LOGIN Request a call


DHHS Office for Civil Rights Issued Updated Guidance on the Use of Online Tracking Technologies

08 May

Update Applicable to:Effective date
All covered employers under the HIPAASee Details Below

What happened?

On March 18, 2024, OCR updated this guidance to increase clarity for regulated entities and the public.

What are the details?

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a bulletin outlining the responsibilities of covered entities (“regulated entities”) under the Health Insurance Portability and Accountability Act (HIPAA) regarding the use of online tracking technologies (“Tracking Technologies”) under the HIPAA Privacy, Security, and Breach Notification Rules (“HIPAA Rules”). Noncompliance could lead to penalties.

In December 2022, the OCR provided initial guidance to address the risk of regulated entities disclosing protected health information (PHI) to vendors of tracking technologies. The OCR later updated this guidance to clarify when the information collected by technology vendors might be considered PHI. This update also aimed to provide more flexibility to regulated entities in their interactions with these vendors.

This update was prompted by a lawsuit filed against the OCR by a group of hospitals and healthcare groups. The plaintiffs argued that the rule was improperly issued and that it misinterpreted the requirements of the privacy rule. Despite the update to the guidance, there are still some questions that remain unanswered.

Tracking technologies collect user data on websites or apps of HIPAA-regulated entities. The HIPAA Rules apply when protected health information (PHI) is involved, which means that regulated entities are not permitted to use tracking technologies in a manner that would result in unauthorized disclosures of PHI to tracking technology vendors or any other violations of the HIPAA Rules.

The OCR’s guidance differentiates between user-authenticated and unauthenticated web pages and treats mobile applications similarly to user-authenticated pages.
Further updates from the OCR are uncertain, pending ongoing litigation.

Business Considerations

  • Update your policies and practices regarding data security, privacy, and cybersecurity to comply with the established rules.
  • Even though there is uncertainty because of the ongoing litigation, employers should take proactive steps to ensure the safety of the information.

Source References


Schedule a Call

Learn more about VensureHR and how we can make an impact on your business.

Contact VensureHR

This communication is intended solely for the purpose of conveying information. The present post might incorporate hyperlinks directing readers to websites managed by third-party entities. The inclusion of any links within this communication is meant to serve as points of reference and could encompass opinion articles from various law firms, articles from HR associations, official websites, news releases, and documents of government agencies, and other relevant third-party sources. Vensure has no authority over these external websites and bears no responsibility for their content. Furthermore, Vensure does not endorse the materials present on these websites. The contents of this communication should not be interpreted as legal advice or as a legal standpoint concerning specific facts or scenarios. Nor should it be deemed an exhaustive compilation of facts potentially pertinent to federal, state, or local laws. It is strongly advised that employers solicit legal guidance from an employment attorney when undertaking actions in response to any legal updates provided. This is due to the possibility of future alterations occurring in federal, state, and local laws, regulations, as well as the directives and guidelines issued by governing agencies. These changes may transpire at any given time, potentially rendering certain portions of the content within this update void or inaccurate.

Keep Your Business Compliant

Fill out the form below to receive monthly Employment Law Updates right in your inbox.

Keep Your Business Compliant

Fill out the form below to receive monthly Employment Law Updates right in your inbox.


You're all set.

Thanks for subscribing. Be on the look out for the Legal HR updates in your email.

Celebrating PEOs!

VensureHR joins the nationwide celebration, reflecting on an industry of excellence in providing payroll, employee benefits, compliance assistance, and HR services to thousands of SMBs across North America.

Tracking Convertion image