Therapy Comply - HHS Office for Civil Rights Issues Bulletin on Requirements under HIPAA for Online Tracking Technologies to Protect the Privacy and Security of Health Information

Upcoming Webinars

OSHA Requirements for Therapy Practices and Facilities

29 May 2024 12:00 PM (CDT)
OSHA Requirements for Therapy Practices and Facilities

30 May 2024 12:00 PM (EDT)

Site Updates

Short Webinar - Medicare Assistants in 2024

6 May 2024 7:47 AM

Zachary Edgar
2024 Q2 NCCI Updates

18 Mar 2024 4:28 PM

Zachary Edgar
North Carolina Physical Therapy Compliance Guides

18 Mar 2024 3:57 PM

Zachary Edgar
Illinois Physical Therapy Compliance Guides

12 Mar 2024 12:00 PM

Zachary Edgar
Congress Reduces Medicare Rate Cut

9 Mar 2024 11:22 AM

Zachary Edgar

Disclaimer

The analysis of any legal or medical billing is dependent on numerous specific facts — including the factual situations present related to the patients, the practice, the professionals and the medical services and advice. Additionally, laws and regulations and insurance and payer policies are subject to change. The information that has been accurate previously can be particularly dependent on changes in time or circumstances. The information contained in this web site is intended as general information only. It is not intended to serve as medical, health, legal or financial advice or as a substitute for professional advice of a medical coding professional, healthcare consultant, physician or medical professional, legal counsel, accountant or financial advisor. If you have a question about a specific matter, you should contact a professional advisor directly. CPT copyright American Medical Association. All rights reserved. CPT is a registered trademark of the American Medical Association.

Home
HIPAA
HIPAA Blog
HHS Office for Civil Rights Issues Bulletin on Requirements under HIPAA for Online Tracking Technologies to Protect the Privacy and Security of Health Information

Back to list

HHS Office for Civil Rights Issues Bulletin on Requirements under HIPAA for Online Tracking Technologies to Protect the Privacy and Security of Health Information

1 Dec 2022 12:03 PM | Zachary Edgar (Administrator)

Today, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services issued a bulletin to highlight the obligations of Health Insurance Portability and Accountability Act of 1996 (HIPAA) on covered entities and business associates (“regulated entities”) under the HIPAA Privacy, Security, and Breach Notification Rules (“HIPAA Rules”) when using online tracking technologies. These online tracking technologies, like Google Analytics or Meta Pixel, collect and analyze information about how internet users are interacting with a regulated entity’s website or mobile application.

Some regulated entities regularly share electronic protected health information (ePHI) with online tracking technology vendors and some may be doing so in a manner that violates the HIPAA Rules. The HIPAA Rules apply when the information that regulated entities collect through tracking technologies or disclose to tracking technology vendors includes ePHI. Regulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of ePHI to tracking technology vendors or any other violations of the HIPAA Rules.

Today’s bulletin addresses potential impermissible disclosures of ePHI by HIPAA regulated entities to online technology tracking vendors. The Bulletin explains what tracking technologies are, how they are used, and what steps regulated entities must take to protect ePHI when using tracking technologies to comply with the HIPAA Rules. Specifically, the Bulletin provides insight and examples of:

Tracking on webpages
Tracking within mobile apps
HIPAA compliance obligations for regulated entities when using tracking technologies

“Providers, health plans, and HIPAA-regulated entities, including technology platforms, must follow the law. This means considering the risks to patients’ health information when using tracking technologies,” said OCR Director Melanie Fontes Rainer. “Our Bulletin answers questions for those using tracking technologies, importantly how to protect the privacy and security of the health information they hold.”

Read the Bulletin here: https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/hipaa-online-tracking/index.html

Reference

HIPAA News Releases & Bulletins

Therapy Comply does not claim copyright over US Federal and State materials

About Us

Therapy Comply is a healthcare compliance firm that seeks to bring high quality web-based compliance guidance and one-on-one consulting services to small and medium size physical, occupational, and speech therapy practices.

Learn More

Join Us

Join today as either a monthly or a yearly member and enjoy full access to the site and a significant discount to our live and recorded webinars. Members also have access to compliance and billing support.

Join Today

Find Us