Lexology March 28, 2024
McCarter & English LLP

On March 18, 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services updated its bulletin on the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates. The bulletin emphasizes that regulated entities are not permitted to use tracking technologies for impermissible disclosures of protected health information (PHI) to tracking technology vendors or for any other violations of the HIPAA Rules.

The bulletin describes tracking technology as a script or code on a website or mobile app used to gather information about users or their actions as they interact with a website or mobile app. It identifies three places where entities may be using tracking technology: (1) user-authenticated pages (e.g., a...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Govt Agencies, HHS, HIPAA, Provider
Related Articles:
HIPAA Security Rule: Big Changes May Be Coming for Covered Entities & Business Associates
Perceived industry compliance failures prompt stringent proposed HIPAA Security Rule
Proposed Changes to the HIPAA Security Rule Will Have a Significant Impact on the Health Care Sector
HHS’ Proposed HIPAA Changes Are a Step in the Right Direction, But Some Providers May Struggle to Comply
Proposed Changes to HIPAA Security Rule

Share This Article