HIPAA Compliance 2023: A Guide to Google, Meta, and Other Online Tracking Tools
// By James A. Gardner //
In December 2022, the Office of Civil Rights put the hammer down, shoring up HIPAA regulations to cover online tracking technologies that could compromise consumer privacy. Healthcare marketers must take a proactive role in responding.
Healthcare marketing is full of important acronyms, but HIPAA — the federal Health Insurance Portability and Accountability Act of 1996 — truly stands alone. Confusingly vague, often misunderstood, and yet backed by stiff penalties, overlooking the HIPAA rules for protecting personal health information is done at your peril.
Like me, you were probably surprised early last summer when The Markup and STAT+ assessed the websites of 100 prominent hospitals. On a third of them, they found user tracking technology from Meta — the parent company of Facebook — that was apparently capturing data about pages visited, searches conducted, appointment scheduling, and so forth. Seven of the health systems had installed Meta Pixel code in their patient portals, exposing Protected Health Information (PHI).
The combination of health information being shared non-consensually with a third party alongside uniquely identifiable information like an IP address alarmed many. It raised the possibility of, say, a sensitive search for a mental health condition or emerging cancer becoming known to Meta and its advertising algorithms.
“It is quite likely a HIPAA violation,” noted David Holtzman, a health privacy consultant who previously served as a senior adviser in the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR), which enforces HIPAA.
OCR then further upped the ante for healthcare marketers in December when it released important new guidance on all online tracking technologies.
Some form of tracking is essential for marketers. What is a reasonable response to the risks? Concern, not alarm, should be your tone when engaging your organization’s leadership. Read on to learn the six immediate actions you should take to get in front of this, and some possible alternatives to Google and Meta tracking tools.
This content is only available to members.
Please log in.
Not a member yet?
Start a free 7-day trial membership to get instant access.
Log in below to access this content: