The ongoing debate over the use of online tracking tools by both HIPAA and non-HIPAA regulated health entities remains a critical issue, highlighted by concerns surrounding data privacy, regulations, and legal implications. Elizabeth Hodge, a partner at Akerman law firm, emphasized that health information represents one of the most sensitive types of personal data. Many individuals expect that when they share this information with healthcare providers or health-related businesses, it will be safeguarded against unauthorized sharing.
Recent judicial decisions, such as the Supreme Court’s Dobbs ruling that overturned Roe v. Wade, alongside state and federal developments regarding transgender healthcare, have intensified worries over the potential misuse of personal and health information by tracking tools. Hodge asserts that the prevailing atmosphere has heightened public anxiety surrounding the privacy of health data, particularly in light of possible civil or criminal repercussions for accessing certain types of healthcare.
To mitigate the risk of falling under scrutiny for allegedly unlawfully collecting and sharing personal health information, both HIPAA and non-HIPAA entities must adopt proactive measures. The issue has gained prominence with the settlement announcement from Flo Health, a fertility-tracking app that agreed to resolve a federal class action lawsuit. The litigation accused the California company of sharing sensitive user data with tech giants such as Google and Meta without obtaining user consent. As part of this settlement, Flo Health aims to address these serious privacy concerns.
In addition to the class action lawsuit, Flo Health has faced investigation by the Federal Trade Commission (FTC) based on similar allegations, underscoring the urgency for companies in the healthcare space to ensure rigorous data privacy practices. Hodge discusses these issues further in an audio interview with Information Security Media Group, where she outlines recent class action litigation involving web tracking and the possible enforcement directions from the FTC and the U.S. Department of Health and Human Services regarding health data.
Entities must remain vigilant in developing strategies that minimize the risk of regulatory scrutiny and potential civil litigation linked to their use of online trackers. This situation stands as a cautionary tale for businesses operating in the health sector, where the convergence of technology and sensitive health data presents both opportunities and significant vulnerabilities.
As a partner in Akerman’s healthcare and data privacy practices, Hodge specializes in navigating the compliance landscape that impacts healthcare providers, payers, and employer-sponsored health plans. Her leadership within the American Health Law Association’s Health and Information Technology Practice Group positions her uniquely at the intersection of law and health technology, emphasizing the ongoing need for enhanced data governance in a rapidly evolving digital environment.
In light of these developments, businesses must consider the tactics utilized by adversaries as framed by the MITRE ATT&CK Matrix. The potential for initial access via insecure tracking mechanisms and the persistence of unauthorized data sharing highlight the vulnerabilities within current health-related platforms. Organizations must enhance their cybersecurity protocols to safeguard sensitive data against emerging threats in this complex ecosystem.
