On July 20, 2023, the U.S. Department of Health and Human Being Solutions (HHS), Workplace for Civil Liberty (OCR) and the Federal Trade Commission (FTC) sent out a joint letter to roughly 130 medical facilities, telehealth suppliers, health app designers, and other health care market business cautioning of the “major personal privacy and security threats” connected to using online tracking innovations incorporated into their sites and mobile apps. The FTC launched a news release about the joint letter here and OCR launched a news release about the joint letter here
In the letter, the FTC and OCR repeated their issue that business that utilize these online tracking innovations tools might collect individual health info– such as health conditions, medical diagnoses, and medications– from users without their approval. The companies highlighted that business that utilize these online tracking innovations might be making unapproved disclosures of people’ individual health info to 3rd parties in infraction of the Medical insurance Mobility and Responsibility Act of 1996 (HIPAA) or the Health Breach Notice Guideline (HBNR).
The letter follows OCR’s December 2022 Publication that possibly broadened the kinds of sites and applications governed by HIPAA. The FTC likewise advised business not covered by HIPAA of their duty to safeguard versus the unapproved disclosure of individual health info, highlighting its current enforcement actions versus GoodRx and BetterHelp
The letter acts as yet another indicator that OCR and FTC strategy to be more aggressive in imposing offenses of HIPAA, the HBNR, and other laws and guidelines that they declare are happening through health-related sites’ and mobile apps’ usage of online tracking innovations. Integrated with the current assault of class action suits submitted versus healthcare facility systems utilizing online tracking innovations, health care business and health-related sites and mobile apps ought to carefully monitor their practices connected to their collection, usage, and disclosure of customers’ individual health info by means of tracking innovations. 1
Wilson Sonsini Goodrich & & Rosati consistently assists business browse intricate personal privacy and information security concerns. For additional information or recommendations worrying personal privacy compliance, please contact Haley Bavasi, Tracy Shapiro, Hale Melnick, Stacy Okoro, or any member of the company’s personal privacy and cybersecurity practice.
[1] Extra info from the FTC about the threats connecting to online tracking innovations can be discovered at this article More info about the FTC’s basic issues around health info can be discovered at this article