• Health Tech

HHS Warns That Pixel Trackers Installed On Hospital Websites May Be In Violation of HIPAA

January 09, 2023

The HHS’s Office for Civil Rights has recently issued a warning to healthcare entities regarding the use of pixel tracking technology in patient portals. In accordance with the OCR, this sort of utilization might be in breach of the federal law that protects the privacy and security of protected health information (PHI) , a requirement under Health Insurance Portability and Accountability Act (HIPAA). 

In a bulletin released on December 1st, the HHS stated that entities covered by HIPAA are prohibited from employing pixel trackers if they transmit PHI without obtaining patient consent or if they do not have a signed business associate agreement with the vendors providing the tracking technology. Violations of HIPAA can lead to penalties, including fines and, in rare cases, criminal prosecution.

This cautionary move from the OCR comes in response to recent scrutiny faced by several health systems and hospitals for their use of pixel tracking tools, particularly those offered by prominent technology companies such as Facebook and Google, on websites frequently accessed by patients.

Meta, the parent company of Facebook, is currently confronting multiple lawsuits that allege privacy law violations through the collection of patient information via its pixel tracker. These lawsuits claim that Meta’s tracker has gathered data concerning physicians, medical conditions, and appointments without proper consent.

Furthermore, patient-led lawsuits have been filed against various healthcare organizations, including: 

• The University of California San Francisco Medical Center
• Dignity Health (San Francisco)
• Northwestern Memorial Hospital (Chicago)
• University of Chicago Medical Center
• UPMC (Pittsburgh)
• Duke Health (Durham NC)

In light of the OCR’s warning and the legal battles faced by certain healthcare entities, it is crucial for healthcare providers to review their practices regarding pixel tracking technology. By proactively assessing their patient portals and websites, healthcare organizations can ensure compliance with HIPAA and safeguard patient privacy, thereby mitigating the risk of potential violations and legal consequences.

Furthermore, striking a balance between harnessing technology for improved healthcare services and protecting patient privacy is critical. The continued attention around pixel tracking technology highlights the need for healthcare companies to remain cautious in their efforts to secure patient data and comply with regulatory frameworks such as HIPAA.