March 23, 2023

Volume XIII, Number 82
Advertisement

57

New Articles
Bottom Row Image
Advertisement

March 23, 2023

Subscribe to Latest Legal News and Analysis

March 22, 2023

Subscribe to Latest Legal News and Analysis

March 21, 2023

Subscribe to Latest Legal News and Analysis

Article By

Sara Helene Shanti
Lourdes Martinez
Ryan Portugal
Anahita Anvari
Arushi Pandya

Sheppard, Mullin, Richter & Hampton LLP
Healthcare Law Blog

Related Practices & Jurisdictions
Advertisement

Web Tracking Creates a Web of Data Privacy Risks

Wednesday, February 8, 2023

Regulatory enforcement and large litigation relating to the use of third party trackers on companies’ websites and applications have been on the rise. Tracking often occurs without the companies’ knowledge or consent. Third party tracking on hospital and provider websites has specifically garnered notable media attention. Recently, there has been significant activity by the Federal Trade Commission (“FTC”) under the Health Breach Notification Rule for unauthorized sharing of personal information. It has begun to penalize and impose steep corrective actions, including long-impacting future restrictions, for such violations.

2021 study of the largest for-profit, nonprofit and governmental hospitals in the United States found that all hospitals used advertisement trackers, and 90% of the hospitals used third-party cookies. In many instances, these third-party trackers and cookies accessed and collected hospital user data. More concerning, such user data may include the user’s personal contact information, provider and insurance information, and diagnoses.

These third party trackers, deployed and used predominantly by technology companies or social media companies, pose a significant challenge for health care companies, and compliance issues associated with third party tracking are only just beginning. Notably, HHS’ Office of Civil Rights (“OCR”), recently released a guidance on the use of such trackers by HIPAA-regulated entities, like hospitals and health plans. A summary of OCR’s guidance may be found in our prior blog post, “OCR Releases Guidance on Use of Tracking Technologies,” here. Furthermore, the rise of social media has brought increased OCR scrutiny of providers’ and other covered entities’ online activities and communications on social media and other public platforms.

For an in-depth discussion of the legal and regulatory considerations around website technology and third-party tracking in healthcare please join us for a complimentary webinar on February 9th, from 2:00 to 3:00 pm ET. Click here to register.

Copyright © 2023, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XIII, Number 39
Advertisement
Advertisement
Advertisement

About this Author

Sara Helene Shanti Corporate Lawyer Sheppard Mullin Law Firm
Sara Helene Shanti
Partner

Sara Helene Shanti is a partner in the Corporate Practice Group in the firm's Chicago office.

Areas of Practice

Shanti represents healthcare providers and technology companies in matters related to data privacy, healthcare regulatory compliance and mergers and acquisitions. She counsels clients on various data privacy and healthcare technology matters, including artificial intelligence, data security incidents, mobile applications, and telemedicine. Shanti’s experience includes advising clients on transferring data across multinational borders, implementing...

[email protected]
312.499.6358
www.sheppardmullin.com
Lourdes Martinez
Lourdes Martinez New York Corporate Attorney Sheppard Mullin
Partner

Lourdes M. Martinez is a Partner in the Corporate Practice Group in Sheppard Mullin's New York office.

Lourdes' practice includes defending clients in criminal, civil and regulatory government actions; assisting clients in implementing both fraud and abuse and HIPAA compliance programs; and advising clients on a wide array of compliance, regulatory and business matters.

She has defended clients in federal False Claims Act cases, quality of care cases, physician licensing matters and federal, state and other third-party...

[email protected]
212-653-8193
www.sheppardmullin.com/
Ryan Portugal
Ryan Portugal D.C. Corporate Attorney Sheppard Mullin
Associate

Ryan Portugal is an associate in the Corporate Practice Group in the Sheppard Mullins' Washington, D.C. office.

[email protected]
202-747-3224
www.sheppardmullin.com/
Anahita Anvari
Anahita Anvari Corporate Attorney Sheppard Mullin Law Firm
Associate

Anahita (Ana) Anvari is an associate in the Corporate Practice Group in the firm's Century City office and is a member of the firm’s healthcare practice team.

Areas of Practice

Ana represents clients in the health care industry through business and transactional matters, including mergers & acquisitions and corporate governance. She advises clients on regulatory compliance under federal and state law, including licensure and fraud and abuse compliance. She also guides clients through health privacy issues, including HIPAA.

[email protected]
310.228.2292
sheppardmullin.com
Arushi Pandya
Arushi Pandya D.C. Healthcare Attorney Sheppard Mullin
Associate

Arushi Pandya is an associate in the Corporate Practice Group in Sheppard Mullins' Washington, D.C. office. She advises healthcare clients on regulatory and transactional matters.

Prior to joining Sheppard Mullin, Arushi was an associate at a large Texas firm. While at Texas Law, she served as Managing Editor of the Journal of Law and Technology, Pro Bono Scholar, Dean’s Fellow, Community Engagement Director of the Women’s Law Caucus, and a health law research assistant. She also interned at St. Jude Children’s Hospital, the American...

[email protected]
202-747-3228
www.sheppardmullin.com/