4 Tips for Maintaining HIPAA Compliance and Managing Online Tracking Risks

November 8, 2023

Digital marketing got a lot riskier when HHS rolled out its “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates” bulletin last December. What steps should you take to manage the risks?


Ben Dillon, CEO and co-founder, Geonetric

Change often feels like the only constant in the world of healthcare marketing. And oh, what a year of change! At the end of 2022, the Department of Health and Human Services (HHS) released new guidance about HIPAA, online tracking, and consumer privacy. Less than eight months later, HHS and the Federal Trade Commission (FTC) published a joint letter that included FTC actions against sites like Easy Healthcare, BetterHelp, GoodRx, and Flo Health. The letter indicates that HHS and the FTC are in lockstep in their views on how the guidance should apply to protect PHI.

Some might say that HHS and FTC have valid reasons for pushing healthcare organizations to take actions to protect the privacy and security of individuals’ health information. Earlier this year, we reported on the websites at 100 prominent hospitals that had user tracking technology from Meta (the parent company of Facebook). The tracking technologies allegedly captured data about pages visited, searches conducted, and appointment scheduling. Meta’s advertising algorithms were synced to consumers’ searches for specific health conditions or highly private concerns.

How Hospitals Are Responding to New Ad-Tracking Rules

Ben Dillon has spent the better part of the past eight months interviewing the compliance and legal teams at dozens of healthcare organizations. Dillon, co-owner and chief executive officer of Geonetric and a member of the eHST Editorial Advisory Board, set out to find out what these organizations are doing to ensure compliance. He identified a wide range of interpretations of the new ad-tracking rules.

Dillon untangled some of the mysteries that are puzzling today’s healthcare marketers in a recent eHST webinar, “HIPAA-Pocalypse Now: Understanding the New HHS Guidance, the Implications for Healthcare Digital Marketers, and How to Respond.”

Read the full article to learn how to assess your current situation, protect your patients’ privacy, and help your organization steer clear of HIPAA violations: Traffic Risks: Next Steps for Tracking Pixels and HIPAA Compliance

Best regards,
Matt Humphrey