The Federal Trade Commission (FTC) and the Department of Health and Human Services (HHS) jointly issued a warning to approximately 130 hospital systems and telehealth providers about the potential security risks associated with tracking technologies like Meta/Facebook Pixel and Google Analytics.
These technologies, commonly embedded in websites and mobile apps, collect users’ identifiable information in ways that are difficult for consumers to avoid, and many users are unaware that their health data is being shared with third parties through tracking. The agencies emphasize that when consumers visit hospital websites or seek telehealth services, their most sensitive health information should not be disclosed to advertisers or hidden third parties.
HHS had previously issued a bulletin late last year, warning health systems and telehealth providers about the risks of using such tracking technologies, as they could lead to violations of the Health Insurance Portability and Accountability Act (HIPAA).
The agencies remind that even companies not governed by HIPAA have a responsibility to safeguard personal health information from unauthorized disclosure, especially when a third party develops their website or mobile app.
The letter highlights recent FTC enforcement actions taken against BetterHelp, GoodRx, and Premom, underscoring the importance of monitoring the flow of health information to third parties to avoid potential violations of the FTC Act and the FTC’s Health Breach Notification Rule, as cautioned by the FTC’s Office of Technology. The warning aims to ensure that companies exercise extreme caution when using online tracking technologies in healthcare settings, as privacy and security concerns are paramount in protecting consumer data and maintaining trust in health services provided through websites and apps.