Title: Privacy Warning Issued to Hospitals and Telehealth Providers Over Online Tracking Risks
In a joint effort to safeguard consumers’ privacy, the Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) have issued a warning to hospitals and telehealth providers. The focus of their concern lies in the potential privacy and security risks associated with online tracking technologies integrated into healthcare websites and mobile apps.
The agencies are highlighting the importance of protecting sensitive personal health data from unauthorized disclosure to advertisers and other unidentified third parties. Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, emphasized the significance of maintaining the privacy of consumers’ personal health data. He stressed that patients should not have to compromise their health information’s privacy when accessing hospital websites.
Melanie Fontes Rainer, OCR Director, echoed these sentiments, asserting that individuals’ privacy should not be relinquished when utilizing hospital websites. She expressed that patients and others should be able to trust that their health information remains secure within healthcare systems.
To address these concerns, around 130 hospital systems and telehealth providers were sent a joint letter by the FTC and OCR. This warning alerted them to the potential hazards associated with tracking technologies like the Meta/Facebook pixel and Google Analytics. These tracking technologies gather identifiable information about users, posing risks to their privacy.
Disclosing personal health information to third parties without authorization can reveal delicate details such as health conditions, diagnoses, medications, medical treatments, the frequency of healthcare visits, and the specific locations where an individual seeks medical help.
The FTC has a track record of taking enforcement actions against companies involved in unauthorized disclosures of health information. BetterHelp, GoodRx, and Premom are among the companies that have faced consequences for such breaches. These actions highlight the obligation for companies to oversee the flow of health information to third parties using tracking technologies on their websites and apps.
Unauthorized disclosures of health information are not only a violation of the FTC Act but also potentially qualify as a breach of security under the FTC’s Health Breach Notification Rule.
Ryan Mehm, representing the FTC’s Bureau of Consumer Protection, and Erika Wodinsky, from the FTC’s San Francisco regional office, are leading the primary efforts regarding this matter.
This warning serves as a reminder to hospitals and telehealth providers to prioritize the privacy and security of their patients’ health information. Consumers should feel confident that their confidential data remains protected, even as technology advances across the healthcare industry. Stakeholders in the healthcare sector must remain vigilant and take appropriate measures to prevent unauthorized disclosure and ensure patient trust endures.
