Lexology March 28, 2024
McCarter & English LLP

On March 18, 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services updated its bulletin on the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates. The bulletin emphasizes that regulated entities are not permitted to use tracking technologies for impermissible disclosures of protected health information (PHI) to tracking technology vendors or for any other violations of the HIPAA Rules.

The bulletin describes tracking technology as a script or code on a website or mobile app used to gather information about users or their actions as they interact with a website or mobile app. It identifies three places where entities may be using tracking technology: (1) user-authenticated pages (e.g., a...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Govt Agencies, HHS, HIPAA, Provider
Related Articles:
Addressing The HIPAA Blind Spot For Crisis Pregnancy Centers
6 Important Takeaways for HIPAA Covered Entities and Business Associates from 2024 NIST HHS OCR Conference
HHS settles 2 ransomware investigations as attacks rise
Safeguarding Health Information: Takeaways from HHS and NIST 2024 HIPAA Security Conference
White House OMB is reviewing proposed cybersecurity updates to HIPAA

Share This Article