Hospitals and health systems across the country are facing lawsuits alleging that they have put pixel tracking technologies onto their websites and patient portals for marketing purposes, and they could be violating patient privacy laws by doing so, JDSupra reported March 27.
Six things to know about pixel tracking and healthcare data protection:
- These pixel technologies can send social media companies such as SnapChat, Facebook and Pinterest patients' data when people schedule appointments, which could include IP addresses, physicians' names and search terms used to find the physician. The patient data is sent to these companies in exchange for analytics about the ads that the health system places on the social media platforms.
- These pixel technologies were installed on 33 of the largest U.S. hospitals and health systems websites.
- There are several health systems facing lawsuits for allegelying installing this technology onto their websites including Los Angeles-based Cedars-Sinai, Orlando Health, Raleigh, N.C.-based WakeMed and Chicago-based Northwestern Memorial Hospital, to name a few.
- The lawsuits are all similarly alleging that the social media companies and the health systems have violated state and federal privacy laws, not HIPAA as only the U.S. can sue under that statute.
- Some defenses that can be used in these cases include: users have signed consent forms allowing the organization to share information, if only IP addresses are shared, they fall outside the definition of HIPAA, and federal policies allow organizations to incentivize Medicare and Medicaid participants to access records online.
- The HHS issued a warning in December stating "regulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of protected health information to tracking technology vendors or any other violations of the HIPAA Rules."