FTC and HHS Warn Healthcare Providers about Risk of Tracking Technologies

July 21, 2023 in FTC, HIPAA, Health and Biotech

In a joint letter sent to 130 hospital systems and telehealth providers, the Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services (HHS) warned health care providers, both those covered by HIPAA and those not, about their potential to violate the HIPAA Rules, FTC Act and FTC Health Breach Notification Rule (HBNR) when they use technology that tracks users’ activities on their websites and apps.

Give a Mouse a Cookie, Get a BAA: OCR Bulletin on Tracking Raises HIPAA Risks for HIPAA-Regulated Entities and Online Tracking Vendors

December 12, 2022 in HIPAA, Health and Biotech

By Mason Fitch

The U.S. Department of Health & Human Services Office for Civil Rights (OCR) issued a new bulletin last week that may have significant implications for online activities of Covered Entities and Business Associates. The bulletin, “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates,” explains how HIPAA’s reach extends to information collected on websites or mobile apps, including information collected from a user who visits a HIPAA-regulated entity’s website but has no further interaction with that entity. While HIPAA-regulated entities have long understood that their ‘internal tools’ (ex: EHR’s, practice management, and clinical support software) must comply with HIPAA, the new bulletin makes it clear that information that is routinely collected by vendors on public-facing websites, apps, and web-based assets may be PHI as well.

Abortion Care Privacy Protection & Gaps Amplified Following Roe Reversal

July 05, 2022 in HIPAA, Health and Biotech

By Mason Fitch

The Supreme Court’s reversal of Roe v. Wade amplifies attention to concerns around the privacy of abortion-related services, including the provision of healthcare, period tracking apps, and even payment methods and mobile location data. In a direct response to Roe’s reversal, the Department of Health and Human Services (HHS) released guidance underscoring the protections applicable to protected health information (PHI) relating to abortion and other reproductive care under the Health Insurance Portability & Accountability Act (HIPAA), which we outline below. HIPAA, however, is limited in scope and does not protect a vast swath of information relating to abortion care.

New HHS Guidance on HIPAA and Telehealth

June 17, 2022 in HIPAA, Health and Biotech

By Sheila Sokolowski

On Monday, June 14th the U.S. Department of Health and Human Services (HHS), issued guidance on how the HIPAA rules permit covered health plans to use remote communication technologies for audio-only telehealth.