On March 18, 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) updated its guidance on the use of online tracking technology by covered entities regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their business associates (together, “regulated entities”). While the updated guidance from OCR seems intended to clarify, and even narrow, the circumstances under which regulated entities’ use of websites and mobile app tracking technologies constitutes a disclosure of Protected Health Information (PHI), it fails to provide clarity on the exact scope, rendering compliance challenging. We summarize the updates to the guidance below and analyze briefly how these updates may impact the use of tracking technologies on unauthenticated and authenticated webpages, and what companies may explore in terms of compliance.Continue Reading OCR at HHS Updates Guidance on Use of Online Tracking Technology by HIPAA-Regulated Entities
Haley Bavasi
OCR and FTC Issue Joint Letter to Healthcare Companies Warning About Online Tracking Technologies
On July 20, 2023, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) sent a joint letter to approximately 130 hospitals, telehealth providers, health app developers, and other healthcare industry companies warning of the “serious privacy and security risks” related to the use of online tracking technologies integrated into their websites and mobile apps. The FTC released a press release about the joint letter here and OCR released a press release about the joint letter here.Continue Reading OCR and FTC Issue Joint Letter to Healthcare Companies Warning About Online Tracking Technologies
FTC Announces Proposed Settlement with 1Health.io Genetic Testing Firm for Privacy and Security Violations
On June 16, 2023, the Federal Trade Commission (FTC) announced a proposed settlement agreement (in the form of a stipulated order) with genetic testing company Vitagene, Inc., now known as 1Health.io (1Health.io), for allegedly misrepresenting its security and privacy practices regarding its data storage, deletion, and usage. The FTC also alleged that the company unfairly changed material privacy policy disclosures without obtaining affirmative consumer consent.Continue Reading FTC Announces Proposed Settlement with 1Health.io Genetic Testing Firm for Privacy and Security Violations
FTC Announces Proposed Settlement with Premom Fertility Tracking App for Privacy Practices
On May 17, 2023, the Federal Trade Commission (FTC) announced a proposed settlement agreement (in the form of a stipulated order)1 with Easy Healthcare Corporation, which operates the Premom fertility tracking app (Premom). The…
Continue Reading FTC Announces Proposed Settlement with Premom Fertility Tracking App for Privacy PracticesFTC Announces Proposed Amendments to the Health Breach Notification Rule
On May 18, 2023, the Federal Trade Commission (FTC) announced a number of proposed amendments to the Health Breach Notification Rule (the Rule), the latest in a series of actions taken by the agency to…
Continue Reading FTC Announces Proposed Amendments to the Health Breach Notification RuleHHS Proposes Purpose Limitation on Disclosures of PHI Related to Reproductive Health
On April 12, 2023, the Biden administration announced a notice of proposed rulemaking (NPRM) from the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), the agency responsible for enforcing the Health…
Continue Reading HHS Proposes Purpose Limitation on Disclosures of PHI Related to Reproductive HealthWashington State Governor Signs Sweeping Health Privacy Act (My Health My Data Act) into Law
On April 27, 2023, Washington State Governor Jay Inslee signed a far-reaching health privacy law entitled the “My Health My Data Act” (the Act), which extends protections to consumer health data collected by…
Continue Reading Washington State Governor Signs Sweeping Health Privacy Act (My Health My Data Act) into Law