Fraud Management & Cybercrime , Governance & Risk Management , Privacy

Why HHS Regulators Are Heavily Scrutinizing Web Tracker Use

Susan Rhodes of HHS OCR Discusses HIPAA Enforcement Agency's Top Priorities
Susan Rhodes, acting deputy for strategic planning and regional manager, HHS OCR

The Department of Health and Human Services is heavily scrutinizing potential HIPAA violations involving online tracking tools in healthcare entity websites that impermissibly transmit sensitive protected health information to third parties, said Susan Rhodes of HHS' Office for Civil Rights.

See Also: OnDemand | Secure Your Vendor's Access from Attacks on Third-party Vulnerabilities

"Web tracker technologies is a really hot area. We have open investigations involving web trackers ... across the country right now, and they are ongoing," she said.

HHS OCR issued guidance last December warning about online trackers. And in July, HHS OCR and the Federal Trade Commission jointly sent letters to 130 hospitals and telehealth providers warning of potential data privacy and security violations involving the use of online tracking technologies (see: Feds Warn Hospitals, Telehealth Firms About Web Tracker Use).

"We're continuing to investigate these matters to really make sure healthcare providers and the regulated community in general know that when they disclose information through their tracking technologies, they need to do so in compliance with HIPAA," she said.

"This is a very important area for us."

In this video interview with Information Security Media Group at ISMG's Healthcare Security Summit in New York City, Rhodes also discussed:

  • Evolving trends in the types of PHI breaches being reported to the agency, including a rise in hacking incidents, which are up 239%, and ransomware attacks, which have climbed nearly 300% over the last five years;
  • The status of the agency's various rule-making activities, including a proposed rule to enhance privacy protections over reproductive health data, for which HHS OCR recently received thousands of public comments;
  • Other top regulatory and enforcement priorities.

In addition to leading strategic planning, Rhodes serves as a regional manager at HHS OCR. She has worked in civil rights and public service for over 25 years and has been with OCR since 2002 in various investigative, leadership and management positions.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.