The Federal Trade Commission and the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) on Thursday sent a joint letter to nearly 130 hospitals and health-app developers, warning them about the privacy and security risks of online tracking technologies.
The agencies wrote in the letter that technologies used for tracking users’ online activity, such as Meta Pixel and Google Analytics, collect personally identifiable information from users as they engage with a website or a mobile app, ‘often in ways which are not avoidable by and largely unknown to users.’
‘’Impermissible disclosures of an individual’s personal health information to third parties may result in a wide range of harms to an individual or others. Such disclosures can reveal sensitive information including health conditions, diagnoses, medications, medical treatments, frequency of visits to health care professionals, where an individual seeks medical treatment, and more,‘’ the agencies wrote.
‘’In addition, impermissible disclosures of personal health information may result in identity theft, financial loss, discrimination, stigma, mental anguish, or other serious negative consequences to the reputation, health, or physical safety of the individual or to others,’’ they added.
Furthermore, the letter highlighted that disclosing such information may result in violations of the Health Insurance Portability and Accountability Act, as well as the FTC Act.
‘’To the extent you are using the tracking technologies described in this letter on your website or app, we strongly encourage you to review the laws cited in this letter and take actions to protect the privacy and security of individuals’ health information,’’ the agencies said.