Why HHS Regulators Are Heavily Scrutinizing Web Tracker UseSusan Rhodes of HHS OCR Discusses HIPAA Enforcement Agency's Top Priorities
The Department of Health and Human Services is heavily scrutinizing potential HIPAA violations involving online tracking tools in healthcare entity websites that impermissibly transmit sensitive protected health information to third parties, said Susan Rhodes of HHS' Office for Civil Rights.
"Web tracker technologies is a really hot area. We have open investigations involving web trackers ... across the country right now, and they are ongoing," she said.
HHS OCR issued guidance last December warning about online trackers. And in July, HHS OCR and the Federal Trade Commission jointly sent letters to 130 hospitals and telehealth providers warning of potential data privacy and security violations involving the use of online tracking technologies (see: Feds Warn Hospitals, Telehealth Firms About Web Tracker Use).
"We're continuing to investigate these matters to really make sure healthcare providers and the regulated community in general know that when they disclose information through their tracking technologies, they need to do so in compliance with HIPAA," she said.
"This is a very important area for us."
In this video interview with Information Security Media Group at ISMG's Healthcare Security Summit in New York City, Rhodes also discussed:
- Evolving trends in the types of PHI breaches being reported to the agency, including a rise in hacking incidents, which are up 239%, and ransomware attacks, which have climbed nearly 300% over the last five years;
- The status of the agency's various rule-making activities, including a proposed rule to enhance privacy protections over reproductive health data, for which HHS OCR recently received thousands of public comments;
- Other top regulatory and enforcement priorities.
In addition to leading strategic planning, Rhodes serves as a regional manager at HHS OCR. She has worked in civil rights and public service for over 25 years and has been with OCR since 2002 in various investigative, leadership and management positions.