIPAA, the FTC Act, and state laws to mitigate health data exposure via tracking technologies.
In the realm of healthcare, the utilization of pixels—unobtrusive online tracking tools—raises pivotal concerns about data privacy and compliance. Betsy Hodge, a distinguished partner at Akerman, sheds light on the intricate landscape where pixels intersect with healthcare policies. The American Hospital Association’s recent lawsuit and settlements like Advocate Aurora Health’s illuminate the ramifications of pixel-related data breaches. Pixels, embedded in websites and apps, surreptitiously gather diverse user information, posing significant challenges regarding health data confidentiality. This discussion navigates the multifaceted concerns, regulatory interventions, and repercussions faced by healthcare entities using tracking technologies.
Some healthcare institutions resort to custom-built tracking technologies to sidestep third-party exposure of confidential information, yet it’s imperative for all to ascertain if their methods align with prevailing privacy laws, emphasizes Betsy Hodge, a partner at Akerman.
Digital tracking tools like pixels have taken center stage in the discourse on healthcare policy.
Recently, the American Hospital Association and allied groups in Texas filed a lawsuit against the U.S. Health and Human Services Office for Civil Rights, contesting the enforcement of a December 2022 guideline limiting the use of pixels on websites and mobile apps by HIPAA-covered entities and business associates.
In a settlement last September, Advocate Aurora Health agreed to pay over $12.2 million concerning a pixel-related data breach. Several similar class-action lawsuits against healthcare systems and suppliers are currently pending.
Betsy Hodge, a partner in Akerman’s healthcare practice, counsels clients on averting healthcare information breaches and ensuring compliance with pertinent federal and state privacy laws. In a discussion with Healthcare IT News, she delved into the privacy and security concerns raised by pixels and outlined methods for healthcare organizations to implement tracking tools ethically and securely.
Q. What are pixels, and what do they entail?
A. Pixels function as online tracking tools ingrained in websites, mobile apps, and emails, appearing as small, transparent images with code snippets that relay data to a server hosting tracking software. They capture various data points like IP addresses, browser types, operating systems, and screen resolutions, often utilized for targeted advertising. Typically operating discreetly in the background, they’re not immediately noticeable to users.
Q. How do pixels differ from cookies?
A. Pixel trackers and cookies often collaborate, both forwarding user-related information to tracking technology companies. Pixels reside on websites, while cookies get stored on users’ devices. Unlike cookies, which can be disabled by users, disabling pixels is more challenging.
Q. What are the specific concerns surrounding pixels and health data?
A. A plethora of health data, beyond the purview of HIPAA-regulated entities, exists—especially with health app developers. The Federal Trade Commission has intervened to regulate these non-HIPAA health apps due to the sensitive nature of healthcare information, which can divulge extensive personal details.
Certain health information categories, historically deemed highly sensitive, encompass mental health, substance use disorders, sexually transmitted diseases, and, following the Dobbs decision, reproductive health. Healthcare providers exercise increased caution in handling such data.
The apprehension stems from health information acquired by pixels and potentially shared with third-party tracking companies, constituting a potential unauthorized disclosure. The primary concern revolves around how these companies utilize health data—whether they can identify individuals and if individuals are aware of such disclosures. Unauthorized disclosures can have severe ramifications.
Q. What repercussions have arisen from these concerns?
A. The Federal Trade Commission has been actively addressing health companies not subject to HIPAA, entering consent orders or settlements over their improper health information disclosures via tracking technology. Instances involving BetterHelp and GoodRx serve as examples.
Furthermore, healthcare systems are facing class-action lawsuits alleging improper use of tracking technologies and unauthorized data sharing with tracking technology companies.
Q. How should healthcare organizations and patients safeguard themselves?
A. Organizations must initially confirm whether and how they employ tracking technologies. Often, departments like marketing utilize these technologies for legitimate purposes like analyzing webpage efficacy or advertising returns, inadvertently overlooking health information privacy concerns. Therefore, it’s crucial to comprehend technology usage.
Educating employees, especially the team responsible for implementing tracking technologies, about HIPAA, the FTC Act, and pertinent state laws regarding health information sharing is essential. Additionally, understanding the data collected by these technologies and its recipients is crucial.
Some healthcare entities develop their tracking technologies, eliminating concerns of unauthorized disclosure. However, not all organizations possess this capability.
It’s imperative for organizations to evaluate consents or authorizations obtained from individuals if health information is shared with third-party tracking technology vendors. Ensuring compliance with HIPAA, the FTC Act, the FTC Health Breach Notification Rule, or state laws and potentially adjusting tracking technology use to minimize health information sharing with third parties becomes crucial.
The landscape of healthcare pixel tracking underscores the critical need for vigilance and compliance amid evolving privacy laws. Betsy Hodge’s insights from Akerman highlight the intricate nexus between pixels, health data, and regulatory challenges. The FTC’s stringent actions against privacy breaches in non-HIPAA health apps reflect the gravity of unauthorized data disclosures. Lawsuits targeting healthcare systems for improper tracking technology usage accentuate the urgency for robust safeguards. Organizations must proactively educate and align their practices with HIPAA, the FTC Act, and state laws to minimize inadvertent health data exposure through tracking technologies, ensuring patient confidentiality and regulatory adherence.
