Why can’t a health systems website use pixel tracking tools for marketing?

Hospitals and health systems across the country have been accused of embedding pixel tracking technologies into their websites and patient portals for marketing purposes. JDSupra Reported March 27.

Six things to know about Pixel tracking and healthcare data protection:

1. These pixel technologies can send social media companies like SnapChat, Facebook, and Pinterest when people book an appointment, which may include IP addresses, physician names, and search terms used to find the physician. Patient information is sent to these companies to analyze the ads the health system places on social media platforms.
2. These pixel technologies have been installed on the websites of 33 of the largest US hospitals and health systems.
3. Several health systems have been sued for installing this technology on their websites, including Los Angeles-based Cedars-Sinai, Orlando Health, Raleigh, N.C.-based WakeMed and Chicago-based Northwestern Memorial Hospital.
4. The lawsuits allege that social media companies and health systems alike violated state and federal privacy laws, not HIPAA, as only the US can be sued under this law.
5. Some defenses that can be used in these cases include: users have signed consent forms allowing the organization to share information, if only IP addresses are shared, they fall outside the meaning of HIPAA, and federal policies allow organizations to subsidize Medicare and Medicaid participants. Access records online.
6. HHS issued a warning in December that “regulated entities are not permitted to use tracking technologies to track protected health information in a manner that violates HIPAA rules or other technology providers.”