OCR Guidance on Use of Tracking Technologies Warrants Review of Website Tech

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued guidance regarding covered entities’ and business associates’ use of tracking technologies (the Guidance). As discussed in greater detail below, the Guidance reveals OCR’s position that an IP address is not just an identifier but is itself individually identifiable health information (IIHI) when collected by tracking technology on a healthcare entity’s website. In light of the significant regulatory and class-action activity against covered entities and business associates regarding their use of this technology, this post provides our analysis of how the Guidance impacts how these entities use and assess their usage of tracking technologies. We also provide general recommendations for healthcare entities in light of the Guidance.

Background – Tracking Technologies

Organizations use various tools to make their websites functional, improve visitor experience and analyze website traffic. These tools are often grouped together and referred to as “tracking technologies” and include things like cookies, web beacons or pixel tags, heatmaps, session

Read more

Explore the site

More from the blog

Latest News