Despite widespread use by both government and private organizations, health systems and hospitals have recently been scrutinized for their use of online tracking technologies, particularly with respect to their appointment scheduling pages, patient portals and mobile applications.
Recent lawsuits assert, among other things, that online tracking technologies were installed on hospital scheduling pages and patient portals, resulting in the transmission of sensitive patient information to third-party vendors without patient consent in violation of applicable state privacy and consumer protection laws.
In a Law360 article, health care attorneys examine broad guidance issued by the U.S. Department of Health and Human Services Office for Civil Rights for HIPAA-covered entities and their business associates that utilize online tracking technologies on their webpages and applications.
The authors note that without direction from OCR regarding how to conduct a breach risk assessment for disclosures involving tracking technology, regulated entities likely will be faced with evaluating the factors within their knowledge and control. These factors include the sensitivity of the information disclosed, as well as steps taken to mitigate the disclosure.
The article was authored by health care partner and co-chair Deborah Gersh, health care partner Jennifer Romig and health care associate Jamie Darch, with a contribution from health care associate Ryan Gorman.
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find out more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.