It’s no secret that the use of Meta Pixels and other online tracking opens organizations up to legal risk, especially in the health care industry. Despite ongoing litigation against the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), OCR did not significantly modify its online tracking guidance, and there is no immediate regulatory relief in sight for the health care industry.

In the latest Coppersmith Brief, Kristen Rosati and Erin Dunlap outline the significant regulatory, litigation and financial risks faced by health care entities when using online tracking. They also explain three modifications to OCR’s guidance, regarding whether IP addresses are PHI, the use of Customer Data Platforms, and the need to consider online tracking in the security risk analysis and risk management process. Kristen and Erin also set out recommendations for organizations navigating through an online tracking assessment, from determining reporting obligations to communicating with cyber liability insurers.

Read the full Coppersmith Brief for more insights and check out our library for more concise summaries of legal developments most critical to your business.