On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) published a bulletin warning that commonly used website technologies, including cookies, pixels, and session replay, may result in the impermissible disclosure of Protected Health Information (“PHI”) to third parties in violation of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The bulletin advises that “[r]egulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of Protected Health Information (“PHI”) to tracking technology vendors or any other violations of the HIPAA Rules.” The bulletin is issued amidst a wider national and international privacy landscape that is increasingly focused on regulating the collection and use of personal information through web-based technologies and software that may not be readily apparent to the user.
Blog Editors
Recent Updates
- U.S. Supreme Court to Weigh Induced Infringement Case Regarding ‘Generic Version of Vascepa®’
- Closer Look at H.R. 7291: What the “GRAS Oversight and Transparency Act” Could Mean for Dietary Supplements
- Diagnostic Imaging Interoperability Request for Information Shines a Spotlight on the Lack of Patient-Centered Longitudinal Health Records
- DOJ Deputy Assistant Attorney General Addresses FCA Enforcement Priorities and Reinforces Commitment to Robust Enforcement
- Interested in Opening a Medical Spa? (Part III): Here’s (More) That You Need to Know