Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Media
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Nonprofit Organizations
    • Real Estate
    • Sports & Stadiums
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Articles
    4. OCR and FTC again emphasize to healthcare organizations the risk of using tracking technologies

      Articles

    Article

    OCR and FTC again emphasize to healthcare organizations the risk of using tracking technologies

    July 27, 2023

    LinkedInX (Twitter)EmailCopy URL

    By Valerie Montague

    Joint OCR/FTC letter to healthcare organizations puts the industry on notice that transferring health data via tracking technologies may result in data breaches.

    On July 20, 2023, the US Department of Health and Human Services, Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) issued a joint letter warning hospitals and other organizations providing telehealth services of the privacy and security risks related to the use of tracking technologies.

    Pixels and other online tracking technologies can be embedded into websites, patient portals, or mobile apps to gather information on a user’s experience and interaction with the site, portal, or app. As part of that process, information may be transmitted to the tracking technology vendor, such as Google or Meta, who may use the information for their own purposes, or those of other customers, such as to provide interest-based advertising to the impacted consumer.

    The recent OCR/FTC letter, sent to approximately 130 health systems and telehealth providers, builds off of the bulletin that OCR issued in December 2022, which highlighted the HIPAA obligations for covered entities and business associates when using online tracking technologies. In both the bulletin and the letter, OCR emphasizes that HIPAA-regulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of protected health information (PHI) to tracking technology vendors.

    For entities that are not regulated by HIPAA, the FTC explains that disclosing health information to third parties via tracking technologies may be a violation of the FTC Act or a breach of security under the FTC’s Health Breach Notification Rule. The FTC’s Office of Technology posted a blog in March 2023, describing some of its enforcement actions involving the use of tracking pixels and the concerns that the FTC has regarding protecting the confidentiality of consumer data.

    Healthcare providers, health platforms, and other healthcare vendors should carefully analyze their use of tracking technologies on websites, portals, and mobile apps. Organizations should have a clear sense as to whether any data is transferred to the tracking technology vendor and, if so, what types of data. If identifiable patient or consumer data is being transferred, the organization should ensure that it has proper consumer disclosures and patient authorizations in place to permit the disclosure of that information.

    OCR Action

    Practices

    Cybersecurity & PrivacyHealth Information - Privacy, Security & Data Sharing

    Insights And Happenings

    • Article

      Lessons learned from OCR’s recent HIPAA enforcement

      Oct 5, 2023
    • Alert

      What's ahead for ERC claims?

      Sep 27, 2023
    • Article

      In its 45th Right of Access Initiative settlement, OCR reminds health plans of HIPAA compliance obligations

      Aug 25, 2023
    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Cookie Preferences
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Purchase Order Terms & Conditions
    • Nixon Peabody International LLC
    • PAL
    © 2025 Nixon Peabody. All rights reserved