Mon. Feb 6th, 2023

HIPAA-regulated entities are not permitted to use online tracking technologies in a manner that would result in impermissible disclosures of protected health information to tracking technology vendors or any other violation of the HIPAA rules, the Department of Health and Human Services’ Office for Civil Rights reminded covered entities and business associates in a bulletin yesterday.
“Providers, health plans, and HIPAA-regulated entities, including technology platforms, must follow the law,” said OCR Director Melanie Fontes Rainer. “This means considering the risks to patients’ health information when using tracking technologies. Our Bulletin answers questions for those using tracking technologies, importantly how to protect the privacy and security of the health information they hold.”

Source link