HHS's Office for Civil Rights warned healthcare entities that using pixel tracking technology in patient portals may violate HIPAA.
The department issued a bulletin Dec. 1 that says entities covered by HIPAA can't use pixel trackers if they transmit protected health information without patient consent or if they don't have a signed business associate agreement with the technology tracking vendors.
Violations of HIPAA are punishable by fines and, in rare cases, by criminal prosecution.
The warning comes after several health systems and hospitals have come under scrutiny for using these pixel tracking tools offered by Facebook and Google in websites frequented by patients.
Facebook parent Meta currently faces multiple lawsuits alleging it has violated privacy laws by collecting patient information via its pixel tracker, including data on physicians, conditions and appointments.
University of California San Francisco Medical Center; San Francisco-based Dignity Health; Chicago-based Northwestern Memorial Hospital; University of Chicago Medical Center; Pittsburgh-based UPMC; and Durham, N.C.-based Duke Health are also currently facing patient-led lawsuits for allegedly sharing patient data via these trackers in their patient portals and websites.